Back to blog
Shift-Left: The Crucial Role of Security in Early-Stage Software Development
Security threats in software development evolve at lightning speed in today’s digital age. With the average cost of a security breach in a hybrid cloud environment hovering at a staggering $3.6 million, it’s crucial for organisations to prioritize software security.
This is why we recently partnered with Cisco; to uncover developers’ exposure to API security exploits, their outlook on security, and how they use automation tools to detect and remediate threats. We did so by exploring the findings from two global surveys that targeted enterprise developers and created the “Developers and Shift-Left Security” public report.
How is our report unravelling?
1. Security is a key priority for enterprise developers
Security threats are on the rise, with our survey data proving it; in fact, a whopping 58% of enterprise developers have had to tackle at least one API exploit in the past year alone. And to make matters worse, nearly half of them have experienced multiple API exploits during that time.
As modern applications increasingly rely on microservices, securing the APIs that connect these services becomes even more crucial. But with developers juggling multiple APIs, it can be a challenge to stay on top of security. That’s why it’s essential to prioritise security from the very beginning of development to avoid wasting time and effort on reworking code and dealing with exploits later on.
When it comes to security breaches, it’s best to prevent them altogether. But if they do occur, organizations must be prepared to act quickly.
Shockingly, our survey found that only one-third of enterprise developers can resolve API exploits within one day of a breach occurring.
By treating security as a top priority from the start of the development lifecycle, organizations can increase preparedness and avoid costly mistakes down the road.
2. How do enterprise developers address security?
The philosophy behind shift-left security is all about putting security at the forefront right from the start. It’s like having a VIP seat reserved for security at the decision-making table!
By addressing security concerns early on in the development process, you can save a ton of money compared to dealing with security issues during deployment or after a security breach. In fact, our data shows that many organizations are already investing significant effort in identifying security vulnerabilities during the early stages of development, and as a result, have implemented additional security measures.
When do enterprise developers address security?
3. Automation makes things faster and less error-prone than manual operations.
We asked developers whether they use automated approaches to security, such as scanning tools or automated fixes.
The most likely group of developers to adopt automated security approaches are key decision-makers and team leads who influence, manage, or set the strategy for their teams’ purchase initiatives (90%).
This means that many developers still don’t use automation tools for security. However, it’s crucial for developers to use the best tools available to ensure they produce secure code.
In conclusion, APIs are crucial for modern software systems, but security exploits are a common occurrence.
A shift-left approach is vital for enhancing application security from the earliest stages of development.
While more than half of enterprise developers are already shifting left, less experienced developers are lagging behind. To support this approach, automation is essential, with two-thirds of developers using automated security tools.
However, developers motivated by gaining experience are less likely to use automation, so organizations need to balance the need for learning with the importance of using the best security tools available.
Interested in the full data and graphs? Download the full report for free.