January 27, 2022

Why Cloud Security Needs to Start Left, Not Shift Left

To truly catch and fix misconfigurations, you don’t just need to "shift left" the responsibility to an earlier point in the line — each person must carry responsibility throughout the entire process.

You’ve heard the statement time and time again: “It worked fine in development, so it’s an operations problem now...”

Or, even better, the classic #WOMM phrase that dangerously tends to follow a cloud security breach — “But it worked on my machine.”

The truth is, 65-70% of all security challenges in the cloud arise from human error, and misconfigurations are undoubtedly one of the biggest challenges in cloud security today. (That's especially true for organizations that have been pushed to migrate quickly to the cloud since remote work became the new norm.)

Unfortunately, the solution isn’t as simple as being extra careful or double checking your work. Asking security teams to constantly monitor and address public cloud misconfigurations in real-time is like asking them to literally grab hold of a cloud. Before they know it, they’ll be lost in a thunderstorm of alerts, manual remedations, or custom auto remediation scripts and will have lost hold of their grip all together.

To help better manage the process, many developers have employed the best practice of “shifting left,” which moves different functions to earlier phases in the development process in order to catch and fix errors in a simpler, less time consuming way. However, to truly catch and fix the human errors that lead to misconfiguration, you don’t just need to shift the responsibility to an earlier point in the line — each person must carry responsibility throughout the entire process.

Don’t shift left, start left.

Preventing cloud misconfigurations requires a concerted effort at all stages of usage, from initial contracting through ongoing maintenance and updates.With the “shift left” model, visibility increases further left in the pipeline but still leaves some team members lost in the fog. With a “start left” mentality, you are bringing visibility across the entire development process.

The people who need to be involved in the project are included as early as possible, and continue to be a stakeholder as you move laterally from analysis to requirements to design to coding and beyond.

The ‘Start Left’ course of action:

So, how do you shift your mindset and process to ‘start left,’ rather than shifting responsibility earlier down the line? First, create a process that includes security in DevOps from the start. 

Marrying the lifecycle of the application between developers and operations results in fast solutions, improved performance, increased efficiency, improved customer experience, and reduced failures and rollbacks.

Next, integrate with tools that allow you to see and manage your assets across all accounts, that way you have clear visibility over the bigger and broader picture as you’re going through the process.

Tenacity understands the need to see, test, and fix issues early on in order to deliver at lightning speed. That's why we created a platform that offers your team an aggregated view of every asset and service deployed across all your cloud accounts, subscriptions and regions. Our platform also prioritizes groupings of all cloud misconfigurations so you can avoid costly cloud breaches, and find and fix issues before they become bigger ones.

Finally, there are only two approaches to dealing with risk: prevention or reaction. By utilizing a tool like Tenacity that gives you a clear view over your assets and potential issues, you reset your process from post-misconfiguration reaction to risk prevention and set yourself up for cloud success.

To learn more about how Tenacity can help your team find and fix cloud misconfigurations before they become bankruptcy level issues, contact us today.

Latest articles

Browse all