Application Security , Next-Generation Technologies & Secure Development , Video

Why 'Shift Left' Leads to Unrealistic Security Expectations

Gayatri Prakash of CloudBees on Reducing the Noise From Tools, Automating Processes
Gayatri Prakash, vice president and general manager, compliance, CloudBees

The "shift left" movement puts "unrealistic" expectations on developers, said Gayatri Prakash, vice president and general manager of compliance at CloudBees. She said installing new tools to manage various parts of the SDLC is not necessarily "going to solve our problem for security."

See Also: Application Security: Maturing Your Program

"If you take a seat at the developers' side of the table for a minute, you've shifted the scanning tools left, but what you've left the developer with is a ton of noise that's coming from all of these different tools," Prakash said.

The answer to this challenge is having the right level of automation "to distill through the noise and provide a prioritized list of actions that fit in seamlessly with the developers and the other tools that the developers spend their life in."

"The success of shift left is how you implement shift left," she said.

In this video interview with Information Security Media Group, Prakash discusses:

  • The definition of DevSecOps and why shift left is not working in its current state;
  • Strategies to adhere to compliance standards and operationalize a continuously compliant environment;
  • How to address the constant strain of vulnerabilities entering the software development life cycle.

Prakash is a serial technology entrepreneur with a deep understanding of software design and engineering. She is a specialist in software security and cybersecurity compliance. She also creates and leads high-caliber product management, design and engineering teams that excel in rapid software delivery.


About the Author

Anna Delaney

Anna Delaney

Director, ISMG Productions

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.