Shift Right or Shift Left?
Shift Right
‘There’s no need to start security yet, we’re not ready for that. When we are, we’ll just call the security team. We’ll shift everything to the right a bit.’
Imagine the security team in this project. Asked to tackle complicated technical issues, supplier risks, demanding stakeholders and often some confusion. This is usually backed up with a request to approve or assess something at a key moment in a project. This places a lot of pressure on the security team and can put them in the unenviable position of discovering a risk that can’t be dealt with in a meaningful way as it is often too late. This leads to good identification of risks but no real action to address them or merely having them informally accepted by someone – often not the risk owner. This also makes security look like a blocker to progress.
Shift Left
‘We only have basic information about objectives, stakeholders and the assets we want to protect. Let’s all get started on identifying risks.’
Understanding that you can get going with security and risk work as early as possible is an enabling approach and one that Secure by Design endorses. If you lay the foundations for risk management early and collaborate, you will empower your team to be proactive and you will find that you can identify risks when there is still time to treat them properly. Having only basic details about what is required for your project, who will be involved and what you will be protecting is the perfect time to start your security and risk management work. This is the true meaning of shifting left.
Be proactive. Take ownership of risk management. See the benefits.
Want to know how to do this? Use our Cyber Design Accelerator.