How Snyk targeted developers to become a $4.7B cloud-security giant

Success selling to enterprises typically means finding the right entry to connect with high-level decision-makers. But Snyk has built one of the fastest-moving security startups of the cloud-native era by entering through the back door with developers.

That strategy continues to pay dividends, as evidenced by the company’s announcement today that it has raised $ 300 million in venture capital for a total of $ 470 million. Snyk’s valuation is now $ 4.7 billion, up 4 times since last year.

Snyk is part of a broader movement to embed security into the very beginning of the development process and make defenses more robust.

“What we’ve done is turn the model upside down by building security the same way you would do quality control for bugs,” Snyk CEO Peter McKay said. “You don’t wait until something goes into production to test quality issues in an application or performance or scalability. Our view is you should do security the same way. It’s part of quality control. The sooner you find the problem at the point of creation, the more cost-effective it is to address it.”

Founded in 2015, Snyk’s platform provides security for cloud-native application development by using a vulnerability database that is maintained by a team of security experts. According to Snyk, about 43% of breaches can be traced back to vulnerabilities in applications.

By using the platform, developers can more easily add security to the process as they build new features and applications. That has become even more urgent as enterprises expand their cloud investments, which can lead to a larger attack footprint and challenges related to scaling resources.

Rather than selling to enterprise managers, the company established itself by going directly to developers with a free version of the product.

“That became this bottoms-up motion,” McKay said. “We built our business around allowing developers to try it. You’re getting told you need to do security. Why wouldn’t you start using it? It’s free. So we started getting embedded into organizations and going viral across the companies.”

From there, enterprises can shift to the paid version, which enables more collaboration and wider integration in the development tools being used across the software development lifecycle. Because most of the vulnerability technology remains in the backend, developers don’t need to become security experts to spot and address potential problems. In some cases, Snyk even automatically fixes the vulnerabilities, McKay said.

This keeps the development process moving along while placing even more control in the hands of developers, which of course helps drive greater adoption of the platform.

The company currently has 2.2 million developers in its community, but it is targeting all the estimated 28 million developers worldwide.

The latest funding should help it advance toward that ambitious goal. The money was a mix of primary and secondary offerings, allowing employees and insiders to cash out some shares while also netting $ 175 million of new capital for Snyk. Accel and Tiger Global co-led the round, which included money from Addition, Boldstart Ventures, Canaan Partners, Coatue, GV, Salesforce Ventures, Stripes, BlackRock, Alkeon, Atlassian Ventures, Franklin Templeton, Geodesic Capital, Sands Capital Ventures, and Temasek.

Snyk raised $ 150 million in January 2020, followed by another $ 200 million round in September. The company had also raised $ 22 million in 2018 and has been using that war chest to grow through acquisitions. Last year, it acquired DeepCode and Manifold.

McKay said an IPO is on the roadmap, but the company hasn’t announced the timing. For now, Snyk has sufficient funding to pursue its strategy of organic growth through developers.

“It’s a very maniacal focus on the developer experience by embedding the to the technology into the software development lifecycle,” McKay said. “It’s about developer productivity. We say ‘develop fast and stay secure’. That’s kind of our motto.”