DEV Community

Cover image for Where does Security sit in Early-Stage Software Development: the Shift Left Approach
Lampis P for Developer Nation

Posted on • Originally published at developernation.net

Where does Security sit in Early-Stage Software Development: the Shift Left Approach

The average cost of a security breach in a hybrid cloud environment is estimated at a staggering $3.6 million making it critical for organisations to make software security one of the most important priorities.

Cisco’s most recent report, based on the findings from two SlashData global surveys that targeted enterprise developers, uncovers developers’ exposure to API security exploits, their outlook on security, and how they use automation tools to detect and remediate threats. Here is a detailed preview of the report:

1.Enterprise developers focus on prioritising security from the early stages of development

There is a significant rise in security threats; in fact, 58% of enterprise developers have had to tackle at least one API exploit in the past year alone. And to make matters worse, nearly half of them have experienced multiple API exploits during that time.

As modern applications increasingly rely on microservices, securing the APIs that connect these services becomes even more crucial. It is also true that juggling multiple APIs can make staying on top of security challenging. That’s why it’s essential to prioritise security from the very beginning of development to avoid wasting time and effort on reworking code and dealing with exploits later on.

Obviously, breaches should be ideally prevented. But if they do occur, organisations must be set up to act swiftly. According to the report, ,only one-third of enterprise developers can resolve API exploits within one day of a breach.

Enterprise developers focus on prioritising security from the early stages of development
By treating security as a top priority from the start of the development lifecycle, organisations can increase preparedness and avoid costly mistakes down the road.

2.What is the right time to address security concerns?

Shift-left security is all about strategically placing security at the forefront. The cost savings from addressing security concerns early in the development process can be significant compared to dealing with security issues during deployment or after a security breach. In fact, according to the data, many organisations are already putting significant effort into identifying security vulnerabilities during the early stages of development, and as a result, have implemented additional security measures.

How do enterprise developers address security?

What is the right time to address security concerns
3.Relying on automations can account for faster, and frictionless operations

During the surveys, developers were asked whether they use automated approaches to security, such as scanning tools or automated fixes.

The most likely group of developers to adopt automated security approaches are key decision-makers and team leads who influence, manage, or set the strategy for their teams’ purchase initiatives (90%).

This probably indicates that many developers still don’t use automation tools for security. However, it’s important for developers to use the best tools when it comes to the production of secure code.

Relying on automations can account for faster, and frictionless operations
While more than half of enterprise developers are already shifting left, less experienced developers are still behind. Automation appears to be core to the shift-left approach, with two-thirds of developers using automated security tools.

Nevertheless, automation is not favoured by developers who wish to acquire more experience. This highlights a need for balancing the need for learning with the importance of using the best security tools available.The organisations that are set up to go that way are very likely to reap the fruit of shift-left security.

We have a new, short survey in order to understand the technologies and tools that Enterprise Developers use.

Are you a software developer, a database administrator, a data scientist, an engineer, an architect or involved in DevOps and SRE? Help us and make an impact on the developer ecosystem. Start here

Top comments (0)