Companies have long touted “shift left” as a quality control approach to preempt and prevent bugs early during software development. And when developers “shift right” they test software later on, in post-production, to discover new, unexpected issues that may have escaped earlier detection.
What if I told you that the most important cybersecurity shift your company can make is up? Let me explain…
According to Crunchbase, over forty billion dollars have been poured into over 5,000 cybersecurity startups over the last ten years, yet security breaches are more common today than ever before. Organizations are using dozens of security monitoring products and services, increasing their risk of being overwhelmed by alerts while missing legitimate cyberattacks.
Attackers don’t think in silos; they exploit weaknesses in any lateral, adjacent area. However, many organizations rely on siloed point solutions to protect public cloud, private cloud, containers, laptops, and servers.
Yes, the latest and greatest security companies aim to protect whatever is generating the most interest at the moment. But the cybersecurity landscape should not be viewed in this piecemeal, myopic way.
What about the bigger picture? For instance, what about protecting everything that is connected to the cloud (meta-cloud, cross-cloud)? Think about if a hacker infiltrates a developer’s laptop — a laptop that is just one hop away from critical company crown jewel data, services, and source code.
In parallel to the staggering number of point solutions has been the cybersecurity industry’s collision course with an ever-growing volume, variety, and velocity of data. The number of entitlements, regulations, infrastructure units, data, and services that companies use is enormous; AWS has more than 13,000 identity and access management permissions alone.
We founded Uptycs to solve these challenges. Our founding principles are based on the conviction that to cost-effectively reduce cybersecurity risk, enterprises must be able to do three things really well:
But no cybersecurity vendor had ever done this before so we had to look outside the cybersecurity industry for inspiration. Companies like...
To shift up is to adopt the mindset of continually searching for ways to eliminate cybersecurity tool, team, and infrastructure silos. Shift up is a new cybersecurity methodology based on these five key tenets:
Shifting up normalizes telemetry at the point of collection, meaning data is already in a standard format. This, in turn, means organizations can immediately stream data up into their detection cloud (a security data lake) or be able to leverage it much faster for training machine learning models.
This is a change from the usual process of working with siloed and highly-opinionated security tools. Shift up does not depend on complex, intermediary systems to connect the dots. The premise involves getting the data into a standardized format right out of the gate and streaming it up into a detection cloud. From here, security teams can correlate threat activity as it traverses multiple attack surfaces. They can ask the security questions they want to ask.
This is a change from the usual process of working with proprietary data models and the need to create a middleware layer to extract, transform, and cleanse security data. The result is faster integration with new tools, services, and infrastructure.
This unified fabric enables connected insights and the ability to detect threat activity as it moves from a laptop to the cloud, for instance. The increased collaboration and reduced number of silos yield faster, more effective threat detection and response.
Today’s distributed enterprises must see security as more of a fabric or ecosystem. By doing so, they can reduce the time and costs associated with creating a more cohesive enterprise-wide security posture.
According to Gartner, 75% of security and risk management leaders are looking to consolidate the number of security vendors and products to better manage risk and increase security operations productivity.
Gartner also projects that by 2024, organizations adopting a cybersecurity mesh architecture to integrate security tools will reduce the financial impact of individual security incidents by an average of 90%.
Gartner defines cybersecurity mesh architecture (CSMA) as “an emerging approach for architecting composable, distributed security controls” that enables “secure, centralized security operations and oversight.” CSMA helps organizations de-silo their poorly interconnected point solutions, offering principles for a coordinated approach to threat detection and efficient cross-tool collaboration.
Many of Gartner’s mesh architecture characteristics align with shifting up.
To reduce their security risk, enterprises must shift up to get the full picture. At its core, shift up recognizes that cybersecurity is a team sport—a sport that requires a united front to reduce risk, protect company assets, and prevent security gaps.
When you shift up today, you build a more cohesive enterprise-wide security posture that can safeguard you against tomorrow’s hacks, attacks, and breaches. With Uptycs you don’t have to choose between shifting left or right, you can shift up for unified security visibility and control over your modern attack surface—from laptop to cloud.