By Jeff Broth
Low-code/no-code app development is set to play a big role in the future of organizations. Adam Burden, Accenture’s Chief Software Engineer, expects it to reshape business innovation, calling it an important enabler of fast-paced innovation that benefits professional and citizen developers.
This new technology, however, has a significant drawback: security. Apps or automations created using low-code development platforms tend to have security issues. These are detailed in the OWASP Top 10 Low-Code/No-Code Security Risks, and include identity misuse, uncontrolled sharing of credentials, data leakage, security misconfiguration, authentication failures, injection handling problems, asset management failures, vulnerable and unmanaged components, and security logging and monitoring failures.
One startup commits to addressing these issues to allow organizations to maximize the benefits of low-code/no-code app development. The startup is called Zenity, and it seeks to establish a “win-win environment” that allows businesses to develop the applications they need for specific purposes without always relying on professional developers and without compromising security.
Zenity is the first and only (as of this writing) security governance platform for applications created using low-code/no-code technology. Founded in 2021, this Israeli startup aims to make risk-free citizen development for modern businesses a possibility. It offers a solution that does not have to be involved at the very start of the low-code development process, but can be employed as a supplementary step that focuses on security.
Zenity allows organizations to create their own catalog of low-code/no-code applications while mitigating potential security issues and setting up a governance policy that helps keep cyber threats in check. This governance policy can also be implemented with automatic enforcement to ensure maximum protection.
“We empower CIOs and CISOs to seamlessly govern their low-code/no-code applications and prevent unintentional data leaks, disturbance to business continuity, compliance risks or malicious breaches,” says Zenity CEO and co-founder Ben Kliger.
Functions and features
The Zenity platform provides continuous protection for all low-code/no-code apps and their components, with emphasis on four key areas to make citizen development as risk-free as possible. These are discovery, governance, protection, and mitigation.
On the discovery side, Zenity establishes security visibility for the apps being used in an organization and the data they generate and transmit. This means that the platform is capable of revealing shadow IT apps, bringing them to the oversight of the IT department. It presents a comprehensive and up-to-date list of all low-code/no-code apps and their related data, including the data exchanged among on-prem and SaaS applications.
On the other hand, Zenity facilitates the formulation and implementation of effective app governance policies. This is important to address low-code/no-code development risks with emphasis on eliminating instances of disruptions. The platform makes it possible to set up controls that can respond automatically to different scenarios based on app usage, risk assessment, and other factors.
The security protection function of Zenity is mainly about detecting suspicious or potentially malicious actions in apps. This is a crucial function that addresses serious threats such as software supply chain attacks similar to what happened to the infamous SolarWinds supply chain incident. Zenity can also detect the risks of data leakage, insecure authentication, dependency injection, privilege escalation vulnerabilities, oversharing, and app impersonation.
When it comes to mitigation, Zenity undertakes continuous risk assessment on all low-code/no-code apps and their components to check for misconfigurations, potentially insecure app usage, and the possibility that third-party app components have conflicts with low-code apps that can result in security problems. The platform enables seamless mitigation and remediation to fix issues as soon as they are discovered.
These features significantly boost an organization’s security while helping ensure security compliance, as it exposes ungoverned apps and checks for possible security policy violations. It also supports business continuity by considerably reducing unknown factors that can weaken security posture. Many businesses suffer disruptions because of unforeseen security events, such as apps that overload resources or become network weaknesses that are exploited by cybercriminals.
Zenity is for all organizations that want to benefit from the vast capabilities of low-code/no-code and citizen development. Regardless of an organization’s size or industry/sector, this low-code/no-code governance platform provides palpable security benefits that address known and unknown threats.
Zenity seeks to fill a very specific need in the cybersecurity industry that has been left unaddressed for quite some time. It is carving a niche that is set to grow bigger, as more organizations embrace low-code/no-code development. The platform may easily become a staple for organizations worldwide that are ditching third-party apps to develop their own applications that can more efficiently and precisely serve their requirements.
How does Zenity work?
As a comprehensive app governance and security solution, Zenity provides an intuitive dashboard that readily shows everything users need to see as they look into the security issues of their self-developed apps. It has charts that show policy violation statuses, risk statuses as well as lists of top policy violations and risky resources. With these, users can easily proceed to resolve the security issues and optimizing their catalog of self-built applications.
Zenity makes it easy to fix issues by providing the options available to address the issues detected. It can display notifications like “Anomalous data movement detected” and “Environment mismatch detected,” and present a dropdown list of actions available to resolve these problems.
Zenity is a governance and security solution designed to take control over the risks involved in creating apps using workflow automation platforms, , low-code application platforms (LCAP) and robotic process automation platforms (RPA). It enables the monitoring of each and every app or automation created in such platforms and the application of standard software development lifecycle (SDLC) governance and security practices.
Moreover, Zenity is a governance and security solution for Integration Platform as a Service (iPaaS). This means that it can scrutinize all iPaaS interconnections and data sharing to make sure that the automations built to move data between apps, both on-prem and on SaaSm, or automations that remove manual laborious processes, are properly secured. If there are security issues, these are promptly identified and remediated.
Zenity’s low-code/no-code security assurance is accredited. “Zenity provides the perfect combination of governance and security tools with a pro-business approach that helps business developers build with confidence,” says Tom Fisher, a former CIO of Oracle and Qualcomm and now an adviser to Zenity.
Palo-Alto Networks Senior Director for Product Management Ory Segal also has good words for Zenity, praising its initiative to address a unique cybersecurity need. “Zenity has stepped up to this unique challenge with its governance and security platform for low-code/no-code applications, enabling security teams to gain visibility and take control over the wild-west of business application development,” Segal shares.
Pioneering a security solution
More businesses are already adopting low-code/no-code app development without being mindful of the risks involved. Current AppSec and InfoSec solutions appear to have not evolved yet to take into account the risks posed by low-code/no-code technology. This means that the conventional protections organizations rely on for their cybersecurity are unlikely to provide adequate security with low-code apps.
Zenity offers a solution that is the first of its kind, but with the credible assurance that it can deliver on its promises. Zenity proudly describes itself as the “only cross-platform governance and security solution for low-code/no-code applications and automations.” This confidence in offering an effective pioneering security product is evidenced by the fact that the company has gained the backing of Vertex Ventures and UpWest, which provided its seed funding in late 2021. The startup also attracted investments from Gerhard Eschelbeck, a former VP of Security at Google.
Jeff Broth is a business writer and advisor, covering finance, cyber, and emerging fintech trends. He has consulted for SMB owners and entrepreneurs for eight years.
Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.