Preface
Cloud native applications don’t just run on a different platform; they overhaul the scope of the applications, the methodologies with which they’re built, and the skills and ownership around them. To stay relevant, security practices need to undergo a transformation of a similar magnitude. We have to embrace a developer-first (dev-first), Cloud Native Application Security approach and anchor our practices to this new organizational reality.
This book will help you understand the market transition to cloud native apps and the organizational changes it includes. Armed with this context, it describes the required changes for our security practices and tooling and why they matter. Last, it provides concrete examples for some of these changes, meant to both help you understand the concepts better and act as candidates for the first steps you may take on the journey.
By the end of this book, you should understand why and how to embrace a Cloud Native Application Security approach.
Why I Wrote This Book
I’m a technophile and I believe technology can help us solve many of the world’s problems and tap into the opportunities they present. I’m therefore truly excited by how much better and easier software development has become, making it easier for creativity to thrive and bring innovative and high-impact changes to our daily lives.
I’m also truly worried about our ability to keep safe in a digital world. After more than 20 years in the security industry, I know all too well how fragile applications are and how easy it is to ignore risks when building software. The drive to improve our lives and businesses with technology cannot—and should not—be stopped, but without building security in, we may hurt ourselves even more.
I believe the only solution is to build security into the fabric of software development; no other approach can keep up. This is a big change, requiring a true transformation of our security practices, technologies, and attitude. It goes against the natural evolution of cyberspace and, thus, requires a revolution, not evolution.
This is the reason I founded Snyk, a company dedicated to building security into development, and it’s the reason I’m writing this book. The first step in transforming security is to catch up to the one that took place in development: the adoption of DevOps and cloud, and the resulting cloud native model.
My hope is that this book will help readers understand what it means to embrace Cloud Native Application Security, why it matters, and how to get started. If more people take on such a change, adapted to their needs, we’ll be a step closer to a safer digital world.
Who Is This Book For?
At its core, this book is for anyone seeking to adapt security to the cloud era. This includes organizations big and small and practitioners from many parts of the organization, including development, operations, security, and executive leadership. The book is written to be accessible to all those readers, even if they have only light familiarity with how software is developed and operated.
More specifically, the book is aimed at leaders and senior individuals in security and development organizations because those two groups are the primary ones responsible for building secure applications, but who most need to adapt to the new reality.
When I use the term you, I’m referring to any technology leader in the company who shares responsibility for building secure applications. When I use the term we, I’m referring to the surrounding development, security, and operations (DevSecOps) community as a whole.