Security Unicorn Snyk Plans DevSecOps Domination
While most of us only reluctantly look back on last year, 2020 was banner year for cloud security startup Snyk.
While most of us only reluctantly look back on last year, 2020 was banner year for cloud security startup Snyk.
Discovering new zero-day exploits and advanced persistent threats make for more splashy headlines. However, “our primary focus is security hygiene at scale,” Snyk President and co-founder Guy Podjarny said. “In the era of COVID, maybe it’s easier to relate to the fact that it’s not about buying an N-95 mask. It’s about washing your hands.”
This focus resonates with investors and enterprises such as Google and Salesforce. Snyk ended 2020 with more than $350 million in new funding, which pushed its valuation to $2.6 billion, and recorded a 200% year-over-year revenue increase.
It also closed two acquisitions, DeepCode and Manifold, and added some high-profile partnerships with Docker, Datadog, and IBM Cloud. Docker named Snyk as its exclusive provider of security insights for Docker Official Images. Also at its first-ever SnykCon event in October, the security vendor announced that its Snyk Intel vulnerability database will integrate into Datadog’s user interface and IBM Cloud to further boost enterprise workload security.
Back at its day job, Snyk found and fixed more than 4.5 million vulnerabilities and launched two new products: Snyk Infrastructure as Code and Snyk Code. Nearly 2 million developers use the company’s Cloud Native Application Security platform. In addition to Google and Salesforce, those customers include MongoDB, Asurion, Intuit, Revolut, and New Relic.
“The industry is realizing the need to transform security as part of digital transformation,” Podjarny said. “You need to re-think the scope of responsibility and developers have and the importance that developers embrace security. And so as the mass market starts accepting that, they seek out the philosophy and the pipeline that Snyk offers around more developer-focused, cloud native security.”
Podjarny admits the pandemic played a role in Snyk’s 2020 successes. “COVID has accelerated digital transformation, and digital transformation has accelerated the dev-first security need, and with it Snyk’s services,” he said. Even so, Snyk doesn’t plan to slow down in 2021. “We’re absolutely expecting to accelerate.”
Snyk started as an open source security vendor in 2015. Initially, its product let developers search for vulnerabilities in enterprise systems, with particular focus on their open source software, and block the vulnerabilities.
Viewing security through a developer’s lens has always been a key tenant of Snyk’s philosophy. As it’s grown into a more comprehensive application security platform, it has maintained this focus on helping developers build software securely though the development process.
Over the past five and a half years, Snyk added products to find and fix vulnerabilities in containers, application code, and infrastructure as code. “We believe we are especially well positioned to offer a complete security solution for a cloud-native application that covers all the parts of the application,” Podjarny said.
But, having said that, “there’s definitely a lot more to build,” he added. “We absolutely intend to grow the product line and add additional technologies for developers. We’re also constantly growing our governance capabilities and compliance support to accommodate the needs of the larger enterprise.”
This is where the latest funding round comes into play. Last September, Snyk closed a $200 million series D round, which brought its total investment to $450 million. Snyk is using the capital to invest in more developer-focused capabilities while making governance and compliance manageable for enterprises, Podjarny said. “They go hand in hand. To be successful, enterprises need developers to embrace the [application security] solution, and they need to be able to ensure compliance in the process. So both of those are core parts of our product, and things we’re doubling down on.”
This includes supporting more programming languages and securing additional parts of applications such as APIs and data. “We already secure the application behind the API, but there are API-specific security threats,” he said. “We are also looking into helping secure data, which is another realm of responsibility that moved to the hands of developers and they need security support with that.”
Snyk has also boosted its technology through acquisitions including its DeepCode and Manifold purchases last year. DeepCode provides real-time semantic code analysis, and Manifold has a cloud-native marketplace for developers. The companies didn’t disclose purchases prices for either acquisition.
“We’re always on the lookout for great ways to expand our platforms while maintaining our commitments to developer friendliness and security,” Podjarny said. “So yes, you should probably expect additional acquisitions from us over the course of the year.”
