We are now living in an application economy. The global revenue from mobile app increased by over US$142 billion ($297.8 billion) from 2019 to US$400 billion in 2021. According to Statista, this figure is projected to reach an estimated US$613 billion by 2025. Meanwhile, the International Data Corp forecasts the number of developers driving this digital transformation to grow from 30 million to 45 million by 2025.
However, increasing security threats have created an acute demand for secure application development, especially from fintech, banking, financial services and insurance (BFSI) and cloud-native organisations. This has given rise to DevSecOps, which refers to the integration of security practices into a development and operations (DevOps) software development model. Its foundation is a culture where development and operations are enabled through process and tooling to take part in a shared responsibility for delivering secure software.
Developer cybersecurity firm Synk is one company that is helping more organisations adopt DevSecOps. The company, which is an acronym for “so now you know”, claims that this developer-first approach ensures businesses secure critical components of their applications from code to cloud, increasing developer productivity, revenue growth, customer satisfaction, cost savings and an overall improved security posture.
‘Shift left’ alone not enough
According to Shaun McLagan, Snyk’s vice-president for Asia Pacific and Japan (APJ), the DevOps industry cannot continue efficiently without ingraining security as part of the process of digitisation; and for cybersecurity to work well in the fast-paced DevOps world, developers themselves have to embrace the additional element of cybersecurity.
“Cybersecurity is supposed to be the bastion of the development process, to look after and ensure that nothing is going wrong. But 30 million developers [worldwide] are being told by their companies that developing their
applications and connections with customers is the most important thing for the company — because of this, four million people [working in cybersecurity globally] are having to look after 30 million,” he says.
See also: 80% of AI projects are projected to fail. Here's how it doesn't have to be this way
He also points out that although the concept of “shift left” — having security run earlier in the development process — is not new, it has failed in its implementation.
If you dump security processes and ways of thinking into the developer community, they’re not going to do it, that’s not the way they work. We believe ‘shift left’ is not enough, because it’s just taking old ways and moving it around.Shaun McLagan, vice-president for Asia Pacific and Japan, Snyk
See also: Responsible AI starts with transparency
Snyk was therefore founded to create tools that are “by developers and for developers” and feel “natural” for developers to use — which is not the case for all cybersecurity tools, McLagan notes. Snyk’s develop- er security platform automatically integrates with a developer’s workflow, purpose-built for security teams to collaborate with their development teams, and is now in demand across industries, far beyond
just big tech.
Although Snyk’s impressive list of customers includes industry leaders such as Google, Revolut and Salesforce, McLagan reveals that many of its current customers were not part of the “ringfenced” list of customers he had initially imagined when the company made its first foray into the APJ region.
“We thought our customers would be modern organisations like payment platforms, cloud native platforms and app-based companies, but in the last 12 to 18 months, that view of what an app-based company is has totally changed. Now everybody is an app-based company — it doesn’t matter if you’re in retail, manufacturing, banking, finance, even government; we all revolve around the product,” says McLagan.
He believes that this new product-centric mindset is driving a shift in organisations to do things more effectively, with speed and security being valued more than ever.
With Snyk “uniquely placed” to ensure that prospective customers’ products are delivered both quickly and securely, McLagan sees this as the explanation for Snyk’s “almost ubiquitous” presence in the region.
“We sell to the biggest companies, the smallest companies and every vertical in between. We recently sold to a plumbing company in Australia. I didn’t think that was a vertical or something that we were going to do, but they are trying to change their process from having customers physically visit their warehouse to going all online,” he shares. “It’s amazing where our customers are coming from.”
‘Meaningful’ partnership expansion
To stay ahead of the latest tech trends, click here for DigitalEdge Section
Demand for DevSecOps is surging in APJ, with the region home to some of Snyk’s largest customers and contributing 10% to 15% of the company’s global revenue. McLagan points out that the APJ team has grown from just three when he joined 18 months ago, to over 75 today.
Snyk’s APJ team is headquartered in Singapore, with a network of offices around the region. Its third office in Japan was opened recently, its teams in Australia and New Zealand are growing rapidly, while India is a 3Q2022 focus, with offices opening in Mumbai and Bangalore. “Snyk is excited to engage, enable and empower millions of developers in APJ,” says McLagan.
“We have been significantly invested locally, and have the ability to scale with our key partners. APJ is one of the fastest growing areas for Snyk globally and we aim to be the thought leader and market leader for modern DevSecOps,” he adds.
With a partner ecosystem at the forefront of its APJ strategy, Snyk is focusing on collaborating with cloud-centric companies and technology partners that work closely with developers and security teams.
Snyk’s channel partners in the region include ClassMethod and LAC in Japan, Datacom and Versent in Australia, Taiwan’s Nextlink, OSBC in Korea and PointStar in Singapore. The company says it will continue to seek out partners that share the same values and priorities and are committed to empowering developers in building secure code.
Pankaj Khushani, Snyk’s APJ partnerships and alliances leader, adds: “I am proud to see the key cloud and security partners joining hands with Snyk to provide security development tools in APJ. We only started to invest in building our partner network a couple of quarters ago, and it is an important milestone for our team in the region.”
He notes that while Snyk is committed to growing and investing in its partner ecosystem, and expects to make
more “key partnership announcements” in the coming quarters, the company is selective with its partners.
“There is no point having hundreds of partners. We would rather build the partnerships and the ecosystem with value-adding partners in a Snyk-centric, security-centric manner,” says Khushani.
With the arrival of hyperscalers in the last decade, he points out that the entire channel ecosystem is going through a transformation, with resellers moving into pure play cloud, infrastructure and application security. Cutting through this activity, he says that Snyk is looking for “fewer, quality partners”.
Khushani believes that working with cloud giants like Amazon Web Services (AWS) and Google Cloud, who understand cloud migration and digitisation better compared to legacy resellers, has helped Snyk grow at a “massive scale”.
“Our endeavour is to work with security partners who are on the cloud. We are working with application modernisation partners and we are also looking at the large global system integrators,” he says. “But again, we’ve been very careful because we want partners to invest in us.
“In the next year or two, there will be relatively fewer names we will be discussing, but they will be more meaningful names, and clearly, hyperscalers is what we are focusing on.”
