The software development process has evolved dramatically over the past few years, in order to keep up with the growing demand for delivering high-quality software in the fastest time possible. Unfortunately, in the past, security was often tacked on as an afterthought and testing only happened towards the end of the lifecycle.
And in a world where threats are consistently evolving and becoming more sophisticated, this way of doing things was riddled with issues, leading the industry to realise that a new approach was needed.
Shifting left
We interviewed Barry De Waal, Co-Owner & Chief Executive – Strategy & Sales at 9th BIT Consulting, and Hilbert Long General Manager of Sales for EMEA at CYBER1 Solutions EMEA in our studio, with the express purpose of unpacking a trend that emerged to address this challenge – “shift left”.
The shift left approach aims to improve software quality and cut the time spent resolving issues later in the software development cycle by seeing testing performed as code is being developed, to identify and resolve bugs as early as possible in the development process.
In De Waal’s words, this approach that means getting siloed activities that typically end up happening later on in the software development lifecycle brought forward, to take better control of what needs to be delivered.
According to Long, from CYBER1 Solutions EMEA perspective, as a traditional cyber security company, selling security solutions to organisations, they have seen development teams within organisations, start to pull in security teams more and more. “That in itself is creating a shift left component because cyber teams were always the last to be pulled into the lifecycle from a development perspective.”
This, he says, is one reason why CYBER1 Solutions EMEA has created a partnership with 9th BIT Consulting.
Input from everybody
De Waal, adds that with a shift left approach, it’s not just the security that’s being pulled in earlier on in the lifecycle. “It’s also the testing and the infrastructure that needs to be put together. Quite often you will have teams, whose only priority is getting their feature list out. And inevitably, down the line, it takes a lot longer – if there is an issue with security, or infrastructure provisioning, or cloud infrastructure – to go back and have to refactor the features that need fixing.”
So what do these changes mean on a practical level? According to them, this means that everyone needs to contribute to the planning, and everyone must give their input into the design. Testing will start and finish within the development environment, and developers will become testers as much as internal audit will become planners.
The impact of this logic, according to De Waal, is huge. “People need to redefine what they contribute to their organisation. Moreover, they need to redefine their skillset and the job titles that have pigeon-holed them for so long. Multi-functional people with a breadth of skills means greater accountability, more responsibility, more knowledge share and fewer bottlenecks or points of failure.”
He also warns that existing and future employees are going to have to review their skillset to become more dynamic, more adaptable, and more agile.
Critical thinking
Because shift left means testing earlier on, it helps developers think critically, get a handle on security requirements, and design software securely from the start. De Waal added that it means that more focus needs to be given to continuously improving one’s processes, automating what can be automated, and importantly, getting the culture right to achieve all of this.
De Waal also says we can expect to see leadership setting the example, implementing change, and expecting all functions to enhance the cadence of delivery through the development cycle and into the production domain.
In ending, Long says CYBER1 Solutions EMEA is expanding across numerous territories and will be supporting the security enablement of numerous companies across multiple industries, with a strong leaning toward building business agility, continuous improvement, and DevSecOps. Shifting left is one way to do this effectively from the start.