OPERATIONS
SHIFTING LEFT : D EVS ECO P S A PROACTIVE APPROACH TO CYBER
Cyber Magazine speaks with experts around embedding DevSecOps in software development , focusing on ‘ shifting left ,’ challenges and recommendations
WRITTEN BY : MARCUS LAW
Short for development , security and operations , DevSecOps automates the integration of security at every phase of the software development lifecycle , from initial design through integration , testing , deployment and software delivery .
The core principles and practices of DevSecOps revolve around the idea of ‘ shifting security left ,’ meaning that security considerations are introduced as early as possible in the software development lifecycle ( SDLC ). This proactive stance ensures that security is not an afterthought but an integral part of the entire process .
This month , experts in the field share their perspectives with Cyber Magazine on why DevSecOps is essential , the concept of ‘ shifting left ’, the challenges organisations face , and recommendations for a smooth transition to a DevSecOps culture .
Integrating security into the DevOps lifecycle As explained by Amit Tailor , Director , System Engineering at Palo Alto Networks , one of the reasons for the urgency to integrate security in the DevOps lifecycle is reinforced by the escalating threats targeting Continuous Integration / Continuous Delivery ( CI / CD ) environments . “ These pipelines are intrinsic to cloud-native software development , housing sensitive data and credentials ,” he says . “ Unfortunately , they often remain unnoticed by traditional AppSec teams , posing a considerable risk .”
102 November 2023