Shift Left and Enable DevSecOps
Sam and Danielle write an email to their bosses about the benefits of moving security earlier in the timeline—and Sam gets back to his Rubiks cube. Keep your workloads secure in the age of cloud-based, scale-out, constantly changing applications and infrastructure. For more information about Palo Alto Networks’ DevSecOps tools, visit us here. https://www.paloaltonetworks.com/prisma/cloud/devsecops Transcript: DANIELLE: Hey Sam, do you have a minute? SAM: What now? I was getting ready to get ready for lunch. DANIELLE: We should put some more work in on that email to the higher-ups about shifting security left with Prisma Cloud. I want to send it today. SAM: Shifting left…yeah, I mean that’s saved me so much time. Okay. I thought we already finished that. Where'd we leave off? DANIELLE: We did the opener and a draft. Shift left: push part of the process earlier in the timeline. SAM: What else do we have? DANIELLE: Uh well…just a draft. SAM: And you want to send it today??? DANIELLE: Listen, every time I brought up how I wanted to make some more headway on this, you told me you were leaving to practice your 4x4 Rubik’s Cube. SAM: A man has to have priorities, Danielle. DANIELLE: Let's prioritize this, then. SAM: Okay, since shifting security left makes things easier for muah, I’ll do it. We told them what shifting left is, now we need some detail about why for the next part. DANIELLE: Yep. When you integrate cloud security earlier in the development lifecycle, it’s a consideration at every step of the way. Sound good? SAM: Yeah…yeah…that's good. I’d also add something about the time saving, since working in security at the beginning of a project streamlines it further down the funnel. DANIELLE: Got it. Security engineers can fail insecure builds earlier, saving time for everyone. Sound good? SAM: Yeah, but I think from what we have here, it sounds like the benefits of shifting left are only at the beginning of the process. DANIELLE: We’re obviously getting to the next part. Can you just stay focused? SAM: No need to get snippy! Just get there then. DANIELLE: Okay, jeez, here we go: If code passes the build quality gate and security requirements are not met, Prisma Cloud can stop deployment. How’s that? SAM: We should say why that’s important—that we can easily stop deployment if something happens. People who aren’t security engineers won’t know that. DANIELLE: Right. This further restricts potential vulnerabilities. SAM: Yeah, matches what's been saving me time. DANIELLE: Cool. For the wrap-up, I pulled in the DevOps angle. SAM: Surprise surprise, the developer wants to talk about DevOps. DANIELLE: Am I wrong? SAM: No. DANIELLE: Never. And I already nailed this part. Prisma Cloud uses tags and metadata from cloud-native applications to notify the correct developer directly within their development tool when a vulnerability occurs. This way, the problem can be quickly solved by the person with the most relevant knowledge. SAM: Don’t flatter yourself, it’s always easier writing about what you know. DANIELLE: Almost as easy as using Prisma Cloud, right? SAM: Just about. I loved not having to get involved. Prisma Cloud just pinged you when your code was non-compliant. DANIELLE: Ping, hey, there's a security vulnerability. Code code code, it's done. DevSecOps in one fell swoop. SAM: Speaking of which, are we good here? Cause uh, I still have to do my pre-pre-lunch ritual. DANIELLE: Yeah, I think we have a good overview to present. Busy watching old Rubik’s Cube competitions? SAM: Priorities, Danielle. Priorities. NARRATOR: Palo Alto Networks. We’ve got next.