RSA recently published “20 Predictions for 2020”. These are spot on and interesting. While these predictions cover the complete security landscape, I would like to draw attention to one specific prediction here, “#5 – Security shifts left”.

The basic idea with “security shifts left” is to ensure that DevOps teams perform required steps during CI/CD process to bake in security aspects/requirements in the solution during development itself. Currently security is quite often an afterthought i.e. post development. Let me give some examples here:

It is best to plugin these gaps by allowing “security to shift left” and move these assessments/checks earlier in the cycle. CI/CD is the right place to plugin the right tools to ensure continuous assessment (via DevSecOps methodology). These tools need to be developer-friendly and de-centralized to allow engineers to use these locally on their development boxes directly. The traditional model of submitting requests to a central AppSec team simply does not work well nor scale.

ThreatWatch (TW) provides a SKU for DevOps with the following capabilities:

TW provides ability to track above items across multiple version of the software (released or in development)

All of these capabilities can be made directly available to engineers. This is a complete shift left from security perspective. Also, TW tools can be incorporated in your CI/CD workflow to ensure that regular assessments and compliance checks happen all along. Thus ensuring no surprises towards the tail end of the release.

To know more about how ThreatWatch can help your teams build more secure software, please write to us at info@threatwatch.io

Leave a Reply

Your email address will not be published. Required fields are marked *