Why ‘Shift Left’ Leads to Unrealistic Security Expectations

The “shift left” movement puts “unrealistic” expectations on developers, said Gayatri Prakash, vice president and general manager of compliance at CloudBees. She said installing new tools to manage various parts of the SDLC is not necessarily “going to solve our problem for security.”

See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources

“If you take a seat at the developers’ side of the table for a minute, you’ve shifted the scanning tools left, but what you’ve left the developer with is a ton of noise that’s coming from all of these different tools,” Prakash said.

The answer to this challenge is having the right level of automation “to distill through the noise and provide a prioritized list of actions that fit in seamlessly with the developers and the other tools that the developers spend their life in.”

“The success of shift left is how you implement shift left,” she said.

In this video interview with Information Security Media Group, Prakash discusses:

• The definition of DevSecOps and why shift left is not working in its current state;
• Strategies to adhere to compliance standards and operationalize a continuously compliant environment;




• How to address the constant strain of vulnerabilities entering the software development life cycle.

Prakash is a serial technology entrepreneur with a deep understanding of software design and engineering. She is a specialist in software security and cybersecurity compliance. She also creates and leads high-caliber product management, design and engineering teams that excel in rapid software delivery.