In my previous blog post, we discussed the state of the union for shift left and and how many organizations are not implementing correctly.
Recognizing the consequences of a poor shift left model.
Many of the high friction points with a poor shift left model involve developers' interaction with things like security, infrastructure, and observability and their having to understand complex security protocols, threats, and tools.
Developers may have to interact with physical or virtual infrastructure.
Having to instrument tracing, metrics, and logging for applications are a few of the many shift-left-oriented areas that cause toil for developers.
In addition to the technologies, developers must deal with the time it takes to learn new processes, adopt new tools, and interact with new groups.
In addition to providing developers with a streamlined way of learning about the new things they must take care of, there are other practical steps to ease the burden of shift left.
Developers have many tools, technologies, frameworks, SDKs, and communication tools to deal with.
Provide value in the developer tools: High-quality IDE plugins, well-documented and well-implemented automation frameworks, well-supported SDKs, etc.
Engage with the developer community where they are: Educate and enable them at hackathons, dev-centric events, and inside dev-centric forums.
Reduce/remove the developer toil: Cross-environment tooling, in-code API and image checks, reliable API documentation.
Once developers check in code to a CI/CD pipeline, provide the configurations and integrations in the pipeline that keeps things from falling apart.
Provide end-to-end value for the developer, operations teams, and business leaders.
Maintain end-to-end observability for both technical and business insights Conditionally add policy triggers to the insights so that semi-automated or fully automated actions are taken Leverage multi-persona dashboards: Use the same tools, but the view changes for each persona Circular improvement: Value or loss of value finds its way back to the left for retrospective and improvements.
Access to Infrastructure-as-Code, API and SDK documentation, tools, and code Developer and operator learning Secure Application Integrations such as Panoptica's API Gateway integration Secure CI/CD pipeline integration via Panoptica's CI/CD integration Access to live interactive test environments for developers and operators to build and test their automation code, such as the NSO Developer Explorer and NSO Developer Studio End-to-end observability for code, applications, and infrastructure via Cisco Full Stack Observability Achieving a balanced approach to shift left.
While shift left is fundamentally sound and beneficial, it has been stretched beyond its original intent and misused, negatively impacting developers and product quality.
The focus must align towards improving quality, security, and availability by catching issues early - without overburdening our developers or compromising the product's integrity.
You can accomplish this by enabling developers with the training, tools, technologies, and processes.
A balanced approach, incorporating the core principles of shift left without overextending its reach or misusing it to cut corners, will help organizations achieve their goals.
Like any tool, they are only as effective as the hands that wield them.
This Cyber News was published on feedpress.me. Publication date: Wed, 13 Mar 2024 18:13:05 +0000