ao link
Business Reporter
Business Reporter
Business Reporter
News
Technology
AI & Automation
Communication
Digital Transformation
Industrial Innovations
IoT
Mobile
Smart Cities
Cyber Security Site
Management
Global Agenda Series
Best of Business
Energy
Future of Work
Healthcare
Human Resources
Future of Enterprise
Retail
Customer Experience
Risk Management
Supply Chain
Finance
FS, Banking & FinTech
CFO
Fraud Prevention
Insurance
Payments
Sustainability
ESG
UN SDGs
Sustainability Talks
Responsible Business
Resources
Print Reports
White Papers
Business Learning
Events
Talk Shows
Supply Chain
Upcoming Episodes
On-Demand
Hosts
Speakers
Sponsors
Digital Transformation
Upcoming Episodes
On-Demand
Hosts
Speakers
MarTech
Upcoming Episodes
On-Demand
Hosts
Speakers
FinTech
Upcoming
On-Demand
Host
Speakers
HRTalk
Upcoming Episodes
On-Demand
teiss (Cyber Security)
Upcoming Episodes
On-Demand
Hosts
Speakers
Sponsors
Jobs
Search Business Report
My Account
Remember Login
Register|Reset Password
My Account
Remember Login
Register|Reset Password
News
Technology
AI & Automation
Communication
Digital Transformation
Industrial Innovations
IoT
Mobile
Smart Cities
Cyber Security Site
Management
Global Agenda Series
Best of Business
Energy
Future of Work
Healthcare
Human Resources
Future of Enterprise
Retail
Customer Experience
Risk Management
Supply Chain
Finance
FS, Banking & FinTech
CFO
Fraud Prevention
Insurance
Payments
Sustainability
ESG
UN SDGs
Sustainability Talks
Responsible Business
Resources
Print Reports
White Papers
Business Learning
Events
Talk Shows
Supply Chain
Upcoming Episodes
On-Demand
Hosts
Speakers
Sponsors
Digital Transformation
Upcoming Episodes
On-Demand
Hosts
Speakers
MarTech
Upcoming Episodes
On-Demand
Hosts
Speakers
FinTech
Upcoming
On-Demand
Host
Speakers
HRTalk
Upcoming Episodes
On-Demand
teiss (Cyber Security)
Upcoming Episodes
On-Demand
Hosts
Speakers
Sponsors
Jobs

Getting “shift left” right

Technology
Sponsored by SNYK
Linked InTwitterFacebook

“Shifting left” is a well-known cyber-security approach that calls for beginning application security processes at the earliest stage – the furthest “left” side – of the development cycle. The benefits of shift left are clear: tackling the problem at its earliest stage makes it significantly more likely that when you get to the stage of operating, problems (bugs, vulnerabilities, design flaws and so on) will be easier and cheaper to fix.

 

While shift left has influenced security in an indispensable way and has become the gold standard for AppSec programs both large and small, organisations are still struggling to scale their shift left efforts, as they are both outpaced and out-resourced by engineering. This game of vulnerability catch-up has been accelerated recently, with the rapid adoption of AI by developers, generating more code than ever and at lightning speed.

 

To keep up, organisations must adopt an umbrella approach to risk management, and consider shift left as a foundational step in a larger posture management strategy. Just as software development is a very complicated process with many layers, shift left should not be viewed as a one-and-done effort. While it’s crucial to set up tools for developers and shift security processes to the early stages, we’ve reached a point where just making the shift alone isn’t enough for managing enterprise-level application risk.

 

Challenges with shift left at scale

 

Security tools provide you with many alerts that are challenging to prioritise and act on. What are developers supposed to actually triage and try to mitigate? It doesn’t help that developers can still release and move forward in the engineering process without responding to what the security testing is telling them. Many tests are more like synthetic blockers rather than actual blockers – developers can challenge these blocks in the workflow and will find a workaround in order to refrain from fixing them.

 

Security does not have the capacity to triage alerts that are classified as critical for developers. Developers are not security professionals and can’t be expected to understand the meaning and context behind the code. This combination of not being able to do the triage independently combined with the sheer volume of alerts generates friction between developers and security teams, causing distrust and pushback.

 

Make shift left a pillar of AppSec posture management

 

Vulnerabilities must be fixed, but to scale that process across an organisation it must be made as easy, seamless and automated as possible for developers. A real shift can happen only when R&D decides it should. Security isn’t the one to make the fix, so in order to convince developers to do so, we must arm them with tools they’ll use and with the business context of the problem to show its urgency.

 

As security professionals, we must be able to enable our engineering teams to prioritise. Failure to do so will make us resigned to “asking nicely” when we need something to be fixed – a reality that is not scalable. Snyk was founded on this premise – if you provide developers with tools they are willing to use, you’ve already made a huge step towards making shift left work.

 

As security enters a new era of even greater complexity, supercharged by the rapid adoption of AI by developers, AppSec teams must be able to prioritise business-critical risks or risk getting drowned. For enterprises, ASPM (application security posture management) has emerged to provide AppSec teams with better visibility and control in order to build, manage and scale their AppSec programs and ultimately reduce risk more effectively.

 

In brief, ASPM is a solution for identifying all assets (code, repos, developers and more) that make up an application, identifying security coverage and gaps, and prioritising risks holistically based on business, security and development needs. By layering ASPM and shift left, teams can not only build securely from the start, but they can focus their security efforts on the most important issues. This means security and developers are truly working together for the business.

 

Shift left can live up to what it is intended to be only when developers truly build their security lifecycle into their workflows. But as security professionals, we need to help them do so by integrating the adoption and scaling of shift left as one of the foundational parts of a holistic risk-based AppSec management program

For more information, visit snyk.io

Sponsored by SNYK
Improving Business Performance
Linked InTwitterFacebook

Most Viewed

Business Reporter

23-29 Hendon Lane, London, N3 1RT

23-29 Hendon Lane, London, N3 1RT

020 8349 4363

Cookie Policy
Terms of Business
17 Global Goals
Campaign Schedule
Lead Generation Media Kit
Sustainability Report
Contact Us
Privacy Policy
Terms and Conditions
Breakfast Briefing Media Kit
Media Kit
BR Studio
Content Guide
Traffic Drivers
Case Study

© 2024, Lyonsdown Limited. Business Reporter® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543

We use cookies so we can provide you with the best online experience. By continuing to browse this site you are agreeing to our use of cookies. Click on the banner to find out more.
Cookie Settings