Organizations should build apps and design development workflows in a way that embraces how quickly cloud-native architectures change, says Snyk Solutions Engineer Iain Rose.
Unlike traditional on-premises environments, which have infrastructure that’s patched, maintained and supported by an operations team, containerized applications are designed to be ephemeral, Rose notes. As a result, applications requiring changes in a cloud environments are simply discarded and quickly replaced by a new version without the issue at hand, according to Rose (see: Snyk Engineer on the Rift Between Developers, Security Teams).
“Rather than developers just being responsible for the code they write or the selection of open source libraries that they use to support their applications, they’re also maintaining the operating system the applications are running on,” Rose says. “Everything in there from the application to any libraries that the operating system needs to support it are now being maintained by the developers.”
In this video interview with Information Security Media Group, Rose also discusses:
Biggest challenges to getting developers trained around security; How modern tools embed security within the development lifecycle; Best practices to bridge divide between development, security