Companies have long touted “shift left” as a quality control approach to pre-empt and prevent bugs early during software development.
And when developers “shift right” they test software later on, in post-production, to discover new, unexpected issues that may have escaped earlier detection.
What if I said that the most important cybersecurity shift a company can make is up?
Let me explain…
Billions of dollars have been poured into countless cybersecurity startups over the years to ensure software and services are bulletproof from the inside-out, immune to hackers, attackers, and bad actors of every kind. In fact, despite an ongoing pandemic and global conflict, financing in the cybersecurity market remains steady. In Q3 2022 alone, a total of 221 companies raised $3.3 billion.
Yet security breaches are more common today than ever. From the Colonial Pipeline ransomware attack to data breaches affecting big box retailers, each week brings a new set of breaches. During the third quarter of 2022, internet users worldwide saw approximately 15 million data breaches, up by 167% compared to the previous quarter.
The problem with cybersecurity today
Today’s cybersecurity industry is on a virtual collision course with an ever-growing volume, variety, and velocity of data. The number of entitlements, regulations, and services most companies use has become enormous. AWS has more than 13,000 identity and access management permissions alone. Also, it’s staggering how many point solutions have emerged — especially when considering that each of these cybersecurity tools only does one task. Organizations use dozens of security monitoring products and services, increasing their risk of being overwhelmed by alerts while missing legitimate cyberattacks. Attackers don’t think in silos: they exploit weaknesses in any lateral, adjacent area. However, many organizations rely on siloed point solutions to protect public cloud, private cloud, containers, laptops, and servers.
Yes, the latest and greatest security companies aim to protect whatever segment of the cybersecurity landscape generates the most interest at the moment (cloud, network, infrastructure). But we should not view the cybersecurity landscape in this piecemeal, myopic way. What about the bigger picture? For instance, what about protecting everything connected to the cloud (meta-cloud, cross-cloud)? Think about if a hacker infiltrates a developer’s laptop — a laptop just one hop away from critical company crown jewel data, services, and source code.
To reduce their security risk, companies must shift up to get the full picture.
A new era requires a new approach
Gartner reports that 75% of security and risk management leaders are looking to consolidate the number of security vendors and products to better manage risk and increase security operations productivity. Gartner also projects that by 2024, organizations adopting a cybersecurity mesh architecture to integrate security tools will reduce the financial impact of individual security incidents by an average of 90%.
Many of Gartner’s mesh architecture characteristics align with the “shift up” concept — a new (and much-needed) way to do cybersecurity. Why do we need a new method? Traditional cybersecurity was designed for a past generation of computing in which we had physical control of everything. Now, the perimeter has receded and we have multiple assets, multiple clouds, and multiple locations. Today’s distributed enterprises must see security as more of a fabric or ecosystem, not as a set of siloed point solutions.
What, how, and why to shift up
How can organizations reduce their cybersecurity risk and make more informed decisions about vulnerabilities and threats? How can they protect digital assets that are spread across clouds, containers, laptops, and servers? And how can they reduce MTTD (mean time to detect) and MTTR (mean time to respond) to breaches and attacks?
In shifting up, adopt the mindset of continually searching for ways to eliminate cybersecurity tool, team, and infrastructure silos. I see “shift up” as a new cybersecurity methodology based on these key steps:
Collect and normalize telemetry close to its source
Shifting up normalizes telemetry at the point of collection, meaning data is already in a standard format. This, in turn, means the security team can immediately stream data up into a detection cloud and correlate it against other threat activity on other attack surfaces — a process that would normally require multiple tools. Correlate threat activity as it traverses on-prem and cloud boundaries.
Stream normalized telemetry into a data lake, moving security analytics processing power to the cloud
Consider this a change from the usual process of working with proprietary data models and the need to create a middleware layer while extracting, transforming, and cleaning data. Shift up does not need an intermediary system to connect the dots. The premise involves getting the data, getting it in a standardized format right out of the gate, and streaming it up into the detection cloud. From here, the team can do cross-correlations and start to query and ask the security questions they want to ask. Keep in mind that data models and modes of interoperability are based on established and emerging standards and an API-first approach.
Use a primary platform and/or mesh architecture to connect tooling and bring together multiple teams and types of IT infrastructure into a unified data model and UI
This unified fabric enables connected insights and the ability to detect threat activity as it moves from a laptop to the cloud. At the same time, a distributed identity fabric and consolidated security intelligence enable composability, scalability, and interoperability for security controls. The increased collaboration and reduced number of data tools and silos yield faster, more effective threat detection and response. The security team can trust the real-time answers to its specific security queries, such as: How many of my Kubernetes clusters have vulnerabilities? Was there any sensitive data found in my images today? Which of my pods have communicated with a public IP address in the last 30 days?
At its core, shift up recognizes that cybersecurity is a team sport, one that requires a united front to reduce risk, protect company assets, and prevent security gaps. By shifting up today, the team builds a more cohesive enterprise-wide security posture that can safeguard against tomorrow’s hacks, attacks, and breaches.
Ganesh Pai, founder and CEO, Uptycs.