Shift left: Beyond the cybersecurity buzzword – Security Magazine

Image via Freepik
Shift left is one of the most popular terms within modern cybersecurity, used heavily in vendor marketing campaigns and as a headlining topic at industry conferences worldwide. As a result, the core objective and best approach to shift left has become unclear. While shift left has increased in popularity in recent years, it’s important to recognize that it is not a new concept. 

Years ago, organizations utilized the waterfall method of development, kicking off a project, scoping requirements, then designing, building, testing, and deploying software. Using this model, flaws and bugs made it all the way to the testing phase before they were identified, ticketed and sent back to development teams to fix. This method made it costly to resolve flaws. Through the gradual evolutions of DevOps and the creation of CI/CD tools, the process of fixing bugs naturally evolved to earlier in the release cycle — the founding of shifting left.

By integrating testing measures sooner in the life cycle, developers were enabled to fix issues faster as teams were immediately notified about problematic code. Code could also be pushed to production faster as teams no longer wait on manual review, and testing policies were consistent throughout. This was a huge win for productivity. 
But what does shift left mean when applied to security testing? Security testing is unique, as it usually does not take place until the code is live in production. Shifting security left is utilizing the same principles that improved efficiencies in quality testing and applying them to how teams find and fix security flaws. Shifting security left makes testing frequent, automated, and consistent. 

There are many benefits to shifting security left. This includes:

Now that we’ve explored the benefits of shifting security left, let’s delve into how organizations can begin (and continue to sustain) such a process: 
This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.
Subscribe to Security Magazine

Scott Gerlach is CSO and co-founder at StackHawk.
You must have JavaScript enabled to enjoy a limited number of articles over the next 30 days.
Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company. Interested in participating in our Sponsored Content section? Contact your local rep.
Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe. 
Push-to-Talk over Cellular (PoC) is today’s Nextel radio network with nationwide voice, text, and video calling that can be quickly deployed with no infrastructure costs.
 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 
Copyright ©2022. All Rights Reserved BNP Media.
Design, CMS, Hosting & Web Development :: ePublishing



Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top

Adblock Detected

Please consider supporting us by disabling your ad blocker

Refresh Page