Shadow engineering exposed: Addressing the risks of unauthorized engineering practices

2024-07-09 03:30

Shadow engineering is present in many organizations, and it can lead to security, compliance, and risk challenges.

Rather than trying to stop it, which can turn into a frustrating game of whack-a-mole, security teams need to understand how shadow engineering negatively impacts their initiatives so they can work around the problem.

A security team that can't rapidly identify shadow pipelines and risky toolchains within known pipelines will likely experience extended periods of vulnerability and all of the stress, time, and opportunity costs associated with an extended response.

One way to address shadow engineering is to create a change review process and enforce it with preventive controls.

Not only does it require a lot of process overhead and application security resources, but it also undermines the advantages of engineer-owned pipelines.

Slowing down engineers' ability to make pipeline changes by turning an application security team into a bottleneck imposes a massive productivity tax on developers.

News URL

https://www.helpnetsecurity.com/2024/07/09/shadow-engineering-exposed-video/