In the fields of app security and cloud security, there is a relatively new term called ‘Shift Left.’ The concept is that if you examine the development cycle from left to right (planning and design, implementation, testing and fixes, deployment, and requirements analysis), it is recommended to identify problems, particularly security problems, as early as possible. The goal is to reduce the cost and effort invested in delivering a secure and reliable product.
To illustrate this idea, imagine a security vulnerability found in production. You would need to involve incident response to investigate if the vulnerability was used. You would also need to have your developers and QA team recreate the problem, fix it, and test that the fix actually solves the issue. Additionally, you would need to consider the affected customers who may already expect an interface change or need to upgrade a library that could introduce instability. This requires redoing all the regression tests, among other things.
However, if you could find the vulnerability before it reached production, you could avoid a lot of this effort. Even better, if you could find it before it reached integration testing, it would save even more time and money for the organization. The holy grail of the ‘Shift Left’ concept is that developers find problems before they even merge the code into the codebase.
Allowing Small Mistakes in SaaS Security
We believe that the concept of allowing small mistakes does not always apply well to SaaS security. While saving effort, time, and money is important, it is equally vital to enable people to work with what they need first, and then automatically fix any issues in an organized manner. Since SaaS is inherently easier to replace, most actions are easily fixable. Therefore, with a fast and effective detection and remediation system, it is possible to maintain security and allow the organization to move forward quickly.
We don’t want to prevent people from using SaaS! We don’t want to stop them from sharing a file! But we do want to automatically warn and remove any offending apps, and we must unshare a file once it is no longer necessary.
The ‘Share with Anyone’ Example
One example that perfectly illustrates our ‘Shift Right’ approach is when a new SaaS file is created and shared with the link set to ‘Share with Anyone.’ In such cases, our security system immediately steps in to alert the user of the potential threat. With just a few clicks, the user can share the file with only the necessary individuals and unshare it with the rest of the world. This doesn’t disrupt their workflow, and the few minutes during which the file was set to ‘Share with Anyone’ do not pose a significant risk that would warrant banning that kind of SaaS use altogether. By detecting and addressing these issues in real-time, our system allows users to make small mistakes without leaving backdoors open, as in the ‘Share with Anyone’ example.
Automation is Key
With Wing Security, companies can automate the process of preventing and detecting security risks in their SaaS environment. Our approach is simple: just like an automatic floor cleaning robot can keep a workspace clean while employees work and create a mess, our security solutions can keep your organization secure while employees use SaaS applications. In other words, employees can work freely and make small mistakes, as long as there is a process in place to automatically clean up after them and prevent major security breaches.
Ultimately, ‘Shift Right’ in SaaS security is about protecting your organization and users with fast detection and remediation, without hindering the user workflow. With Wing Security, companies can automate their SaaS security process, allowing employees to work freely without the fear of repercussions. And if mistakes are made, Wing Security provides an easy way to fix them quickly. When done right, “Shift Right” in SaaS security is the best way to keep your organization secure while enabling it to move forward at full speed.”