Security News > 2023 > July > The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left
As a result, security is an afterthought, and any attempt to squeeze siloed security into agile SDLC can swell the cost of patching by 600%. A new cloud security operating model is long overdue.
Stripping back to a system of low context may have drastically sped up the CI/CD pipeline, but this low-context approach is disappointing for any attempt to shift security to the left.
To build a cloud security program that can actually shift left, the bulk of this organizational culture change must come from a top-down, strategy-first approach that takes people, processes and technology into account.
Shift-left works best when security is already in the back of your security team's mind.
At the level of security analyst and developer, the democratization of security knowledge is how you get into every single app and pipeline being built.
As a result, security can finally saturate the earliest phases of the SDLC. Melody Hildebrandt, CISO at Fox, recognized that her team was staggering under the weight of its own security tooling.
News URL
https://thehackernews.com/2023/07/the-4-keys-to-building-cloud-security.html
Related news
- Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security (source)
- Google to purchase Wiz for $32 billion in cloud security play (source)
- Cloud security explained: What’s left exposed? (source)
- Oracle Cloud security SNAFU latest: IT giant accused of pedantry as evidence scrubbed (source)
- What native cloud security tools won’t catch (source)
- Ransomware spike exposes cracks in cloud security (source)
- Cloud providers aren’t delivering on security promises (source)
- There are 10,000 reasons to doubt Oracle Cloud's security breach denial (source)
- Observability is security’s way back into the cloud conversation (source)
- Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz (source)