Over
the
past
few
years,
organizations
have
dramatically
expanded
their
use
of
cloud
environments
by
more
than
25%.
This
expansion
came
as
organizations
shifted
toward
hybrid
workforces,
where
employees
needed
to
access
business-critical
applications
from
their
kitchen,
local
coffee
shop,
or
halfway
across
the
world.
There
is
no
debate
today
that
the
majority
of
applications
have
moved
to
the
cloud
and
cloud-native
development
will
continue
to
gain
popularity,
with
developers
able
to
build
and
deploy
new
applications
within
minutes.
In
fact,
Gartner
estimates
that
by
2025,
more
than
95%
of
new
cloud
workloads
will
be
deployed
on
cloud-native
platforms,
up
from
30%
in
2021.
However,
if
you
ask
any
developer
what
the
one
aspect
to
application
development/deployment
that
slows
them
down
is,
they’ll
give
you
one
word:
security.
There
has
been
a
long-standing
and
well-known
disconnect
between
application
developers
and
security
teams
—
a
constant
tug
and
pull
where
developers
don’t
want
their
applications
slowed
down
or
user
experience
to
be
altered
by
security
protocols.
Meanwhile,
security
teams
are
working
to
ensure
these
applications
won’t
open
their
organizations
to
increased
risk.
According
to
Palo
Alto
Networks’
2022
What’s
Next
In
Cyber
survey,
71%
of
chief
information
security
officers
(CISOs)
agree
that
security
slows
down
DevOps
in
their
organizations.
So,
how
do
we
satisfy
both
groups
and
have
them
work
together
to
deliver
secure
applications?
By
setting
and
pursuing
shared
goals,
your
organization’s
security
and
DevOps
teams
can
reinforce
each
other’s
success
rather
than
working
in
silos.
Here
are
a
few
ways
each
team
can
better
work
together
to
deliver
secure
applications
that
do
not
impact
user
experience
or
time
to
deployment.
Define
Your
Shift-Left
Security
Strategy
Together
Create
a
mutual
understanding
of
what
shifting
left
means
to
the
organization.
In
its
simplest
form,
it
means
embedding
security
at
the
forefront
of
application
development
rather
than
at
the
end.
With
this
approach,
organizations
shift
from
reactive
to
proactive,
where
security
vulnerabilities
can
be
addressed
early
on,
when
they
are
less
complex
and
costly.
This
mutual
understanding
can
mean
developing
a
document
that
outlines
the
vision,
ownership/responsibility,
milestones,
and
metrics.
This
way,
both
security
and
DevOps
teams
commit
to
one
another
that
security
is
not
an
afterthought
and
both
are
aligned
to
create
a
more
holistic
approach
to
application
security.
Understand
Where
and
How
Software
Is
Created
in
Your
Organization
One
of
the
biggest
challenges
of
shifting
security
left
is
understanding
how
and
where
software
is
created
within
the
organization.
This
is
shaped
by
various
variables,
including
the
company’s
size
and
whether
the
work
is
outsourced
to
multiple
vendors.
For
example,
a
large
organization
will
likely
spend
more
than
a
few
months
digging,
and
require
additional
time
to
review
contracts.
Key
items
to
identify
are
people,
process,
and
technology:
-
People
=
who
is
developing
the
code -
Process
=
the
flow
from
development
laptops
to
production -
Technology
=
systems
used
to
enable
the
process
Developer-Friendly
Security
Tools
Providing
and
implementing
developers
with
friendly
tools
from
the
beginning
of
development
ensures
that
security
teams
are
empowering
DevOps
teams
with
the
right
set
of
tools
to
take
ownership
for
the
security
posture
of
their
applications.
Practical
and
unobtrusive
security
tools
dramatically
increase
developers’
willingness
and
ability
to
inject
security
into
their
pipelines.
As
security
professionals,
we
must
equip
them
with
tools
that
do
not
hinder
their
processes
but,
rather,
empower
them
to
build
with
the
confidence
that
their
applications
are
secure.
Implementing
these
steps
within
your
organization
is
the
start
of
bridging
the
divide
between
developers
and
security
teams.
If
done
correctly
and
there
is
complete
buy-in
from
both
sides,
a
culture
change
will
occur
organically.
Security
teams
will
begin
to
trust
developers
to
take
ownership
for
security,
while
developers
will
continue
to
operate
with
speed
and
agility.
By
shifting
left,
both
teams
put
themselves
in
a
position
to
better
protect
the
organization
and
strengthen
the
overall
security
posture.
About Author
