SnykWeek New York: In the cloud
10. Oktober 2022
0 Min. LesezeitParties with Patch continued through September as we hosted SnykWeek: New York at the Public hotel on the Lower East Side. Our New York event kept up the theme of discussing all things developer security, this time with a focus on cloud security practices.
Simon Maple on the future of security
The day began with Snyk Field CTO, Simon Maple, discussing the future of security. He pointed out that the world has never innovated as quickly as it does today, with companies across industries — from finance, to retail, to entertainment — adopting digital transformation and becoming “technology companies.” But security tools and practices aren’t keeping up with this accelerated innovation. What does this mean for the immediate future? Simon explained that security will become decentralized, moving fully into the software development process with developer-friendly tools and the expansion of DevSecOps practices. He also emphasized the importance of cloud adoption for security — as cloud takes over more of the elements we previously saw in a data center environment, security practices will be more tightly integrated within applications, containers, and open source libraries.
Josh Stella talks cloud security
And on the subject of cloud security: Josh Stella, Snyk VP and Chief Architect, took the stage to talk about the Snyk State of Cloud Security Report (and the survey that went into it). He pointed out that 80% of respondents reported a serious cloud security event in the last year. Only one in ten teams are addressing cloud misconfiguration problems within an hour of detection — while malicious actors can work within much less time. Therefore time and automation are critical to cloud security.
While Josh pointed out that that “the cloud is, by far, potentially the safest computing environment that humans have created” — he emphasized potentially. You have to know how to use the cloud to take advantage of its benefits. There’s still room for teams to grow in terms of defining who’s responsible for cloud security. The survey showed that engineers believe their own teams are primarily responsible for cloud security, but only 19% of chief information security officers (CISOs) think engineering teams are handling that responsibility.
Josh also mentioned the major benefit of infrastructure as code (IaC) security. The survey showed an impressive 70% median reduction in cloud misconfiguration among teams using IaC security. Similar improvements in productivity and deployment speed were also reported.
You can read more about the data and principles Josh discussed in Snyk’s full report on the State of Cloud Security in 2022.
Snyk’s product roadmap, presented by Ravi Maria
Ravi Maria, our VP of Product and Partner Marketing, presented goals and features from Snyk’s upcoming product roadmap. Some highlights include:
new features in Snyk Code (including PR checks, now in Beta)
improved vulnerability insights for Snyk Open Source
support for Quay, Harbor, GitHub, GitLab, and more registries with Snyk Container
We’re also introducing a more personalized path for developers using Snyk Learn — a curriculum to be developed and followed on developers' terms. As Ravi said, “the best way to get developers to learn about security is to help them solve a problem they’re having, while they’re having it.”
Randall and Micah host “Hack with Patch”
SnykWeek’s developer sessions were hosted by Randall Degges, Sr. Director of Developer Relations and Community, and Micah Silverman, Director of Developer Relations. Randall started the afternoon by talking about how he became interested in security. He pointed out that working in security teaches him something new every day.
With this perspective around the process of finding and fixing vulnerabilities, our interactive developer challenge, “Hack with Patch,” got underway. Micah led the group through a live vulnerability-fixing session. It was great to see everyone in the room heads-down, discovering and eliminating vulnerabilities.
Cocktails in the cloud
We wrapped up the day with a social gathering on the 17th floor terrace at the Public hotel. This gave developers, CISOs, executives, and all other security-curious folks a chance to relax and talk shop. It was the perfect way to end an exciting, information-packed day.
We couldn’t have been more excited to host our first SnykWeek event in New York, and we’re grateful to everyone who attended. We’ll be hosting more SnykWeek events around the world, and we’d love to see you there. Coming up this week, SnykWeek San Francisco!