Gartner predicts that low-code/no-code use will triple by 2025, saying that 70 percent of new applications developed by organizations will have employed some form of low-code/no-code (LCNC) technology. There’s no doubt that the future of this tech is big, but the challenges are equally huge.
These challenges are mainly about the security of the apps being self-produced by organizations. OWASP recognizes the severity of these challenges; the foundation has come up with a top 10 list of security risks specifically associated with low-code apps. These are serious concerns that are also encountered in other circumstances.
This situation is not without a solution, though. One Israeli startup, Zenity, has developed a highly viable and effective solution.
The first low-code/no-code governance and security platform
Zenity distinguishes itself as the first and only governance platform for low-code/no-code applications, saying that it is a “win-win environment where IT and information security can give business and pro developers the independence they want to move the business forward while retaining full visibility and control.”
The startup was co-founded by Ben Kliger and Michael Bargury, who both have extensive experience in the field of cybersecurity. Kliger was previously a Cyberseucirty Consultant for Deloitte and a Product Manager for Fortscale and Microsoft. Bargury spent years working on cloud security at Microsoft, and is the CTO of Zenity.
The Zenity co-founders founded Zenity with the goal of enabling organizations to track and secure their low-code/no-code apps without the need for extensive or profound technical know-how. The platform seeks to provide visibility and control for all LCNC apps across different platforms.
Ensuring secure, self-built apps and reducing shadow IT
Zenity aims to allow organizations to achieve the following interconnected major capabilities:
- Shadow IT business application discovery
- Effective and efficient security policy enforcement
- Continuous policy violation detection
- Automatic remediation and fixing of issues
- Detection of anomalous app behavior
Shadow IT, referring to the IT systems and components not explicitly approved or actively monitored by an organization’s IT department, is one of the biggest problems in cybersecurity at present. One survey shows that 86 percent of cloud apps used by enterprises are considered shadow IT. This is a serious problem because it reduces the efficacy of security controls and weakens the overall security posture of an organization. Shadow IT can become hiding places or breeding grounds for security vulnerabilities.
Shadow IT is one of the reasons why organizations have difficulties in effectively enforcing their security policies. Even if they meticulously observe security rules and defensive measures, they cannot do anything with IT elements, low-code apps in particular, that are not visible to them. They cannot detect weaknesses and other issues in apps they are unable to observe.
Zenity ensures that shadow IT apps created using LCNC development platforms are identified and brought to the oversight of the IT department or cybersecurity team. It does this in a continuous manner, so regardless of when apps are deployed, there is certainly that it will not be concealed in the shadows. It is also capable of detecting anomalous app behavior, including data exfiltration and the presence of risky users.
Additionally, Zenity employs automation to hasten the resolution of the security issues detected. Remedial actions can be automated based on the risk environment and app usage. At the same time, it can flag risky automations, misconfigurations in business process automation, as well as suspicious automated behaviors in apps.
Discovering, mitigating, governing, and protecting
How does the Zenity platform work? It focuses on four major areas, namely: discovery, mitigation, governance, and protection.
When it comes to discovery, Zenity is able to produce and maintain a cross-platform inventory of all low-code/no-code apps used in an organization. This results in extensive IT visibility, particularly when it comes to the movement of sensitive data between SaaS apps as well as endpoints within the organization’s premises.
On the mitigation front, organizations get to minimize their risk surfaces through continuous risk evaluations for all LCNC apps and their components. Zenity makes it easy to identify configuration drifts, potentially risky or vulnerable components in third-party apps, and unsafe or non-secure app usage. It also uses automation to expedite the remediation of the security issues discovered by the platform. For example, it can raise an alert on environmental mismatch and present a summary of the problem, details of the security policy violations, and a brief guide on what to do for remediation.
With governance, Zenity facilitates the design and implementation of governance policies specific to the needs of an organization. It also allows organizations to keep track of all policies with details on their platform, environment, statuses, and priority levels. Zenity addresses the security needs of apps created through Citizen Automation and Development Platforms (CADP) and Low-Code Application Platforms (LCAP). It enables the monitoring of each and every app used in an organization, as well as the application of security practices across the standard software development lifecycle (SDLC).
For the protection aspect, Zenity can detect malicious and dubious activities for all low-code/no-code apps. This is crucial, especially in the age of sophisticated software supply chains. Unchecked shadow IT apps can be used for malware obfuscation, data leakage, and other adversarial tactics and techniques.
Moreover, Zenity provides security and governance for Integration Platform as a Service (iPaaS), allowing developers to make it easy to integrate business apps and expedite digital transformation. It also does the same for Intelligent Business Process Management Systems (iBPMS) to allow developers to automate complex business workflows and achieve efficiency, which can help stimulate business progress and growth.
As a SaaS platform, Zenity is useful for any kind of enterprise or organization. However, it focuses on large businesses that have already embraced low-code/no-code apps and those that are still planning to do so. It is for businesses across different industries including healthcare, banking, telecommunications, and e-commerce.
The platform provides an efficient solution to address the growing need of enterprises to rapidly build secure business apps for specific purposes without relying on costly programmer services. Low-code/no-code platforms already exist as convenient ways to self-build apps, but they tend to have security issues. Zenity addresses this security problem effectively also in a cost-efficient manner, as users only pay for the times they use the platform instead of paying a flat rate for the unlimited usage of features or functions that may not actually be necessary.
Too good to be true?
A pioneering solution that claims to fix the security problem of LCNC apps may seem too good to be true. However, it does exist, and well-known cybersecurity industry personalities are willing to back Zenity over its highly promising security product.
Ory Segal, Senior Director at Palo-Alto Networks, for one, lauds Zenity for its goal of providing organizations more freedom and agility in developing their own apps to address their needs. “Zenity has stepped up to this unique challenge with its governance and security platform for low-code/no-code applications, enabling teams to gain visibility and take control over the wild-west of business application development,” Segal says.
Omer Mar-Chaim, Director of Development at Varonis, also has good things to say about Zenity, saying that “Zenity identified this unique problem space (governance and security in LCNC environments) and their innovative platform helps to safely promote citizen and business application development.”
Making LCNC’s bright future even brighter
Again, the LCNC market is already predicted to boom over the next few years, even with its current issues with security and governance. Gartner expects that 75 percent of all large organizations will already be employing at least four low-code/no-code development tools for IT application development as well as for citizen development activities.
However, the future is set to be even better for LCNC, as the security problem is being competently addressed. Zenity is taking the lead in offering a highly viable solution. It is expected that many others will follow suit and offer competing products. Zenity’s trailblazing innovative cybersecurity solution is carving a narrow niche not many saw coming, and it’s a good development for the entire cybersecurity industry.
Brian Wang is a Futurist Thought Leader and a popular Science blogger with 1 million readers per month. His blog Nextbigfuture.com is ranked #1 Science News Blog. It covers many disruptive technology and trends including Space, Robotics, Artificial Intelligence, Medicine, Anti-aging Biotechnology, and Nanotechnology.
Known for identifying cutting edge technologies, he is currently a Co-Founder of a startup and fundraiser for high potential early-stage companies. He is the Head of Research for Allocations for deep technology investments and an Angel Investor at Space Angels.
A frequent speaker at corporations, he has been a TEDx speaker, a Singularity University speaker and guest at numerous interviews for radio and podcasts. He is open to public speaking and advising engagements.