Adopting a 'Shift Left' StrategyCheckmarx's Executives Explain 'Infrastructure-as-Code' Approach
To deliver a secure "infrastructure-as-code" service, development teams must adopt a "shift left" strategy to bring all the applications and security under one umbrella to provide faster and continuous delivery of the fully automated code, according to Ori Bendet and Igor Markov of Checkmarx.
Markov says infrastructure as a code is the process of provisioning and configuring an environment through code instead of manually setting up the required devices and systems. Once code parameters are defined, developers run scripts, and the IaC platform builds the cloud infrastructure automatically, he says.
See Also: The State of the Software Supply Chain
“One of the major changes we witness in the infrastructure's cloud-native development as a coding platform was that every application is saved as a code in the repository and scanned separately to find vulnerabilities and potential misconfiguration early in the development cycle,” Markov says.
In this video interview with Information Security Media Group, the executives discuss:
- Use of open source in the infrastructure-as-code development process;
- Use of automation in the coding process;
- How to provision infrastructure and configuration in a cloud environment.
Bendet, director of product management at Checkmarx, leads its flagship product, CxSAST - Static Application Security Testing. Previously, he held product and engineering positions at Time To Know, HPE, PicApp, and Bezeq.
Markov head of the SAST product unit at Checkmarx has over 20 years of experience in areas of R&D and business operations. He is experienced in leading design, development, modernization, enablement, and support of enterprise products, including native cloud, SaaS, and on-premises, high-scale, data-driven, and analytical applications.