CLOUD APP DEVELOPMENT
Snyk | July 27, 2022
Snyk, the leader in developer security, today unveiled Snyk Cloud, announcing the launch of the industry's first comprehensive Cloud Security Solution designed by and for developers.
This latest development was made possible by the acquisition of Fugue earlier this year. Thoughtfully designed with global DevSecOps teams in mind, Snyk’s Cloud Security solution unites and extends existing products Snyk Infrastructure as Code and Snyk Container with Fugue’s leading cloud security posture management (CSPM) capabilities. These elements are now powerfully combined to realize a fully featured cloud security solution that allows today’s modern developers to continue their rapid pace of innovation securely.
The Snyk Cloud product extends the company’s existing Developer Security Platform in a significant way, allowing more companies to embrace DevSecOps and spark further effective collaboration between their developer, operations, security and compliance teams. Instead of grappling to patch together multiple, incompatible cloud and application security solutions, ultimately leading to a fragmented view of application security in the cloud, global developers now have the ability to take full ownership of their infrastructure. At the same time, their security counterparts can define and operate a consistent cloud security posture across the entire software development lifecycle (SDLC).
With the digital era’s ever rising need for innovation speed, siloed application and cloud security tools that focus on detecting issues after deployment are too slow and risky, creating growing tension between developer and security teams. With the addition of Snyk Cloud, Snyk customers will now be the first to benefit from a unified platform and policy engine that equips them to create secure deployments via an unmatched feedback loop – from code to cloud and back to code – securing their cloud before deployment and maintaining its secure integrity while running as well as then assessing and prioritizing the precise places to provide fixes back in the code. In fact, over the past year, Snyk customers have reported that they improve their security risk posture by more than 60% by reducing the time it takes to find and fix vulnerabilities.
“Snyk’s developer-first approach disrupted the application security industry and we’re now aiming to apply many of those lessons learned to the fastest growing segment of cybersecurity today: cloud security, Predicted to be worth $77.5 billion by 20261, this is an area ripe for change. Today’s news represents another important milestone for the developer security movement, and we look forward to the industry’s response to our vision of uniting AppSec and CloudSec teams to secure today’s apps more efficiently.”
Peter McKay, CEO, Snyk
“Our global customers have witnessed firsthand how previous cybersecurity tenets have evolved profoundly, with cloud infrastructure now changing just as fast as the apps themselves. They’re eager for one comprehensive solution that provides a truly complete cloud picture, driving DevSecOps by enhancing developer productivity securely,” said Adi Sharabani, CTO, Snyk. “We’re incredibly proud to reveal this industry gamechanger, Snyk Cloud, the first developer security product designed for the cloud era in order to address every important stage of a modern app’s life today from development through to production.”
Now Powered by Snyk: The Cloud Security Podcast
In timing with AWS re:Inforce, Snyk has introduced two exciting new cloud security hires, Ashish Rajan and Shilpi Bhattacharjee, founders of the Cloud Security Podcast, which is now officially powered by Snyk. In their new roles, Ashish will be Snyk’s first Cloud Security Advocate, while Shilpi will continue to serve as Lead Program Manager for the Cloud Security Podcast. As with the Secure Developer Podcast and DevSecCon, Snyk is committed to continuing to build these global communities that foster education, thought leadership and promote secure development. Please visit here to read more about what’s ahead for Ashish, Shilpi and the incredible cloud security community that they have fostered over the last several years.
Snyk is a Diamond sponsor at AWS re:Inforce, a learning conference focused on security, compliance, identity and privacy taking place in Boston, July 26-27, 2022. Snyk Cloud is currently available on a limited basis with general availability planned in the Fall 2022. To see Snyk Cloud in action, visit the company’s booth (#408) or sign up for a demo here.
Snyk is the leader in developer security. We empower the world’s developers to build secure applications and equip security teams to meet the demands of the digital world. Our developer-first approach ensures organizations can secure all of the critical components of their applications from code to cloud, leading to increased developer productivity, revenue growth, customer satisfaction, cost savings and an overall improved security posture. Snyk’s Developer Security Platform automatically integrates with a developer’s workflow and is purpose-built for security teams to collaborate with their development teams. Snyk is used by 2,000+ customers worldwide today, including industry leaders such as Asurion, Google, Intuit, MongoDB, New Relic, Revolut and Salesforce.
Section | September 29, 2022
Section, the leading cloud-native distributed compute provider, today announced its new Distributed GraphQL Service, allowing organizations to quickly launch and easily scale location-optimized, multi-cloud API servers. Organizations can host GraphQL in datacenters across town or around the world to improve API performance and reliability, lower costs, decrease impact on back-end servers, and improve scalability, resilience, compliance, security and other factors – all without impacting their current cloud-native development process or tools. Section handles day-to-day server operations, as its clusterless platform automates orchestration of the GraphQL servers across a secure and reliable global infrastructure network.
