Shifting left in security policy design (SEC215)

Shifting Left in Security Policy Design

Organization Mindset

  • Shift Left from a Network Security Perspective:
    • Develop a Security-First mindset throughout the entire development and design process, not just in operations.
    • Integrating security across the entire supply chain, CICD pipeline, or organization.
    • Helping leadership understand the value of shifting left to drive the importance of the change.
    • Enabling security tools and mindset for developers and teams to make it easier for them to adopt.

Best Practices for Implementing Security by Design

Generative AI (Gen) Perspective

  • Security for Gen is not just about securing the workload, but also the outputs and data used.
  • Challenges with moving Gen projects from PoC to production due to security concerns around data, authorization, and hallucinations.
  • Need to involve multiple teams (security, data science, business) early in the process to address security requirements.
  • Use frameworks like the Gen Security Scoping Matrix to define the security considerations based on the Gen approach used.
  • Develop AI policies to govern the use of public chatbots and manage sensitive data.

Integrating Security Earlier

  • Meet developers where they are with the tools they use (IDEs, automation, etc.) to make security easier to adopt.
  • Ensure lower environments closely match production to avoid surprises when moving to production.
  • Leverage Cloud native capabilities and integrate them with existing security tools for better context awareness.
  • Automate security policy provisioning to keep up with the pace of Cloud deployments.

Automation and Tooling

  • Automation helps reduce the time and effort required for security tasks like vulnerability management, policy changes, and configuration remediation.
  • Integrating AI/ML-driven security tools can provide faster detection, analysis, and response capabilities.
  • Tooling should be designed to be API-driven and easily integrated into developer workflows.
  • Educate developers on security concepts and make them ambassadors of the security program.

Overcoming Challenges

  • Organizational change takes time, be patient and persistent in driving the shift left mindset.
  • Involve cross-functional teams (security, developers, network, data science) to align on security requirements.
  • Leverage automation and tooling to make security more developer-friendly, but don't neglect the importance of policies and processes.
  • Be a security ambassador and help others understand the "why" behind the security practices.

Your Digital Journey deserves a great story.

Build one with us.

Cookies Icon

These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.

Talk to us