Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shifting Security Left

Published by Modified over 6 years ago

Similar presentations

Presentation on theme: "Shifting Security Left"— Presentation transcript:

1 Shifting Security Left
Security in a DevOps World.

2 What we're talking about
What is "Shifting Left" Why is it important How to start shifting

3 What is "Shifting Left"?

4 The practice of shifting left
Driving security closer to contributors Confidentiality, Integrity, and Availability Eliminating barriers across teams Enabling IC's to do the right thing first Reduce "Waste" in re-work and waiting Driving security (Confidentiality, Integrity, and Availability) as close to the individual contributors (the work) as possible Getting security as close to when changes are being made or better considered! Blurring the lines between teams and fostering more collaboration Enabling IC's by embedding the knowledge and providing the tools required to do the right thing Reducing waste by eliminating re-work and waiting Waste is a Lean term for any expense, or "work", that doesn't turn into value

5 Development Code Review Sec Review Deployed Sec Testing

6 Why is "Shifting Left" important?

7 Benefits to IC's, Teams, and Company
Market demands faster delivery Autonomy leads to high IC happiness Higher quality delivered to customers Lower MTTR for errors TL;DR "Better Security" State of DevOps report The markets today demand faster delivery of features Days of batching changes for weeks or months is gone More autonomy leads to higher IC's happiness in their work Contrary to what some might believe… Shifting left and moving quickly does not impede quality. It improves it! That leads to lower MTTR due to faster iteration cycles and smaller batch sizes Basically, It means a "Better Information Security Posture"

8 How do you start "Shifting Left"?

9 Set requirements with training Automate All The Things
Some first steps Culture change Set requirements with training Automate All The Things Trust but verify with gates Tooling Immutable infrastructure Configuration Management Shifting left requires a conducive cultures that value trust, moving fast, and empowering IC's Start with education and awareness through training Start automating your way into early stages and deliver results to IC's Unit tests, static code analysis, vulnerability assessments Trust but verify is a great phrase to live by Instill trust in IC's and leverage automation to verify controls are being met Driving tools to the further towards IC's serves to empower them Using immutable infrastructure allows for greater confidence and trust Use immutability to deliver system configurations to IC's Then let the IC's take control of driving changes

Download ppt "Shifting Security Left"

Similar presentations

© Fujitsu Services 2005 SIHI Conference 2006 22 nd September 2006 Andy Turner - Fujitsu Meeting the Challenge of enabling efficient access to secure patient.

© Fujitsu Services 2005 SIHI Conference nd September 2006 Andy Turner - Fujitsu Meeting the Challenge of enabling efficient access to secure patient.
Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.

Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.
Roadmap to Continuous Integration Testing and Benefits Gowri Selka, Walgreens Natalie Koltun, Walgreens May 20th, 2014 ©2013 Walgreen Co. All rights reserved.

Roadmap to Continuous Integration Testing and Benefits Gowri Selka, Walgreens Natalie Koltun, Walgreens May 20th, 2014 ©2013 Walgreen Co. All rights reserved.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Confidential 1 MAP Value Proposition.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Confidential 1 MAP Value Proposition.
Accelerating Product and Service Innovation © 2013 IBM Corporation IBM Integrated Solution for System z Development (ISDz) Henk van der Wijk 23 Januari.

Accelerating Product and Service Innovation © 2013 IBM Corporation IBM Integrated Solution for System z Development (ISDz) Henk van der Wijk 23 Januari.
SOFTWARE & LOCALIZATION WEBSITE Simplify and accelerate your.

SOFTWARE & LOCALIZATION WEBSITE Simplify and accelerate your.
What Is DevOps? DevOps is a portmanteau of 'development' and 'operations' and is a software development method that stresses communications, collaboration,

What Is DevOps? DevOps is "a portmanteau of 'development' and 'operations'" and is "a software development method that stresses communications, collaboration,
VINITA RATHI Co Founder | Systango Ex VP | Goldman Sachs DevOps, What should you decide, when, why & how?

VINITA RATHI Co Founder | Systango Ex VP | Goldman Sachs DevOps, What should you decide, when, why & how?
Robert Mahowald August 26, 2015 VP, Cloud Software, IDC

Robert Mahowald August 26, 2015 VP, Cloud Software, IDC
It’s tough out there … Software delivery challenges.

It’s tough out there … Software delivery challenges.
TICKETMASTER CULTURE EATS STRATEGY FOR

TICKETMASTER CULTURE EATS STRATEGY FOR
Despite of spending high on digital information security, organizations still remain exposed to external threats. However, data center providers are helping.

Despite of spending high on digital information security, organizations still remain exposed to external threats. However, data center providers are helping.
ABOUT COMPANY Janbask is one among the fastest growing IT Services and consulting company. We provide various solutions for strategy, consulting and implement.

ABOUT COMPANY Janbask is one among the fastest growing IT Services and consulting company. We provide various solutions for strategy, consulting and implement.
Banjot Chanana Sr Director of Product Docker for the Enterprise with Containers as a Service.

Banjot Chanana Sr Director of Product Docker for the Enterprise with Containers as a Service.
June 2008Mike Woodard Rational Unified Process Overview Mike Woodard.

June 2008Mike Woodard Rational Unified Process Overview Mike Woodard.
Exclusive Business to Business CRM

Exclusive Business to Business CRM
Community-Inspired Methodology Mark Shuttleworth, on behalf of Ian Clatworthy.

Community-Inspired Methodology Mark Shuttleworth, on behalf of Ian Clatworthy.
READ ME FIRST Use this template to create your Partner datasheet for Azure Stack Foundation. The intent is that this document can be saved to PDF and provided.

READ ME FIRST Use this template to create your Partner datasheet for Azure Stack Foundation. The intent is that this document can be saved to PDF and provided.
Digital Transformation with DevOps

Digital Transformation with DevOps
KRISHNACHANDER KALIYAPERUMAL PROJECT MANAGER

KRISHNACHANDER KALIYAPERUMAL PROJECT MANAGER

Similar presentations

Ads by Google