“Distributing API servers and other compute resources makes all the sense in the world for developers, as long as it’s easy to do, Our new Distributed GraphQL service is simple to start, gives you immediate access to a global network, and automates orchestration so developers can simply focus on their application and business logic.”
Stewart McGrath, Section’s CEO
GraphQL is a query language and server-side runtime for cloud APIs that improves the efficiency of data delivery. According to a report by Akamai, API calls represent 83% of all web traffic, and InfoQ considers GraphQL to have reached “early majority” usage in its 2022 architecture trends report.
With Section, GraphQL servers can be quickly deployed and immediately benefit from multi-cloud, multi-provider distribution. Application users will experience an instant performance boost from reduced latency, while API service availability and resilience is dramatically improved by Section’s automated service failure/re-routing capabilities. Organizations will benefit from decreased costs versus hyperscalers or roll-your-own distribution solutions, and can even run other containers alongside the GraphQL Server, such as Redis caches, security solutions, etc., to further improve the costs/performance/availability equation.
Section’s distributed cloud-native compute platform allows application developers worldwide to focus only on business logic yet enables their software to behave as if it runs everywhere, is infinitely scalable, always available, maximally performant, completely compliant, and efficient with compute resources and cost. DevOps teams can use existing Kubernetes tools and processes to deploy to Section and set simple policy-based rules to control its clusterless global platform.
Benefits of Section’s Distributed GraphQL service include:
Proximity-based performance – moving API servers closer to users dramatically improves performance, and servers can be spun up/down as needed based on load to minimize cost
Full and partial API caching – for improved performance; done well, this can minimize the need for database distribution, dramatically decreasing costs
Roundtrip coalescing – Section’s data fetch capabilities can coalesce database and API calls to reduce backend chattiness
Cloud independence – Section’s Composable Edge Cloud eliminates provider dependence by leveraging the world’s top infrastructure and cloud providers.
Layer 3-4 DDoS Security – Network-layer DDoS protection is included by default across the entire Section network to protect against all Layer 3/4 attacks. Section’s DDoS protection includes dually redundant DDoS protection including two of the world’s largest DDoS networks.
Section is a Cloud-Native Hosting system that continuously optimizes orchestration of secure and reliable global infrastructure for application delivery. Section’s sophisticated, distributed and clusterless platform intelligently and adaptively manages workloads around performance, reliability, compliance, cost or other developer intent to ensure applications run at the right place and time. The result is simple distribution of applications across town or to the edge, while teams use existing tools, workflows and familiar rules-based policies.
Spectro Cloud | September 30, 2022
Spectro Cloud, a leader in modern Kubernetes (K8s) management software, today announced a major new release of its Palette Edge platform.
Kubernetes at the edge has spurred the interest of businesses around the world as they seek to enhance competitiveness and agility. To date, however, K8s at the edge has failed to realize its true potential. Why? A study by Dimensional Research found 72% of Kubernetes users effectively said: “It’s too challenging to deploy and manage Kubernetes on edge devices.”
The Palette Edge platform, first launched in March 2022, earned Spectro Cloud recognition as a 2022 Gartner Cool Vendor in Edge Computing solves this problem, enabling organizations to re-define how cost-efficiently they can deploy and manage edge K8s clusters at scale, including at locations with small form factor devices, no on-site IT skills and marginal connectivity. Palette Edge delivers remote troubleshooting, zero-downtime rolling upgrades and patch management, even in single-server edge deployments, due to its unique A/B OS partition, multi-node failsafe design and support for both ARM and x86 architectures, including Intel’s Trusted Platform Module (TPM).
Palette Edge derives its functionality from Spectro Cloud’s core Palette platform, which enables organizations to consistently manage K8s clusters across their full lifecycle, across public clouds, virtualized or bare metal data centers, as well as edge locations. Through a unique extension of Cloud Native Computing Foundation (CNCF’s) Cluster API, Palette enables IT teams to model their full Kubernetes stacks from the OS to the application in a true declarative model, creating project-curated, reusable Cluster Profiles while providing a choice of operating systems, K8s distributions and tools from the broad K8s ecosystem. Palette is architected to scale, delivering centralized and automated management combined with decentralized orchestration and policy enforcement — together enabling a virtually infinite scale from few to tens of thousands of clusters.
Extending this core Palette foundation, Palette Edge today adds unique security, visibility and usability capabilities, setting a new industry standard for deploying and centrally managing edge K8s at scale, dramatically lowering total cost of ownership and risk for organizations of any size expanding to the edge. Palette Edge is purpose-built to support key industry use cases including Internet of Things device management and orchestration, data ingestion, streaming, analytics and AI inference.
