Article
Cyber Defense Magazine

"Are We Shifting Left Enough": Cyber Defense Magazine Highlights PACE Anti-Piracy

PACE Anti-Piracy was featured in a recent edition of Cyber Defense Magazine with an article titled “Are We Shifting Left Enough” written by Douglas Kinloch, VP of Business Development.

The term “shift left” is centered on the idea that Application Security efforts are now happening at earlier stages of the development lifecycle. Mr. Kinloch adds to the discussion by raising the questions “how far left does an organization need to shift?”

He writes: “Shift Left” is in danger of becoming a buzz-word, much as “End Point” did 20 years ago. In software development, it is clear that the idea of moving security awareness from traditionally the last thing considered before shipping, to something every developer understands, can implement, and can act accordingly has to be a good thing. “Zero Trust” is another buzzword that may travel hand-in-hand with Shift Left, but as many are beginning to point out there is no single Zero Trust silver bullet, it’s a process. As a process it needs to be the default setting of any designer of any system relying on IT networks, connectivity or software.”

How should developers and analysts begin to think about answering the challenge? 

  • Secure coding so vulnerabilities aren’t created in the first place
  • Use programming languages that are not inherently insecure (to run on platforms that can’t be secured)
  • Security review & source code scanning of applications before finalization 

At PACE we are users of software tools that ensure the Licensing products we supply to our customers and partners remains as secure as possible. It is a different approach to most License Management tools where there is an emphasis on process, revenue management and software monetization. It is our belief that if the License Manager can be compromised, then all the software monetization tools in the world can’t maximize revenue or protect developers’ IP.

PACE Shifted Left Early

In order to deliver such security the Developer team at PACE “shifted left” in the early 2000s and delivered iLok License Manager, secured by deep understanding of application code, and use of our Fusion Application Protection tools; Anti-Tamper and Obfuscation. To further secure customers’ IP and revenue streams, White Box Works ensures the security of the cryptographic keys within the entire system. 

PACE is now offering the same capabilities to partners across a number of markets, supporting Software POS and High Value Software customers, protecting IP and vitally important business logic from outside interference.

Conclusion

The assumption that compiled app code will be accessed, and that attackers have the tools and skills changes the security calculus completely. 

Zero Trust means that developers protecting their code understand that the actual end-point is not the device, or even the application within that device, but is the source code on the developers’ machine - before it’s even compiled. So when you decide to Shift Left, as we did, ask yourself, “how far?”


Find the full article in Cyber Defense Magazine.

For more information on how PACE tools can help your organization shift left, contact us.

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram