If your startup has an idea for an app, you can create it without having any coding experience. It’s true. There is no need to master a complex skill in the form of a new language such as C++. This has been replaced with a visual interface and components that have made app creation effortless.
Pre-program solutions offer building blocks that you can drag and drop to make your vision come to life before you say “hello world” — perhaps even without understanding how coding works.
However, this revolution in app development comes at a cost. User-friendly shortcuts in app development have caused major vulnerabilities in the infrastructure as well as privacy risks.
It left its users and developers questioning whether low code platforms are safe and if they are likely to be the next hacking victim.
Zenity is the first of its kind. This company specializes in securing low code and no code apps, automations and integrations, and its solutions offer comprehensive answers to new risks derived from no-code/low-code development, including citizen development.
How did they recognize the need for this platform, how does the company reconcile the needs of the information security and cybersecurity departments, and why do traditional cybersecurity solutions fall short in protecting the emerging low code applications?
Recognizing The Gap in the Market
Ben Kliger and Michael Bargury are two cybersecurity experts who joined forces and founded Zenity. They combined Klinger’s extensive experience as a product manager for Microsoft and Bargury’s work in securing emerging threats for cloud environments.
Based in Tel Aviv, they created the first platform that governs and secures apps, automations, and integrations built in low-code and no-code platforms, such as in Microsoft Power Platform, Salesforce platform, ServiceNow, OutSystems, Workato, Zapier and others.
The platform also offers remediation steps and automated actions to fix top security threats for low-code/no-code apps, automations, and integrations.
The field of cybersecurity hasn’t yet caught up with the major shift in app development accessible to both non-tech-savvy business users, citizen developers.
Low-code tools and solutions have been widely accepted by large enterprises, widely adopted by Fortune 500 companies, and the market is only expected to expand. By 2024, it’s estimated that 70% of the application development activity is going to rely on LCNC. A notable majority.
To cure a key headache for information security and cybersecurity professionals, the team at Zenity used their vast cybersecurity experience, including hands-on work with Fortune 500 companies, to create a platform to protect the security of the low code/no-code applications, automations, and integrations across the stack – from development to production.
According to co-founder of Zenity, Michael Bargury, accepting the convenience and simplicity of the LCNC apps means that companies also sign up for possible risks that come with it:
“Low code is unlocking tremendous value for large companies and enterprises by enabling everyone from developers to businesses to address their growing needs. Security is always top-of-mind, so in order to embrace the low code, companies must recognize, map, and address the low-code security risk.”
Specific Cybersecurity Issues for Low-Code Apps
OWASP has listed the top 10 concerns that compromise low-code app security. They include data leakage and misconfiguration — concerns that are familiar to those that use traditionally made apps.
The list of security issues for low code apps has additional problems that riddle them, including:
- Unmanaged custom code — added code does not have to adhere to the same standards as the pre-written code
- Insecure data connection — the app is linked to critical data of the company by someone who may lack expertise in data security
- Oversharing of components and information within the app that can cause unwanted access to parts of the app
Even though some issues overlap with issues in the security that app devs might experience, existing security tools might not uncover and mitigate flaws in no-code apps.
Undiscovered, flaws could be part of the application for years and months — making the system vulnerable to an attack at all times.
Entrepreneurs that have created their apps with low code tools may not have the funds to employ the cybersecurity experts to manage their security and fight against issues that are specific to low-code apps.
The security is at the hand of the IT teams that are already overwhelmed with their endless to-do lists. A platform that allows them visibility of the entire system as well as facilitates the complex labyrinth that is data security, making their jobs that much easier and less overwhelming.
Moving LCNC Technology Forward
Zenity encourages the availability of LCNC app development, especially for those who have ideas for low-code or no-code apps, but are concerned about the security threats.
Zenity facilitates the inventorying of all LCNC apps, app creators, and data across different platforms. They scan for potential malicious activity, alert the user, and then show possible steps that can be taken to address the issue. Furthermore, Zenity helps citizen developers in designing and implementing suitable governance policies, and supports the configuration of security controls to automate responses to threats.
