Shift Left: Where Cloud Native Computing Security Is Going (The New Stack)
The New Stack’s article “Shift Left: Where Cloud Native Computing Security Is Going”, quotes ControlPlane’s CEO Andrew Martin — alongside Isovalent’s Chief Open Source Officer Liz Rice and Deepfence’s Head of Products and Community Owen Garrett — on some of the key changes brought about by the move to “shift left” in the CloudNative world.
Andrew Martin, CEO of cloud native security consultancy ControlPlane, noted that we’re seeing a “morphing of responsibilities. Gitops gives developers access to provisioning infrastructure, thus making decisions that potentially affect the security of the entire system.” This means “security becomes everyone’s responsibility, he said. “This is why the automation and the shift left is so vital. In order to move quickly, we need to apply the security testing tools closer to the developer, and also ensure that everybody has that level of understanding as to what the implications of their infrastructure changes could be.”
But, as one journalist asked, “We’ve been hearing about team responsibility for security for ages, what’s different this time?”
Well, for one thing, we don’t have a lot of choice in the matter now. You either get it right or your software ends up in a security news story headline. That said, Rice admitted, “it’s not straightforward and simple. And it requires a cultural change.”
Regarding that change, Martin said, “The actual concrete implementation of this to have a security champion within the team. That person must also be empowered to put a hard stop on features shipping unless it has the correct security criteria checked off.” That said, Garrett added that security’s not one person’s job. “Security responsibility is now shared across teams.”
Read more at The New Stack.