Lugging workloads from on-premises to public cloud is straining when done with flimsy security policies. Making sure workloads are secure and compliant the minute they arrive in cloud is even harder. How do companies do it? With a methodology called “shift left” that pushes security back to the earliest stages of developer operations.

“As they move to the cloud, they want to make sure they have the visibility and the security controls to make sure that they are not in the news,” said Ankur Shah (pictured, left), vice president of products, public cloud security, at Palo Alto Networks Inc.

Hackers are finding new inroads to users’ data via the vast attack vector of cloud. “A lot of the next-gen breaches are going to happen in the cloud,” Shah said. Cyber criminals are coming up with ingenious new attacks all of the time, such as cryptojacking, so businesses need monitoring and visibility at all stages to fend them off, he added.

Shah and Richard Weiss (pictured, right), principal cloud security engineer at Robert Half International Inc., spoke with John Walls (@JohnWalls21), host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, and guest host Justin Warren (@jpwarren), chief analyst at PivotNine Pty Ltd, during AWS re:Invent in Las Vegas. They discussed the challenges of cloud migration and security and the benefits of shift left. (* Disclosure below.)

Tools, tricks and training spread security all over

Staffing firm Robert Half began migrating workloads to the Amazon Web Services Inc. cloud about seven years ago. “We were doing all the right things, but we didn’t have the visibility we needed,” Weiss said.

The company tapped Palo Alto Networks a couple of years ago for tools to help it gain 360 visibility into its environment.

“Customers have to understand the kind of AWS services that they’re adopting, understand the security implications, make sure they have the security guard rails,” Shah said.

Basic security hygiene, network security, user-activity monitoring, and host monitoring tools go into that holistic 360 view. And the work of securing apps has to be spread holistically throughout a company’s staff, according to Shah. Ninety percent of breaches occur because of some silly mistake someone made — often someone who was not on the security team, he explained.

Shifting left brings those staffers into the security fold and educates them, so these mistakes can be avoided. “Now DevOps teams have to be part of the equation as well. They need to be trained and coached in understanding the security implications of their day-to-day operations,” Shah concluded.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of AWS re:Invent. (* Disclosure: Palo Alto Networks Inc. sponsored this segment of theCUBE. Neither Palo Alto Networks nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE