4 Steps for Shifting Left & Winning the Cybersecurity Battle

If companies prioritize communications and make the DevOps process more transparent, team members will better know what vulnerabilities to look for.

Sascha Giese, Head Geek, SolarWinds

April 3, 2023

4 Min Read
Red arrow pointing left
Source: Shutterstock

Customer satisfaction is today's business battleground. The winners are the companies that deliver the best, highest-functioning software and applications in the shortest amount of time.

ChatGPT is the latest example of a winning app. In just a few months, the tool has reached 100 million users, making it the fastest-growing consumer application ever. Its success has also set off an artificial intelligence (AI) apps arms race, with competitors, including Google, emerging to grab market share as fast as possible. This race illustrates the ongoing struggle companies face to quickly develop high-performing software and applications that are also highly secure. This is a delicate balance in today's environment, where trading security for speed could lead to disastrous consequences.

Security-Speed Balance

One method that companies are embracing to strike this balance is implementing the "shift left." The shift left in this context refers to moving practices related to testing software as early in the development process as possible. By embracing the shift left, technology teams — specifically DevOps teams — can identify bugs, errors, and vulnerabilities early on and resolve them, resulting in high-performing, highly secure software, and applications.

Here are four steps DevOps teams can take to embrace the shift left, improve application performance, reduce vulnerabilities, and win the security battle.

Step 1: Define the Security Strategy

No army worth its salt heads into the field without a detailed map of the terrain, information on adversaries, and a hierarchy in place with responsibilities for every rank. The same should be true of any DevOps unit shifting left.

Companies should take the time to identify who will be in charge of what responsibilities, determine metrics for success, and formalize procedures. DevOps leaders should build appropriately staffed teams, implement processes that maximize security, and determine what kind of tests they will run and how often they will run them. Businesses should also identify and prepare for specific known vulnerabilities that could lead to issues.

Shifting left involves developing a new set of principles for software delivery and security; thus, planning and defining the strategy is very important.

Step 2: Understand the Development Pipeline and Deployment Process

As companies shift left, it's critical to have a thorough understanding of the software development pipeline and the deployment process.

This pipeline is the set of tools and processes in place to build and release software and applications. Once this analysis and understanding is complete, DevOps teams can begin carrying out tests in the build pipelines, checking code validity within development environments, and much more.

One solution that is helping DevOps teams map and understand their pipelines and embrace the shift left is observability. With observability, teams can help teams get a single-pane-of-glass view across applications, databases, and infrastructures that can be key to understanding application performance, user experience, and the overall environment required for modern application architecture. Some observability solutions even offer live code profiling that automatically sees potential user issues or performance bottlenecks before code is shipped.

Step 3: Include Security Automation

In enterprise technology, software teams have turned to automation to streamline testing for multiple reasons. First, manually testing software can introduce human error. Second, the shift left requires companies to test software as early and often as possible. And while these principles are meant to create more secure, better-performing products, this high volume of testing can also result in overloaded teams, requiring DevOps to manually evaluate every new feature the development team introduces.

To avoid this scenario, DevOps teams should use tools that automate running tests. Doing so will help reduce the stress placed on DevOps teams while also providing faster feedback related to any vulnerabilities that may be found in software code. Generally, automating tests in the development cycle allows organizations to increase the speed with which a product is completed while ensuring that fewer bugs or vulnerabilities are found later.

Step 4: Build a Culture of Transparency

While automation and modern technology can contribute significantly to an organization's success, a more human process and trait plays an equally important role — communication and transparency.

One of the key principles behind DevOps is narrowing the divide between development and production. Increasing communication and transparency across the product and software development life cycle can help narrow this divide. As it relates to the shift left, involving the appropriate team members as early as possible and during every step in the process is key to increasing transparency.

By prioritizing communication and adding transparency to the process wherever possible, team members will better understand how to test, what vulnerabilities to look for, and how to make software and applications more secure, better performing, and more resilient.

About the Author(s)

Sascha Giese

Head Geek, SolarWinds

Sascha Giese is a Head Geek at SolarWinds based in the company's Europe, Middle East, and Africa (EMEA) headquarters in Cork, Ireland. He holds various technical certifications and is a Cisco ®  Certified Network Associate (CCNA ® ), Cisco Certified Design Associate (CCDA), Microsoft ®  Certified Solutions Associate (MCSA), VMware ®  Technical Sales Professional (VTSP), AWS ®  Certified Cloud Practitioner, and Network Performance Monitor and Server & Application Monitor SolarWinds Certified Professional ®  (SCP). Giese has more than 15 years of technical IT experience, four of which have been as a senior pre-sales engineer at SolarWinds. As a senior pre-sales engineer, he was responsible for product training for SolarWinds channel partners and customers, regularly participated in the annual SolarWinds Partner Summit EMEA, and contributed to the company’s professional certification program.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights