All organizations are aggressively looking for more better ways to manage operations and many started to build applications for automation and transformation. There is the rising trend of LCNC, stands for no-code & low-code platforms that are designed to simplify the application development process and reduce the amount of coding involved.
According to some global forecasts, the no-code/low-code platform market will have CAGR of 20% in starting 2023 for a few years to come.
As a cyber security service provider, we forecasted that there are a few cyber security risks associated with adopting this low-code/no-code (LCNC) platforms:
- Insecure coding practices. LCNC platforms can make it easier for users to create applications without having a deep understanding of secure coding practices. This can lead to vulnerabilities such as SQL injection, cross-site scripting, and insecure data storage.
- Third-party components. LCNC platforms often rely on third-party components, such as APIs and libraries. These components can introduce vulnerabilities into applications if they are not properly vetted and maintained.
- Lack of visibility and control. LCNC platforms can make it difficult for IT security teams to have visibility into the applications that are being developed and deployed. This can make it difficult to identify and remediate security risks.
- Shadow IT. LCNC platforms can enable "shadow IT," where users develop and deploy applications without the knowledge or approval of IT security teams. This can make it difficult for IT security teams to ensure that applications are meeting security requirements.
- Misconfiguration. LCNC platforms can be complex, and it is easy for users to misconfigure them. This can lead to security vulnerabilities.
To mitigate these risks, organizations should:
- Provide training on secure coding practices to users who are developing applications on LCNC platforms.
- Have a process for vetting and maintaining third-party components.
- Implement security controls that provide visibility into LCNC applications.
- Monitor for shadow IT.
- Provide training on LCNC platform configuration.
By taking these steps, organizations can help to reduce the cyber security risks associated with adopting LCNC platforms.
Please contact us at [email protected] should you need further clarification on how to keep your organization secured.
Founder Managing Director of TIMFINIT | Managing Business Development in ASEAN region for Engineering Data Intelligence GmbH & Stable Flame GmbH
1 年An insight we all need. LCNC platforms are making developent easy, and the mitigations in your article helps to make it easier! Thanks a lot for sharing