Achieving developer security adoption at Nylas with Snyk

Effective security programs promote collaboration between developers and security teams. Many organizations aim for a seamless developer experience that allows security teams to build guardrails directly into dev workflows, breaking down silos, and promoting collaboration between these departments. 

Nylas, a company that securely powers email, calendar, and contacts integrations, was looking for a way to drive developer security adoption and simplify the integration of AppSec tools into their workflows. 

Kirthana Selvam, Senior Security Engineer at Nylas, and Gordan Ovcaric, Senior Back-End Engineer at Nylas, participated in a Customer Spotlight webinar with Jim Armstrong, Sr. Director of Product Marketing at Snyk, to highlight some of the critical successes Nylas has had with driving developer adoption by implementing Snyk. 

Here’s a quick recap of some of the topics covered:

• Why you need a developer-first approach to application security

• Nylas improves productivity and inspires trust with Snyk

• Nylas harnesses the power of the Engineering Salon and Snyk Learn 

Why you need developer-first application security

Ensuring that developers are comfortable with AppSec tools is crucial for the success of any AppSec program. One of the challenges Nylas faced was driving developer adoption of their AppSec tools. Before Snyk, their AppSec solution wasn't developer-friendly, leading to reluctance among developers. 

Selvam emphasized that developers are "the ones coding all the things, and they know the systems better than we all do," making their input essential. This is why Nylas was inspired to reevaluate their AppSec program. 

Nylas now leverages Snyk to seamlessly integrate security into their developers' workflows, fostering a secure and efficient development process.

Bottom line: Developer adoption is fundamental to a robust AppSec program.

Nylas improves productivity and inspires trust with Snyk

Snyk improves security and developer team productivity through user experience, with result accuracy and 3.2x faster scan times. Engineering challenges and security concerns underscore the importance of prioritization in both areas. Given the sheer number of potential issues, engineers must choose which software bugs to address, and security professionals must select which vulnerabilities to focus on.

While boosting developer adoption was the main focus in testing and trialing, Selvam, Ovcaric, and Armstrong highlighted that, with the ease of developer adoption, there was also a corollary impact on reducing vulnerabilities and the time required for developers to address issues. This aligned well with Nylas's customer-centric approach and their need to guarantee the safety of sensitive customer data.

Nylas is a SaaS product, and part of the conversation underscored the significance of assuring customers, acknowledging the sensitivity of customer data, and the necessity for transparency and open reporting. Both participants emphasized the need for accurate measurements to understand a security tool's impact and efficacy and the importance of ensuring the security of the tool itself — as it plays a crucial role in scanning code and infrastructure. 

Bottom line: Security is crucial for customers and providers, particularly in SaaS offerings. Snyk enables organizations like Nylas to proactively manage their security and safeguard customer data, fostering trust and compliance with transparency and reporting.

Nylas harnesses the educational power of the Engineering Salon and Snyk Learn

Nylas uses a weekly session called the Engineering Salon to discuss security issues and topics they've encountered as a team. The aim is to ensure developer comfort with application security tools and to incorporate security training into their routine. Nylas also promotes security awareness and education through initiatives like Vuln Wars, a competition designed to gamify vulnerability management. 

Both Selvam and Ovcaric highlighted the significance of the Snyk Learn platform for developer security training. Snyk Learn is content-rich and interactive. Developers at Nylas have embraced the concise and interactive courses, which align with Nylas's goal of encouraging greater developer security adoption. Alongside this, Nylas has developed a security champions program. In fact, October is Security Awareness Month at Nylas, demonstrating the company's commitment to promoting security through continuous programming and education. 

Bottom Line: Continuous education empowers developers with the knowledge and skills to enhance security, resulting in a safer and more resilient digital landscape.

See for yourself

Snyk helps software-driven businesses develop fast and stay secure. With Snyk, you can continuously find and fix vulnerabilities in your code, dependencies, containers, and IaC, all from the tools and workflows developers already use — including AI coding assistants. Watch the Customer Spotlight webinar to hear firsthand how Nylas utilizes Snyk's security platform to grow a security champions program and drive developer adoption.