Every sector of our economy is impacted by information technology as we’ve entered a transformative period in which big data analytics, cloud computing, social media and machine learning are changing the way every business operates, as well as how individuals and devices interact.
Because of this transformation, software touches every part of our lives. In our app-centric economy, businesses have become their own software companies, writing custom software and apps. And with the advent of agile development, software updates and new apps are coming fast and furious.
However, in this process developers, companies’ priorities and overall security needs are often disconnected and sometimes at odds with each other. And it doesn’t help that traditional security tools — physical and virtual perimeter solutions — are not well-suited to protect today’s quick-changing software. Just look at the recent hack of credit monitoring company Equifax. Personal information of more than 143 million Americans was exposed when attackers exploited an “application vulnerability” to break into the company’s systems and access certain files.
The Equifax data breach underscores that fundamental changes to software security must happen. Because of the increase in innovation and staggering amounts of software that is being developed, the surface area of attack is growing exponentially every day. At the same time, attacks are becoming more complex and there are not enough security professionals to adequately address the number and types of threats.
Given this confluence of events, it is clear to me that software must be built and operated in a secure manner — not just protected at the edge. This tenet led me to ShiftLeft, a new company that is ideally suited to handle cloud-native software.
ShiftLeft takes a unique approach to security, tying code analysis to runtime analysis, which empowers developers to look deeper into what their software does in order to identify vulnerabilities and weaknesses.
ShiftLeft protects applications and microservices — collectively called workloads — against vulnerabilities by analyzing the source code of each application. This enables a greater understanding of the execution space of each piece of software, and provides a complete real-time picture of how sensitive data flows through individual workloads, as well as distributed microservices, to minimize data leaks.
Using ShiftLeft’s platform, developers will be able to quickly secure cloud workloads — no matter where they’re run, such as on bare metal, virtual machines or containers — support the fast pace of continuous iteration and deployment. And they’ll get all the benefits of traditional WAF, application whitelisting, intrusion detection and DLP systems — but with increased accuracy and efficiency.
The core team at ShiftLeft is uniquely suited to address this problem space. The company’s founding and leadership team comprises of some of the best people in the world on the technology and business of code analysis, run-time security, developer experience and cloud operations.
By going to the core of the security problem in fast changing software, ShiftLeft automates the process of ensuring that run-time security is updated and optimized automatically & continuously. The result is a a solution that far exceeds the capabilities of what’s available today.
I’m excited about ShiftLeft’s prospects and looking forward to working with the founders Manish, Chetan, Vlad and team to make software and apps more secure, and prevent major breaches that threaten business operations and personal privacy.
For more information go to http://www.shiftleft.io.
Originally published at https://www.linkedin.com on October 11, 2017.
ShiftLeft Gets Down to the Core of Today’s Security Problems was originally published in Mayfield Viewpoints on Medium, where people are continuing the conversation by highlighting and responding to this story.