IBM developer advocate and the founder of Snyk talk about changing the way developers think about cybersecurity.
Developers should be on the front lines of cyber security. How do they do it? On a recent episode of TechRepublic’s Dynamic Developer, I spoke with Guy Podjarny, founder and president of Snyk, and Willie Tejada, GM of ISV and Build Partners and chief developer advocate for IBM about just that. Podjarny and Tejada shared their thoughts on the current cybersecurity threat landscape, why partnerships like the one between IBM and Snyk are crucial for combating cyberthreats and the critical role developers and open-source play.
Bill Detwiler: All Right. Well, let’s get right to it. And so we know how important cybersecurity is, and not just to companies, but to the U.S. as a nation. It’s been in the news a lot in the last several years, not like it always hasn’t been. As an old IT guy, we were talking about this 20, 30 years ago. So, let’s start by looking at kind of the landscape that we face today, the threat landscape that we face today, the importance of cybersecurity, and why the partnerships are so important in addressing those threats. So Willie, maybe I’ll start with you.
Willy Tejada: Bill, it’s timely given everything that we have actually going on, and I’m sure we’ll talk a little bit more about it. But just to give you an idea of size and scope, IBM’s security business probably sees 150 billion events that are candidates for some type of cyber-compromise. And that’s across about 17,500 organizations. The interesting part about where IBM is actually headed is, security and what we actually do in security is about protecting the surface area. What I mean by surface area, it’s everything from your mobile device to your desktop to everything actually in between. So, you think about that surface area. What we experienced when we went into the pandemic was that the surface area got a bit broader, given everybody working remotely. Then when you couple that with something like IBM’s core strategy, which is a hybrid cloud approach, which means that our enterprises work with not just IBM’s software and cloud, but also work with AWS’s cloud, work with the Azure’s cloud, the surface area actually gets to be quite broad from that standpoint.
Willy Tejada: Bill, it’s timely given everything that we have actually going on, and I’m sure we’ll talk a little bit more about it. But just to give you an idea of size and scope, IBM’s security business probably sees 150 billion events that are candidates for some type of cyber-compromise. And that’s across about 17,500 organizations. The interesting part about where IBM is actually headed is, security and what we actually do in security is about protecting the surface area. What I mean by surface area, it’s everything from your mobile device to your desktop to everything actually in between. So, you think about that surface area. What we experienced when we went into the pandemic was that the surface area got a bit broader, given everybody working remotely. Then when you couple that with something like IBM’s core strategy, which is a hybrid cloud approach, which means that our enterprises work with not just IBM’s software and cloud, but also work with AWS’s cloud, work with the Azure’s cloud, the surface area actually gets to be quite broad from that standpoint.
But it’s probably as important, and one of the reasons why we’ve been collaborating with Snyk is that we’re also in this new era of just the software supply chain and how things get built and utilizing open source as a key element in what we’re actually building. And so, I think it requires a developer first mentality, because right there, you’re actually working with a new way to develop software in this open era. And Snyk’s a very unique approach going after that. So, while the cyber landscape has been evolving just in terms of protecting the surface area, one of the things that we can actually do to combat that is to go right when software’s developed. I think Guy has some pretty strong opinions in relation to that, but he’s built a company that’s focused in that particular area. You might just ask Guy to actually comment a little bit about that particular area, because I think it’s one that’s evolving to be of utmost importance relative to enterprises we work with.
Guy Podjarny: I think Willie teed it up great in the sense that cyber is expanding. The attack surface is changing. And I think with that, what’s happening is that on one hand, you have sort of all the businesses and everything around what we do becoming increasingly digital. And that means that it is controlled and decided upon by applications. And that logic, those decisions are really defined by the developers building those applications. Those are the apps that move around kind of a lot of those kinds of digital aspects of our lives, which is increasingly a lot of them, and digital aspects of our businesses. And on the other end, what’s happening is that the rate of change is accelerating. So, not only has it changed, it’s continuing to change, and it’s changing at an accelerated pace.
And that’s sort of a core paradigm that’s happening right now in terms of business innovation. And generally, it’s a good thing. You talk about software supply chain and around just sort of this reuse of open source technology and other components. That’s not a bad thing. It’s a great thing. It kind of helps move innovation faster. You don’t have to reinvent the wheel. You get to sort of build these amazing things. But it means that the way we do security needs to adapt. It needs to catch up to this faster pace, and just how much of it originates in these kinds of developer land kind of setups. Really how many of these decisions are made in that developer environment in which the code gets written.
So really, fundamentally, for organizations that have accepted this need, I’d say they need to think in these two swim lanes, on one hand, find their shining stars, find their role models and invest in them and help them really kind of get great at it and celebrate that success. And then the second is, ensure everybody, work with everybody to get to level one, to just embrace that and build that up.
Bill Detwiler: I’d love to get a follow up from you on that one, Guy, and then you, Willie, which is how do you make that transition within an organization that doesn’t necessarily, as you both said, have a history of building security into the apps from the very beginning. So, it is a little bit of a reeducation. It’s a little bit of explaining why it’s important. It’s a little bit of explaining, giving people the tools, developers, the tools to actually build secure apps, because for decades, it was, “Oh, we’ll just put this us out. We want it to work quickly. We want it to work well. We want it to look good, provide a good customer experience. And then we’ll let the network admins, we’ll let the security professionals, we’ll let other folks worry about securing the app.”
Click here to view original web page at www.techrepublic.com
