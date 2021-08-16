A 200-year-old technology returns to aid EV adoption
How ‘switched reluctance motors’ are being brought back, mainly to advance electric mobility
Security has been mainly separated from software development since the dawn of modern computing. With attackers always coming up with new ways to damage their victims’ assets, it’s becoming more important than ever for businesses to limit their attack surfaces.
Collaboration and shared ownership of cybersecurity between security and engineering are required to combat hackers. Given the significant shift in attacker focus in today’s hybrid environment, now is the time to include security into the development process. Implementing a shift-left security strategy is the best method to accomplish this.
CISOs are increasingly recognising the fact, that being hacked is a question of when, not if. Most businesses have had a data breach at some point, without their awareness. This puts a lot of pressure on businesses to reduce the risk of not only security breaches, but also to meet their data privacy obligations to their customers. Shifting left refers to the idea of addressing security concerns, earlier in the software development lifecycle. It is a modern approach to shifting left that can have a significant impact on risk reduction and help cloud- native development teams strike a healthy balance of freedom and responsibility.
In its most basic form, “shift left” security refers to moving security into the development process as early as possible. It makes an attempt to integrate security into the software development lifecycle in a meaningful way. Previously, security checks were performed just prior to the code being released into production.
Although it uncovered security flaws, it also resulted in technical teams working at the last minute to patch them, causing delays and harming user experience.
When there were no technologies, release cycles were longer, and the “Waterfall model” was widely used. With the introduction of the Agile development lifecycle, the rate of release into production has grown, posing new obstacles in the entire process cycle of testing and issue resolution.
This approach, often known as DevSecOps, begins security testing early in the software development lifecycle. Rather than relying solely on security testing conducted when the application is released into production, the aim is to incorporate security testing into each phase of the CI-CD (Continuous Integration-Continuous Deployment) pipeline.
Each developer is responsible for the solution’s security, and the process partly empowers developers to check the security of their code early in the cycle, which could be accomplished by implementing a series of checks for every change in the codebase before it is approved as a “Production Ready” build.
With the onset of remote work, the hybrid environment makes it difficult to provide constant mentoring on security from senior to junior developers and has brought its own set of limitations. The technique allows senior engineers to concentrate on the issues that need to be addressed rather than having to go over every line of code.
Business commitment delivery can be achieved without compromising security by using relevant technologies and making minimal modifications to processes.
It is critical to define what shift-left means in an organisation. This is about including key items on vision, ownership/responsibility, milestones, and metrics. When shifting security to the left, there are a few things to consider:
Secure coding training for developers: Ongoing training and examinations of developers’ secure coding knowledge. It is critical that programmers write secure code. Their understanding of fresh threats and vulnerabilities must be current.
Security in Design: Involving the security team early in the design process allows the security team and developers to determine the appropriate controls and methodologies for meeting the business needs.
Secure Coding Training: Continuing training and assessments on the knowledge of the developers on secure coding, newer threats, and vulnerabilities is imperative.
Ongoing infrastructure baseline validation: The application’s security is highly dependent on the security of the underlying infrastructure. It is necessary to harden the infrastructure to fulfil the security baseline. It is critical to test the infrastructure’s security on a regular basis, especially after a release or a change has been deployed.
Monitoring: Because attackers are always looking for flaws in systems, businesses should have systems in place that constantly monitor the application and its underlying infrastructure. The alerts and lessons learned from these tries/attacks must be examined on a regular basis and incorporated into developer training or used to improve security checks in the development to deployment process.
The Shift-Left methodology is meant to effectively and efficiently address these issues. In the early stages of development, it blends both technology and procedures. The developers are empowered to identify security gaps and fix them by leveraging technology or education early in the development cycle, resulting in code that has already been subjected to several security checks/reviews. As a result, the number of issues found during the Pre-Deployment phase by the security team may be reduced.
While less intrusive in functionality, Digital Adoption Platforms have the potential to compromise the security of Customer applications if not designed and developed securely. For example, static code reviews can help detect vulnerabilities that may enable intruders to take control of the end-user’s browser or capture sensitive information from the end user’s browser.
Periodic automated scanning helps businesses identify any changes to the platform that could have an impact on the security of the DAP platform or customer’s application. Also, continuous monitoring of the application and infrastructure informs customers in time if they are being subjected to any direct or indirect attacks.
In today’s threat landscape, a reactive approach will no longer suffice, regardless of how an organisation approaches security concerns. Those who do not take the effort to develop an effective shift left strategy will be left behind and lose their competitive advantage in an environment where security has become a differentiator. In the worst-case scenario, it might constitute an existential threat if no effort is made to address it.
Shift-Left Security Program will help businesses successfully navigate the security transformation required to support DevOps and software defined environments. By implementing shift left and adopting a DevSecOps mindset, businesses can foster collaboration and knowledge sharing between developers, operations teams and security experts.
The writer is VP, Information Security, Whatfix
How ‘switched reluctance motors’ are being brought back, mainly to advance electric mobility
No matter how desirable financial inclusion is, banks are not going to lend to small-ticket, first-time ...
From poor applicability of policy to lack of quality manpower and capital, problems plaguing them are manifold ...
India hardly has any ‘low-cost’ airline, there are only ‘low-fare’ ones
Are your aspirations and financial literacy on similar lines? Read on to find out
Factors to keep in mind for ‘Financial Independence, Retire Early’ aspirants
The scheme has been a long-term underperformer in mid-cap fund space
The company is geared up to deliver healthy revenue growth as government pushes for higher gas usage
Unlike relationships with friends and families, our work relationships are not unconditional
The spirited 22-year-old woman, who earned the sobriquet Radioben, was an integral part of the underground ...
On India’s 75th Independence Day, can cultivating a design-backed ecosystem put the country on a steep growth ...
Why don’t Venture Capitalists and funders view those with disability as consumers with a wallet and a need? ...
The company takes its biscuit lovers down nostalgia lane
Mental health issues in public, gender equality and sustainability have come to the fore
It has been a short lived innings for Twitter’s Fleets – the vanishing posts modelled on Instagram’s Stories ...
Film maker Ram Madhvani, who has acclaimed films like Neerja and the hit web series Aarya , under his belt is ...
Three years after its inception, compliance with GST procedures remains a headache for exporters, job workers ...
Corporate social responsibility (CSR) initiatives of companies are altering the prospects for wooden toys of ...
Aequs Aerospace to create space for large-scale manufacture of toys at Koppal
And it has every reason to smile. Covid-19 has triggered a consumer shift towards branded products as ...