Asana, Trello, Basecamp—there are a dozen project management tools out there. And you’ve probably tried at least one. Here at 27Global, we prefer Jira Scrum boards for how detail-oriented they are and how they push our team to complete complex projects in rigorous, incremental “sprints”.
When we use the phrase “shifting left”, we’re referring to moving tasks from left to right across the Scrum board as a project goes from start to finish. The further to the right a task is, the closer it is to being finished.
In traditional software development, security is usually pushed all the way to the right of the project board; that is, it’s a complete afterthought. In a time when major cybersecurity hacks and data breaches seem to be daily occurrences, the need for greater security is more important than ever. That’s why it’s time to put security in the left-hand column of the project board.
It’s time to shift left on security.
Shifting left lets you identify potential problems early on.
Too frequently, software development teams wait until the end of the process to run a security audit—or, worse yet, never run a security audit at all. That means they only identify potential problems at the end of the process or once the software is already in use.
Shifting security to the left makes it a priority from the beginning, meaning you can identify earlier in the development phase areas where security may be an issue later on. If you wait until the end of the process, all you can do is try to fix the problem; but if security is a priority in the early stages, you can solve the issue before it becomes a problem.
Shifting left keeps costs down.
The further to the right your project is on the project board, the closer it is to being done. Nearly complete or completed projects are expensive to fix. If you discover a security issue in the end stages of development or implementation, you’ll probably have to pay to undo things that have already been finished. That’s not cost-effective or time-efficient for anyone.
Making security concerns a part of the planning and initial development avoids costly do-overs further down the line. When you shift left on security, not only does it make your software more secure, it’s cheaper and faster to market. Putting security in the left-hand column, so to speak, makes sense for your bottom line.
Shifting left lets you make the right choices from the beginning.
Choosing the right framework is a fundamental tenant of shifting left on security. Doing this at the beginning of the project is much easier to do at the beginning of the project than it is at the end.
For example, if you don’t choose the right framework to protect against an SQL injection attack, you can spend a lot of time and energy once you’ve experienced an attack adding code into every form that directly tests for a SQL injection. On a large website, that can mean thousands of fixes.
Addressing that problem after an attack will cost you time and money. But that may be the least of your issues. An attack that exposes private customer data will cost you the goodwill of your existing and potential customers, which can lead to lost business down the road.
On the other hand, if you had chosen the right framework at the beginning of the project, then SQL attacks wouldn’t even be an option because the protections were built into the original framework.
Shifting left provides better overall security.
Prioritizing security from the beginning announces to everyone on the development teams that security is important. This allows them to make decisions about the software with security in mind. Security holes are more likely to be identified and more security solutions are likely to be implemented early on in the process.
Make the choice to shift left.
No matter the size or scope of your project, shifting security to the left in the development process will only benefit your project and keep your system safe. Improved security, early identification of possible problems, lower costs and the ability to make the best choices from the beginning are all benefits of shifting security to the left.
Whether a Jira Scrum board is part of your workflow or not, we can all take away some wisdom from this handy project management tool: When it comes to security, shifting left is a forward-thinking answer to a new technology problem.
Matt Henley is the President of 27Global. Founded in 2008, 27Global designs, builds and operates custom software solutions for businesses of all sizes. The perfect pairing of a local leadership with offshore pricing, 27Global has the business acumen to understand your vision and the expertise to build your software solution. To learn more, visit 27global.com or connect with us on LinkedIn and Twitter.