We've Heard of "Shift Left" But What Is "Shift Right"?
July 20, 2023

Dotan Nahum
Check Point Software Technologies

As a developer, you have likely experienced expedited product launches, continuous feature releases, instant patches, and a host of other software innovations. But amidst all these disruptions, the expectation for you to maintain velocity and security only keeps growing.

The "Shift Left" approach is the outcome and epitome of this accelerated pace of software development. In this instance, tests and validations are conducted early in the development cycle to arrest any risks associated with software quality. This post will unravel the opposite (and perhaps obvious) "Shift Right" concept to understand its implications on the software development lifecycle and its approaches and benefits.

Why "Shift" and in Which Direction?

The "Shift" refers to a variation of the SDLC progression, in which certain phases are shifted to achieve better testing to improve software quality. However, to fully understand this relation between the shift and quality, we need to look at how the perception of software quality has evolved over the decades.

Traditionally, software quality was measured as the degree of compliance with a set of formally defined requirements. This approach was prevalent in the waterfall model. Developers emphasized achieving 100% requirement traceability with adherence to coding standards.

But today, software requirements are defined informally as a general explanation of features. Developers work with vaguely defined features, which are improved upon through a series of iterations. Also, the scope of software quality has widened beyond the requirements and coding practices. It extends to deployment behavior since most software applications are deployed as a service in a cloud environment. Therefore, the availability of service and a reasonable response time are also part of software quality.

Due to these ever-changing perceptions, the modern SDLC approach under Agile needs a multi-dimensional checkpoint to tackle feature requirement expectations and meet the service needs as part of every release.

That's where we need to shift. The "Shift Left" improvisation allows development teams to perform tests earlier in the SDLC to mitigate requirement ambiguities. The "Shift Right" approach mandates extending the tests into production to handle deployment and service uncertainties.

The Rise of the "Shift Right" Methodology

In the Agile approach that is prevalent today, the SDLC is a continuous DevOps cycle, split between development and operations functions that work in conjunction to release one incremental feature or change in the software.

There's no requirement analysis phase here. Instead, requirements are drafted on the go as general feature overviews and a sequence of user actions constituting a set of user stories. All of it happens in the planning phase. Non-functional requirements are tracked as part of the ops to ensure deployment service quality after every release. These include response times, service availability, and security-related parameters that control user and data access. The "Shift Right" strategy entails extending the testing across ops to address these service quality issues.

Similarly to "Shift-Left", this is also an SDLC process improvisation. "Shift Right" focuses on testing the non-functional quality metrics within the production environment to ensure optimal service parameters for the deployed software.

Should We "Shift Right" Our Approach?

"Shifting Right" offers numerous benefits for organizations. First and foremost, it builds a forward-thinking, proactive process culture that focuses on software operations and deployment challenges rather than development challenges. This culture change is achieved by leveraging and combining a few technology interventions with automation, resulting in closed cooperation between development and operations teams.

One way of achieving "Shift-Right" is to let the developers take the responsibility of analyzing the runtime performance of software directly in production. This approach relies on innovations around dev tools to allow developers to scan, monitor and observe the production runtime environment. Additionally, these tools enable ops-free interventions for developers to reduce manual overheads, reducing the code rework or bug fix cycles.

Another way to achieve "Shift-Right" is by replicating the production environment into staging, debugging, or other temporary runtime environments. This technique leverages cloud-native technologies to replicate cloud environments instantly. As a result, it eases the time-consuming tasks related to testing exceptional deployment scenarios such as chaos simulation, heavy user traffic, and security attacks. In addition, it allows developers and testers more time for experimentation and continuous learning.

Overall, the "Shift-Right" approach helps teams deploy software products with consistent service quality while keeping up with newer feature additions. As nearly all software is offered on an "as-service" model, we are seeing a significant paradigm shift in SDLC to reduce overhead costs of production bug fixes, leading to reduced MTTR.

Towards a Harmonious Shift

"Shift-Right" can co-exist with "Shift-Left." They are not mutually exclusive. Both shifts complement each other by spreading the testing responsibility across the entire SDLC process to address a software system's most pressing quality concerns: requirement compliance and service consistency.

However, developers also need to meet stakeholder and customer expectations beyond the technical and quantitative parameters of the software requirements. These expectations are qualitative in nature and are mostly expressed in terms of physical and mental effort, such as developer burnout (on our side) or dissatisfied customers (on the flip side).

Addressing these expectations requires a "Shift-Up" approach, which aims to measure the commercial performance of the software and associate it with customer interactions. In essence, the "Shift-Up" acts as an umbrella supervision layer over the SDLC process that intelligently captures the software's business and user interaction parameters. Plus, it loops into the development and operations teams to incorporate the feedback into the "Shift-Left" or "Shift-Right" processes stages.

If you get this far, it is safe to assume that your SDLC process is operating at an optimal level, which takes care of the software quality, ensures good service health, and, most importantly, is loved by customers.

Dotan Nahum is Head of Developer-First Security at Check Point Software Technologies
Share this

Industry News

September 21, 2023

Red Hat and Oracle announced the expansion of their alliance to offer customers a greater choice in deploying applications on Oracle Cloud Infrastructure (OCI). As part of the expanded collaboration, Red Hat OpenShift, the industry’s leading hybrid cloud application platform powered by Kubernetes for architecting, building, and deploying cloud-native applications, will be supported and certified to run on OCI.

September 21, 2023

Harness announced the availability of Gitness™, a freely available, fully open source Git platform that brings a new era of collaboration, speed, security, and intelligence to software development.

September 20, 2023

Oracle announced new application development capabilities to enable developers to rapidly build and deploy applications on Oracle Cloud Infrastructure (OCI).

September 20, 2023

Sonar announced zero-configuration, automatic analysis for programming languages C and C++ within SonarCloud.

September 20, 2023

DataStax announced a new JSON API for Astra DB – the database-as-a-service built on the open source Apache Cassandra® – delivering on one of the most highly requested user features, and providing a seamless experience for Javascript developers building AI applications.

September 19, 2023

Oracle announced the availability of Java 21.

September 19, 2023

Mirantis launched Lens AppIQ, available directly in Lens Desktop and as (Software as a Service) SaaS.

September 19, 2023

Buildkite announced the company has entered into a definitive agreement to acquire Packagecloud, a cloud-based software package management platform, in an all stock deal.

September 19, 2023

CrowdStrike has agreed to acquire Bionic, a provider of Application Security Posture Management (ASPM).

September 18, 2023

Perforce Software announces BlazeMeter's Test Data Pro, the latest addition to its continuous testing platform.

September 18, 2023

CloudBees announced a new cloud native DevSecOps platform that places platform engineers and developer experience front and center.

September 18, 2023

Akuity announced a new open source tool, Kargo, to implement change promotions across many application life cycle stages using GitOps principles.

September 14, 2023

CloudBees announced significant performance and scalability breakthroughs for Jenkins® with new updates to its CloudBees Continuous Integration (CI) software.