Low or No Code Development and Cybersecurity
Companies are increasingly relying on software development platforms that require low or no coding to create applications. Gartner predicts that this category of software development will account for 65% of development activity by 2024.
Benefits of Low Code or No Code Development Platforms
Low code platforms are used by people to create software and applications without the typical prerequisite of knowing complex coding languages. Applications can be developed in days with low code platforms, compared with weeks or months using traditional coding methods. Using a simpler platform allows for more collaboration within a company. Common use cases for developing using a low code platform include data input management and integration.
Non-technical employees developing their own tools is related to the concept of Shadow IT. Shadow IT involves employees using software or applications that do not have formal approval from IT or administrators. Both practices are done to get things done faster and with less bureaucracy, but the cybersecurity risk remains.
Secure Coding Practices
Low or no code platforms usually have security features built into their structure. This can include file monitoring, code validation, user control, automated testing, and other features. Not all solutions have the same level of security, and in the end, the company is responsible for security.
Cybersecurity and IT leaders at companies should step up to ensure the applications being developed and used by employees do not present a risk to the company. CIOs and CTOs are where the responsibility lies, according to most companies. The first step in mitigating the risk is identifying what data is being used and what access or connections the applications have. If an application is Internet-facing, more oversight should be applied. If the application processes personally identifiable data, more attention should be paid to cybersecurity.
Secure coding practices are vital and the code should be audited. Threat actors use careless coding to launch devastating attacks. A form that does not screen for SQL injection could destroy a network. A database that is not properly secured could lead to data breaches. Logic, care, and oversight are important in secure coding practices. Carnegie Melon has a list of 10 secure coding techniques. This guidance should be communicated to employees and leaders should verify that the practices are being adopted on a regular basis.
This post was inspired by Cipher LATAM CTO Renato Jager’s commentary on the topic in Digital Security Magazine. Cipher’s Red Team can penetration test applications and consult on secure coding practices. To learn more about how you can use new coding platforms, while staying cyber-secure, send us a message.