Shift Left Security — The What, Why and How - Ashley Ward, Twistlock

Shift Left Security — The What, Why and How - Ashley Ward, Twistlock Today, developers have numerous tools to choose from and methods to consider when building applications and websites. Where 15 years ago working in the cloud was a new trend, today entire companies’ services are born in the cloud. Where virtual machines once reigned, containers are gradually taking their place. How does DevOps adapt to these changes, while still securing their environments, from inception to rollout? One way is to ‘shift left.’ This new approach moves software testing earlier in its lifecycle — or moves left on the project timeline — to prevent defects early in the software delivery process. Ben Bernstein, Chief Executive Officer of Twistlock, will begin this session by giving attendees an in-depth look at what it means to shift left, and will explain the following five steps to ensuring a successful and secure transition to begin testing software earlier in its lifecycle. Vet configurations: Developers shouldn’t need to make configuration changes. All images, including those used in development and testing stages, should be equal to the images rolled out in production. Test early and often: Bringing this motto to the shift left approach will help developers measure their success not by how quickly they can get their project into development, but by how many bugs they resolve before rollout. Give insights into production: Team leads in DevOps should consider building dashboards or visualization tools so developers can gain real-time feedback into the security practices they’re building. This will help security and developer teams join forces to own the security needs in every stage of development. Rethink automation: Don’t think of automation as a roadblock to production — think of it as a testing gauntlet where the code has to prove itself. Be proactive: With all the tools today that can detect vulnerabilities and risks, it’s easier than ever to identify and resolve security gaps to prevent being impacted by cyber attacks. Find the right tools, and proactively use them in every stage of the development process. After discussing these five points, Ben will conclude by discussing the rising role of the developer in stopping attacks before they happen, thereby becoming the behind-the-scenes security guards for company data and customer information. https://cfseu18.sched.com/event/FRyI/shift-left-security-the-what-why-and-how-ashley-ward-twistlock