Snyk's Iain Rose on How to Secure Cloud-Native EnvironmentsRose on Why Apps and Dev Workflows Must Embrace the Cloud's Rapid Rate of Change
Organizations should build apps and design development workflows in a way that embraces how quickly cloud-native architectures change, says Snyk Solutions Engineer Iain Rose.
Unlike traditional on-premises environments, which have infrastructure that is patched, maintained and supported by an operations team, containerized applications are designed to be ephemeral, Rose says. As a result, applications requiring changes in a cloud environments are simply discarded and quickly replaced by a new version without the issue at hand, according to Rose (see: Snyk Engineer on the Rift Between Developers, Security Teams).
"Rather than developers just being responsible for the code they write or the selection of open-source libraries that they use to support their applications, they're also maintaining the operating system the applications are running on," Rose says. "Everything in there from the application to any libraries that the operating system needs to support it are now being maintained by the developers."
In this video interview with Information Security Media Group, Rose also discusses:
- The biggest challenges to getting developers trained around security;
- How modern tools embed security within the development life cycle;
- Best practices to bridge the divide between development and security teams.
Before joining Snyk as a solutions engineer in December 2020, Rose worked as a software development engineer for BC Ferries, a solutions architect at Chef Software, and a software engineer and senior product manager at xMatters. Prior to that, Rose spent over four years as a quality assurance manager at Electronic Arts and two years at Telus doing quality assurance and development work.