Running fast is good but not headfirst into a brick wall. Similarly, software development needs to move fast, but moving too fast typically is not secure and can cause headaches. Furthermore, old security protocols are insufficient and inefficient. Idan Plotnik, the Co-Founder & CEO of Apiiro, makes the case for a platform that quickly provides contextualized information concerning coding.
Main Takeaways
- Contextualized Info: An old way of checking code often involved the coders themselves answering a long list of questions. This was inefficient and ineffective. A more helpful approach is to have a platform that quickly provides contextualized information concerning the coding, the process, and potential breaks in the chain. With this type of info, security risks can much more efficiently be discovered and addressed.
- Establishing Trust: A platform that provides contextualized information can assist in communication between AppSec teams and developers. If an AppSec team is able to approach the developers with helpful information, then that can establish trust between all parties. With trust established, everybody can work together to reduce the security risk.
- Mission-oriented: An entrepreneur, or a company, should have passion for their mission, whether that’s in securing software development or otherwise. In Israel, there is certainly a connection between innovation and the lessons that many entrepreneurs have learned during their military service. Mission-oriented values seem to translate to successful business outcomes.
For a more in-depth look at this episode, check out the article below.
Article Notes
Running fast is good but not headfirst into a brick wall. Similarly, software development needs to move fast, but moving too fast typically is not secure and can cause headaches. Furthermore, old security protocols are insufficient and inefficient. Idan Plotnik, the Co-Founder & CEO of Apiiro, made the case for a platform that quickly provides contextualized information concerning coding.
“When you don’t have the visibility to what you have, you cannot build an application security program,” Plotnik said. “You cannot remediate and [you] chase your tail. And eventually when you chase your tail, your head is getting into the wall. You can’t spin up like that and chase vulnerabilities. It’s the wrong way to go. You need visibility. And by the way, visibility is a tricky word, because visibility can say, ‘Hey, I know which tools you have, but this is a deep thing. It’s not only that you’re getting a software bill of materials. You’re getting all the assets that you have in your code: the APIs, the dependencies, the knowledge of the developers, the technologies, the cloud APIs, the security controls that you’re using — and all this [you’re getting from] Apiiro automatically [from] between 30 minutes to an hour.”
On this episode of IT Visionaries, Plotnik explained the inadequacies of traditional security checks within software development and the solutions that his platform provides. He described how Apirro focuses on quickly providing contextualized information during the coding process so that communication to address these issues is easier and that these risks are mitigated. He also chatted a bit about his passion for the tech security mission and what correlation he sees for those, with a similar interest, who learned a mission-oriented mentality in the Israeli Army.
Plotnik laid out in clear terms how Apiiro functions.
“We secure your software development life cycle and we built an application risk management platform that can understand [the context] for each line of code that you write,” Plotnik said. “We understand the business impact. We understand who are you as a developer, [and] what’s your knowledge. This is how we help AppSec practitioners and also developers remediate risks early in the development process with context and this is the missing part in DevSecOps today — context.”
The old way of validating code could be developers having someone else look over their work or perhaps having to access their own work via a complicated questionnaire. Based on his own experience, Plotnik described the onerous questionnaire process
“This was 150 questions in an Excel spreadsheet,” Plotnik said.
Instead, Plotnik, with Apiiro, wanted to take the responsibility away from the coders checking their own work with these long lists.
“We wanted to…actually validate in an automatic manner [so] that you are following the security and compliance requirements and you have one single source of truth which is the code,” Plotnik said.
According to Plotnik, using a platform like Apiiro can help set up better communication and trust between AppSec teams and developers, because AppSec teams will be able to bring knowledgeable, contextual information to a conversation about a security concern.
“It’s not only a technical conversation. It’s a matter of trust,” Plotnik said.
Plotik identified Apiiro as being mission-oriented and believed that his time in the military connected to that mentality.
“I think it’s important because the world is running on software,” Plotnik said. “We need to secure it early in the development process and not late in wherever you deploy your code. It’s a huge mission. I think we, as a team, are now around 80 people at the company. We are aligned with the goal and it’s a big mission. And I think it’s going back to the army. Eventually in the army, we got a mission and we had to accomplish the mission no matter what. And it’s the same thing here.”
To hear more about how Apiiro is on a mission to provide visibility and context so that software developers can securely win their races, check out the full episode of IT Visionaries!
IT Visionaries is brought to you by the Salesforce Platform – the #1 cloud platform for digital transformation of every experience. Build connected experiences, empower every employee, and deliver continuous innovation – with the customer at the center of everything you do. Learn more at salesforce.com/platform
