TRENDING:

Application Security , Governance & Risk Management , Legacy Infrastructure Security

Adopting a 'Shift Left' Strategy

Checkmarx's Executives Explain Infrastructure-as-Code Approach Geetha Nandikotkur (AsiaSecEditor) • April 5, 2021    
Igor Markov (left) and Ori Bendet of Checkmarx

To deliver a secure Infrastructure as Code service, development teams must adopt a "shift left" strategy that brings all the applications and security under one umbrella to provide faster and continuous delivery of the fully automated code, according to Ori Bendet and Igor Markov of Checkmarx.

Markov says Infrastructure as Code, or IaC, is the process of provisioning and configuring an environment through code instead of manually setting up the required devices and systems. Once code parameters are defined, developers run scripts, and the IaC platform builds the cloud infrastructure automatically, he says.

See Also: Managing API Security

“One of the major changes we witnessed in the infrastructure's cloud-native development as a coding platform was that every application is saved as a code in the repository and scanned separately to find vulnerabilities and potential misconfiguration early in the development cycle,” Markov says.

In this video interview with Information Security Media Group, the executives discuss:

  • Use of open source in the infrastructure-as-code development process;
  • Use of automation in the coding process;
  • How to provision infrastructure and configuration in a cloud environment.

Bendet, director of product management at Checkmarx, leads its flagship product, CxSAST - Static Application Security Testing. Previously, he held product and engineering positions at Time To Know, HPE, PicApp, and Bezeq.

Markov, head of the SAST product unit at Checkmarx, has over 20 years of experience in research and development and business operations. He is experienced in leading design, development, modernization, enablement, and support of enterprise products, including native cloud, SaaS, and on-premises, high-scale, data-driven and analytical applications.

Previous
Fake 'System Update' App Targets Android Users
Next
As SolarWinds Announces More Patches, Analysts Offer Advice

About the Author

Geetha Nandikotkur

Geetha Nandikotkur

Managing Editor, Asia & the Middle East, ISMG

Nandikotkur is an award-winning journalist with over 20 years of experience in newspapers, audiovisual media, magazines and research. She has an understanding of technology and business journalism and has moderated several roundtables and conferences, in addition to leading mentoring programs for the IT community. Prior to joining ISMG, Nandikotkur worked for 9.9 Media as a group editor for CIO & Leader, IT Next and CSO Forum.



Around the Network

Analysis: Changing Nature of Ransomware Attacks
Analysis: Changing Nature of Ransomware Attacks
Overcoming Cyberthreat Intelligence-Sharing Hurdles
Overcoming Cyberthreat Intelligence-Sharing Hurdles
Alert for Ransomware Attack Victims: Here's How to Respond
Alert for Ransomware Attack Victims: Here's How to Respond
Waging a War on Cybercrime With Big Data and AI
Waging a War on Cybercrime With Big Data and AI
Kaseya Ransomware: 'Largest Attack I've Witnessed So Far'
Kaseya Ransomware: 'Largest Attack I've Witnessed So Far'
Analysis: Implications of the Pegasus Spyware Investigation
Analysis: Implications of the Pegasus Spyware Investigation
Telehealth: Emerging Security, Privacy Issues
Telehealth: Emerging Security, Privacy Issues
Moving Forward With Identity-Centric Security
Moving Forward With Identity-Centric Security
Educating and Training Future Cybersecurity Pros
Educating and Training Future Cybersecurity Pros
Expert Analysis: The Battle Against Ransomware
Expert Analysis: The Battle Against Ransomware

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.asia, you agree to our use of cookies.