Companies have long touted “shift left” as a quality control approach to preempt and prevent bugs early during software development. And when developers “shift right” they test software later on, in post-production, to discover new, unexpected issues that may have escaped earlier detection.

What if I told you that the most important cybersecurity shift your company can make is up? Let me explain…


Too Many Point Solutions

According to Crunchbase, over forty billion dollars have been poured into over 5,000 cybersecurity startups over the last ten years, yet security breaches are more common today than ever before. Organizations are using dozens of security monitoring products and services, increasing their risk of being overwhelmed by alerts while missing legitimate cyberattacks. 


Attackers don’t think in silos; they exploit weaknesses in any lateral, adjacent area. However, many organizations rely on siloed point solutions to protect public cloud, private cloud, containers, laptops, and servers.

Yes, the latest and greatest security companies aim to protect whatever is generating the most interest at the moment. But the cybersecurity landscape should not be viewed in this piecemeal, myopic way. 

What about the bigger picture? For instance, what about protecting everything that is connected to the cloud (meta-cloud, cross-cloud)? Think about if a hacker infiltrates a developer’s laptop — a laptop that is just one hop away from critical company crown jewel data, services, and source code.


Too Much Data Spread Across too Many Point Solutions

In parallel to the staggering number of point solutions has been the cybersecurity industry’s collision course with an ever-growing volume, variety, and velocity of data. The number of entitlements, regulations, infrastructure units, data, and services that companies use is enormous; AWS has more than 13,000 identity and access management permissions alone.


Our Founding Principles

We founded Uptycs to solve these challenges. Our founding principles are based on the conviction that to cost-effectively reduce cybersecurity risk, enterprises must be able to do three things really well:

  1. Make better risk decisions about vulnerabilities and threats derived from risk signals emanating from a large volume and variety of security and IT data. Data that enterprises must control. No black boxes.
  2. Protect digital assets spread across heterogeneous infrastructure via a platform that covers cloud, containers, laptops, and servers from a single UI and data model. Extensibility must be based on normalized telemetry and open standards.
  3. Reduce mean time to detection and mean time to mitigation to breaches and attacks by eliminating tool, team, and infrastructure silos, and consolidating identity and policy management, and security intelligence.

But no cybersecurity vendor had ever done this before so we had to look outside the cybersecurity industry for inspiration. Companies like...

  • Google Ads for streaming analytics for sub-second, real-time bidding
  • Akamai for horizontal scaling and high-speed data transfer
  • Salesforce for having one data model with multiple use cases (sales, marketing, and support), and
  • SAP for their leadership in business process management and analytics-powered outcomes

The 5 Shift Up Tenets & Their Outcomes

To shift up is to adopt the mindset of continually searching for ways to eliminate cybersecurity tool, team, and infrastructure silos. Shift up is a new cybersecurity methodology based on these five key tenets:

1. Collect & normalize telemetry close to its source.

Shifting up normalizes telemetry at the point of collection, meaning data is already in a standard format. This, in turn, means organizations can immediately stream data up into their detection cloud (a security data lake) or be able to leverage it much faster for training machine learning models. 

2. Stream normalized telemetry into a security data lake, moving security analytics processing power to the cloud.

This is a change from the usual process of working with siloed and highly-opinionated security tools. Shift up does not depend on complex, intermediary systems to connect the dots. The premise involves getting the data into a standardized format right out of the gate and streaming it up into a detection cloud. From here, security teams can correlate threat activity as it traverses multiple attack surfaces. They can ask the security questions they want to ask. 

3. Data models & modes of interoperability are based on established & emerging standards & an API-first approach.

This is a change from the usual process of working with proprietary data models and the need to create a middleware layer to extract, transform, and cleanse security data. The result is faster integration with new tools, services, and infrastructure. 

4. A primary platform and/or architecture to connect tooling & bring together multiple teams & types of IT infrastructure into one data model & UI.

This unified fabric enables connected insights and the ability to detect threat activity as it moves from a laptop to the cloud, for instance. The increased collaboration and reduced number of silos yield faster, more effective threat detection and response

5. Composability, scalability, & interoperability for security controls via a distributed identity fabric, & consolidated identity & policy management, security intelligence, & dashboarding.

Today’s distributed enterprises must see security as more of a fabric or ecosystem. By doing so, they can reduce the time and costs associated with creating a more cohesive enterprise-wide security posture. 


The Industry Is Catching on

According to Gartner, 75% of security and risk management leaders are looking to consolidate the number of security vendors and products to better manage risk and increase security operations productivity. 

Gartner also projects that by 2024, organizations adopting a cybersecurity mesh architecture to integrate security tools will reduce the financial impact of individual security incidents by an average of 90%.
Gartner defines cybersecurity mesh architecture (CSMA) as “an emerging approach for architecting composable, distributed security controls” that enables “secure, centralized security operations and oversight.” CSMA helps organizations de-silo their poorly interconnected point solutions, offering principles for a coordinated approach to threat detection and efficient cross-tool collaboration.
Many of Gartner’s mesh architecture characteristics align with shifting up. 



To reduce their security risk, enterprises must shift up to get the full picture. At its core, shift up recognizes that cybersecurity is a team sport—a sport that requires a united front to reduce risk, protect company assets, and prevent security gaps. 

When you shift up today, you build a more cohesive enterprise-wide security posture that can safeguard you against tomorrow’s hacks, attacks, and breaches. With Uptycs you don’t have to choose between shifting left or right, you can shift up for unified security visibility and control over your modern attack surface—from laptop to cloud.