Over reliance on shift-left can lead us in the wrong direction

The modern tech landscape is all about speed. In the great race to innovate, developers have been pushed to create and update applications at a hitherto unimaginable rate. As the bar is raised ever higher, and businesses scramble to keep up or get ahead, developers must build code faster than ever to speed development cycles.


 The “shift-left” security movement grew out of this phenomenon. In order to save on human resources, cut costs and slash development time, organisations adopted processes to incorporate security requirements earlier into the development cycle. 


As such, shift-left has taken the security world by storm – and it’s understandable. Closing security gaps in the early stages of development does save precious time, resources, and money.


But there’s a catch. 


Shift-left provides the most value for new and emerging technologies. Before new tech is implemented, developers and their employers can easily establish security guidelines and parameters for the technology development process. Because new technologies have yet to be incorporated into the running infrastructure, they don’t need to retrofit any security capabilities.


However, the crux of the issue is that shift-left only identifies security gaps in the development stage. Shift-left capabilities cannot protect what’s already running in your environment. Anything already running within an environment is left unprotected. Jettisoning runtime monitoring and protection capabilities for shift-left tactics will leave existing running assets exposed.


This especially applies to application programming interfaces (APIs). APIs allow for the instant exchange of data across multiple platforms, and their usage has rocketed with the dramatic increase of digital services and online applications. In today’s API-driven economy, companies typically have hundreds or even thousands of APIs running, many of which they are completely unaw ..

Support the originator by clicking the read the rest link below.