Noted investor Glenn Solomon recently made a compelling case in Forbes that the next big enterprise software opportunity will be fueled by developers. The first two trillion dollar trends—Saas and public cloud—revolutionized the way software is delivered and deployed, effectively making every company a software company. Now the opportunity lies in products that “make the software development and data management processes easier, faster, more secure and completely democratized.”
We completely agree. In fact, we know that the developer revolution has already begun.
As Solomon says, “As every company strives to become a tech company, they must create an endless array of software to fuel their growth. So it’s no surprise that products enabling developers to build applications quickly, collaboratively, data-driven and productively will become the next trillion-dollar market.”
But just as importantly, products enabling developers to build secure software are key to unlock this rise.
Innovation, speed and collaboration in software development have completely changed over the last decade. Developers now have a vast arsenal of open source projects, libraries and components that can be shared instantaneously. They spin up their own cloud infrastructure and launch public services without waiting for operations or security teams. They have the power to choose their own tools, instead of being forced into the tops-down technology adoption of the past.
But wait, there’s a risk?
But the insight, governance and security around those great innovations has not kept pace. Code has become a major threat vector for hackers. Passwords, secrets, tokens and PII are frequently left in code. Valuable source code that contains true business advantage is open and available for theft and ransom. Developers are in the driver seat of the next giant wave. We need to arm them with tools to ensure they’re not steering us into a wall.
This is why we’re so passionate about security at the speed of code. It would be easy to lock up developers and make it secure. No Git, no open source, no IaC, no cloud-native. But there isn’t a single company that would make that choice.
Innovation and speed will always win. That’s why the old security models just don’t apply in the land of developer-driven software.
So what does code security in this new world look like?
- Authentication and authorization of developers in these new environments is critical, as well as fine-grained and trackable permissions that reach all the way to developer endpoints. As remote work is here to stay, we will see new ways to authenticate developers that rely on zero trust.
- Code security must address containers like Kubernetes and Docker. In a cloud-native world, many security vulnerabilities stem from misconfigurations. Code security must monitor and address those misconfigurations in containers, as well as Git.
- A focus on code provenance and authentication in open source projects. Developers need a quick and easy way to guarantee that the open source components they’re using are safe and compliant.
- Core security functions must be embedded into the natural workflows and tools of the developer and the CICD pipeline, making security policies actionable. Security has to adapt to devops, not the other way around.
- Understand that Git is the protocol fueling this adoption and use its powerful features to empower the developer to write more secure code from the beginning while giving security teams the information and control they need for vigilance and governance.
- And most importantly, empower the developer within their tools, their workflow and their pace.
We must stop thinking of security as something that just “has to be done” for risk management. Our vision of code security unlocks greater innovation for companies, who can now make use of the latest tools without fear of a breach or misconfiguration. Code security will enable more innovation, at a faster pace.
We are thrilled that savvy investors like Glenn (and our own) see the potential of this massive opportunity that’s already well underway. We couldn’t be more excited to provide the security needed to unleash a powerful new wave of innovation. Join us on our journey to make code safe.
*** This is a Security Bloggers Network syndicated blog from BluBracket authored by blubracket. Read the original post at: https://blubracket.com/why-code-security-unlocks-the-next-trillion-dollar-software-opportunity/