Yair Finzi is co-founder & CEO of Nokod Security and was co-founder & CEO of SecuredTouch (now Ping Identity) and a product leader at Meta. Read Yair Finzi's full executive profile here.
Low-code and no-code application development and robotic process automation are revolutionizing business and IT. They’re helping companies move faster and build highly customized software solutions. Yet, all these gains also come with some potential pain points, primarily because citizen developers usually aren’t equipped to bake in security.
that 87% of enterprise developers already use low-code tools for some of their work and the market for low-code development platforms could hit $50 billion by 2028. The takeaway? As LCNC tools move into the mainstream and low-code application platforms' supply chain risks grow due to a proliferation of open-source components and tools, it’s critical to rethink coding and security practices. Organizations that fail to address these risks often wind up with blind spots and a broader attack surface that can stretch across a vast supply chain.Today, virtually all platforms include a marketplace for third-party components, such as ServiceNow and our partner, UiPath. As LCNC and RPA toolsets stretch across vendors and organizations, security practices must adapt accordingly. One major challenge revolves around the sheer scale of new apps an organization must track and monitor. In some cases, a tenfold increase in apps and code isn’t uncommon.Disney Forced To Reveal Unequal Pay On Star Wars Show ‘The Acolyte’ ‘Time To Panic?’—Sudden $200 Billion Bitcoin, Ethereum, Solana, XRP And Crypto Price Crash Triggers ‘Critical’ Alarm Another issue is speed. The path from conceptualizing apps and RPAs to their deployment occurs quickly, often with minimal testing and validation. This makes it extraordinarily difficult to ensure that adequate levels of governance and security are built into the software—particularly across the application life cycle and multiple vendors. Unfortunately, because citizen developers aren’t acutely aware of security considerations and best practices, vulnerabilities they unknowingly introduce can put an organization at risk of a breach or malware attack. No-code delivers other unique risks. These applications utilize proprietary and non-standard code representations. Although this speeds development and adds helpful features, it also bypasses transparency. As a result, malware scanners and other security tools aren’t equipped to identify vulnerabilities and validate code. The LCNC supply chain is where all these risks intersect. Widely shared open-source and third-party components used to automate and enable robotic processes can introduce a variety of security risks—and other problems. This includes marketplaces and apps, widgets, APIs, microservices and shared code repositories. Attackers can use these vulnerabilities to target multiple organizations at the same time. With minimal effort, they can gain access through a single entry point and infiltrate numerous systems up and down the value chain.As things continue to shift from centralized software development to splintered development, it’s critical to establish a strategy for managing the security risks associated with open-source and third-party components. Traditional security tools aren’t always equipped to do the job. The best practice approach revolves around four key areas: discovery, monitoring, acting on violations and protecting apps and components.Update your organization’s overall strategy and security technology to reflect today’s environment. Open-source and third-party LCNC components are everywhere—and IT migrations can magnify the problem. Tools specializing in LCNC security can help identify vulnerabilities and close the gaps.Establish clear guidelines for application development, approval and deployment. Create controls to ensure that only correct configurations are used. Also, establish evaluation processes for components used in LCNC apps and RPAs.Update role-based access controls to better reflect the use of LCNC tools and possible misuse or abuse of applications and sensitive data by citizen developers and outsiders.Teach citizen developers basic security principles and data-handling best practices. Inform them about the limitations of LCNC platforms. Deliver more advanced security training for coders and cybersecurity specialists working with LCNC tools. To be sure, the answer isn’t to purge LCNC apps and RPAs from the enterprise. These resources are valuable for organizations looking to navigate today’s digital landscape. Instead, business and IT leaders should focus on a framework that identifies LCNC apps, detects vulnerabilities and security risks, and provides"how-to" guidance to remediate them. With a solid foundation in place, it’s possible to use low-code and no-code components to maximum advantage.
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
BetMGM bonus code + bet365 promo code: $2.5K in NBA, NHL bonuses this weekendUse our BetMGM bonus code + bet365 promo code this weekend to score up to $2,500 in bonuses. These can be applied to NBA, NHL and MLB games.
Read more »
BetMGM bonus code + bet365 promo code: Claim $2.5K in bonuses for NBA PlayoffsNew customers who use our BetMGM bonus code + bet365 promo code can unlock up to $2,500 worth of bonuses for the NBA Playoffs. These offers can also be
Read more »
Io.net CEO Ahmad Shadid steps down from CEO role days before token launchThe decentralized infrastructure provider has faced questions from critics in recent months regarding the veracity of its reported metrics.
Read more »
Beyond the Code: Insights from BlockTechGroup Founder and CEO Alessio VinassaCrypto Blog
Read more »
Code Geass: Rozé of the Recapture Is Now Streaming: WatchCode Geass: Rozé of the Recapture is now streaming its new anime with Hulu!
Read more »
Australia to make supermarket industry code mandatory, breaches may result in huge finesAustralia to make supermarket industry code mandatory, breaches may result in huge fines
Read more »