“For us, edge is an enabler to help clinicians deliver better patient outcomes by deploying technology closer to the user,” said Vignesh Shetty, SVP & GM Edison AI and Platform at GE Healthcare Digital. “The need for a secure, cost-effective approach to manage Kubernetes at the edge at scale is more relevant than ever before.”
The new Palette Edge delivers on the key priorities for edge K8s users with:
Tamperproof security for Kubernetes at the edge: Spectro Cloud research found that security is the #1 concern when adopting edge Kubernetes.
Edge Kubernetes devices deployed in remote, unmonitored locations are particularly vulnerable to deliberate tampering and unintentional configuration drift, where their operating system, distribution and other software elements move out of compliance through ad hoc configuration changes.
Palette Edge now enables operations teams to build highly secure configurations for edge devices, including their preferred Kubernetes distribution and the underlying OS, which once deployed become immutable, read-only and unmodifiable by the application user, just like the firmware on a smartphone. The now-immutable stack also enables zero-downtime rolling upgrades, due to a failsafe deployment design.
Palette eXtended Kubernetes Edge (PXK-E): This new edge-optimized Kubernetes distribution version of Spectro Cloud’s CNCF-upstream Kubernetes distribution is available now to all Palette customers.
PXK-E incorporates Palette’s new immutability capability, along with NIST-800 security hardening. It is certified for more than 50 open source and commercial cloud native integrations and provides high availability and zero-downtime rolling upgrades even in single-server configurations.
With Palette Edge, businesses can choose the PXK-E distribution or Palette-optimized versions of any other K8s distribution, verified and supported by Spectro Cloud.
A powerful NOC-like dashboard: Now organizations scaling to thousands or tens of thousands of edge devices have the power to manage their fleet more easily and with greater control than ever before.
Palette Edge’s Network Operations Center-like (NOC) dashboard provides a highly intuitive user experience with live status for key events, plus advanced capabilities to filter, tag and drill down to clusters by location, status or other attribute. Importantly, operators can define powerful workflows for managing clusters, with almost infinite possibilities: for example, they can phase deployments of cluster updates by location for canary testing, or schedule patching to follow the sun.
Ultra-simple edge device onboarding: In edge Kubernetes projects, organizations can find the act of deploying new devices in remote locations incredibly problematic; often, costly field engineering truck rolls are needed.
Palette Edge makes it easy for non-specialist staff to quickly power up and onboard a new device into a managed cluster, using a variety of methods, such as through Palette Edge’s user interface, leveraging its open API, the Spectro Cloud Terraform provider, or by simply scanning a QR code on the edge device itself.
The features delivered in this new Palette Edge release reflect real customer requirements of K8s at the edge. To address them and also contribute to the broader cloud native community, Spectro Cloud is now leading a unique open source project which delivers failsafe immutability at the edge: Kairos. Version 1.0 of Kairos is now generally available with extended community support, and is free to download and use. For more information, visit www.kairos.io. This is another example demonstrating Spectro Cloud’s continued commitment to foster innovation as a member of the CNCF and Linux Foundation, contributing to major Kubernetes ecosystem projects such as Cluster API and the Cluster API Provider for Canonical MAAS.
These major new features are available today in Spectro Cloud’s Palette Edge edition and further position Palette as the first choice for organizations running Kubernetes at the edge at scale, enabling them to bring modern applications and data close to their end-users. Customers of Palette Edge are already realizing significant benefits by avoiding otherwise necessary field engineering visits at edge locations, which can result to up to 90% reduction in operational costs.
“A key use case for 5G Edge compute is mission critical, ultra-low latency, workloads. That means cyber-security is a foundational principle for Edge and not an afterthought. Spectro Cloud is delivering a customer solution for deploying modern apps to the Edge that can integrate readily into end-to-end Zero Trust architectures,” said Dr. Ken Urquhart, Global Vice-President, 5G at Zscaler.
“This brand new set of capabilities is making edge K8s locations as easy as a cloud for our customers, With a platform that can scale to tens of thousands of edge locations, requirements like security, resiliency and ease-of-use can be game changers, and this has been our focus in the latest release. At Spectro Cloud we are committed champions of the innovation coming out of the open source community, and we couldn’t be more excited to collaborate with some of the most interesting projects to deliver some of those new capabilities.”
Spectro Cloud co-founder and CEO Tenry Fu
About Spectro Cloud
Spectro Cloud uniquely enables organizations to deploy and manage Kubernetes in production, at scale. Its Palette enterprise Kubernetes management platform gives IT Operations and DevOps engineering teams effortless control of the full Kubernetes lifecycle even across multiple clouds, data centers, bare metal and edge environments. Ops teams are empowered to support their developers with curated Kubernetes stacks and tools based on their specific needs, with granular governance and enterprise-grade security.