Home Zenity: Enabling Risk-free Citizen Development for Modern Businesses
Cybersecurity News

Zenity: Enabling Risk-free Citizen Development for Modern Businesses

Jason Dunlap
In our content, we occasionally include affiliate links. Should you click on these links, we may earn a commission, though this incurs no additional cost to you. Your use of this website signifies your acceptance of our terms and conditions as well as our privacy policy.

Business-led app development has numerous advantages. It eliminates licensing costs and provides complete flexibility and control. However, it also has its risks, particularly when it comes to cybersecurity.

The rise of low-code/no-code app development platforms is a welcome development for many. These platforms make it easy to create apps, automate processes, and integrate legacy or cloud-based systems. All of these address specific and critical needs of organizations. However, despite being innovative, they are associated with a number of risks. These include having no visibility of development activity and its security implications at the business-logic level, including, access control, identity management, data security, supply-chain, insecure code, and business logic flaws.

The citizen development cybersecurity problem

In April 2022, DarkReading conducted a survey on the state of enterprise application security. In the findings, 32 percent of the survey respondents said that they do not see governance over how low-code/no-code apps are accessing and using data loss prevention measures. Low-code/no-code platforms oversimplify the process of backing data into apps, which can mean serious data handling mistakes.

Additionally, the survey reveals that IT and security teams lack the proper information on how to check for security in low-code/no-code applications. Examining the code of the resulting apps is irrelevant, as the exposure comes from the maker side of the shared responsibility model, and making sure that the app, automation, or integration is secure and robust is going to be extremely challenging. This problem can be associated with the security visibility issue pointed out by 25 percent of the respondents. It is very difficult to protect or ascertain the security of something that is not seen. 

Moreover, the survey shows that around a third of IT teams are unaware of low-code/no-code security concerns. Many platforms promise that they are secure, and many users readily believe that claim. All they care about are the ease and convenience they get from using these platforms.

Addressing security issues with Zenity

Zenity offers a solution to resolve the security issues and risks that come with low-code/no-code app development. It is a governance and security platform that makes the citizen development of business apps risk-free, addressing a crucial issue that deserves the utmost attention.

Introduced in 2021, Zenity aims to provide continuous protection for all low-code/no-code apps, automations, integrations, and their components. It enables the formulation and implementation of app governance policies, the identification of security risks, detection of emerging threats, as well as automatic threat response and mitigation.

Zenity takes the distinction of being the first security governance solution for low-code/no-code development. Likewise, Zenity addresses a critical problem already identified previously, however, lacked a systematic and easy-to-adopt solution.

How Zenity works 

Zenity allows for the securing of low-code/no-code apps, automations, and integrations by providing full visibility and control over low-code/no-code platforms. It supports the development and enforcement of security policies, continuous monitoring and detection of policy violations, identification of anomalous app behavior, and effective remediation and troubleshooting of issues. Focus areas include discovery, mitigation, governance, and protection, especially.

  • The platform makes it easy to discover shadow IT low-code/no-code apps, automations, and integrations. The design maintains an up-to-date cross-platform inventory of all low-code/no-code components and their relationships
  • For the mitigation aspect, Zenity minimizes attack surfaces with its ability to undertake a continuous risk assessment. Moreover, it can also detect drifts from security and compliance best practices, and usages of insecure apps.
  • Zenity provides effective app governance. This is done through its configurable safeguards with automated responses to risks, app usage, and environmental factors. This makes it possible to address risks without business disruptions.
  • To ensure robust app security, Zenity is designed to detect suspicious activities. These include malware obfuscation, supply chain attacks, data exfiltration or leaks, and risky users.

Resolving crucial low-code/no-code weaknesses

Uriel Zilberberg, a security researcher at Zenity, aptly calls low-code platforms the new holy grail of cyberattackers. In fact, they are a sought-after attack surface since many organizations embracing them are not highly aware of the security repercussions and don’t actively monitor them. As mentioned in the survey cited earlier, around 33 percent of IT teams lack familiarity with low-code/no-code security issues.

“For low-code/no-code platforms to be effective in business, they have to make use of critical business data. This data could be on the cloud, on-premises, or even stored with third parties such as a trusted SaaS vendor,” Zilberberg says.

Here lies the rub: a threat actor who manages to access the low-code/no-code platform essentially also gains the ability to “run code” (create and run an app or automation) using the data or identity embedded in the business logic of the implementation itself. What’s more, low-code/no-code platforms also enable users to share connections with each other. This is inevitable for many organizations that rely on such platforms, mainly because they want to enjoy the convenience and extensive control associated with building their own apps and allowing collaboration and interconnections to undertake organization-wide operations.

Zenity provides the security functions that traditional InfoSec and AppSec lack to effectively cover the low-code/no-code paradigm. In addition, it can also complement the insufficiency and lack of scalability of the security audits conducted in organizations. Likewise, it compensates for the lack of cybersecurity proficiency among most citizen developers or users of low-code/no-code development platforms. Zenity plugs various security loopholes to remove the security stigma of embracing low-code/no-code app development.

In summary

Zenity provides the zen organizations need as they deal with the chaos and challenges brought about by the adoption of low-code/no-code development platforms. As Zenity CTO Michael Bargury affirms, “Low-Code/No-Code is a great enabler. The really cool thing about it is that it lowers the bar to be a digital creator.” Likewise, Bargury also stresses the importance of app security, privacy, compliance, and resilience.

Latest News

ChatGPT Vulnerability Can Potentially Leak Training Data

ChatGPT Vulnerability Exposes User Information, Can Potentially Leak Training Data

Referral Market Statistics Key Points

20 Inspiring Referral Marketing Statistics and Facts for 2023

Consumers trust recommendations from their friends and family more than any other form of advertising. Due to positive past results, companies can opt for referral marketing, find new clients, reach...

SoftBank Statistics and Facts

80+ SoftBank Statistics to Know (2023 Market Share)

Do you know tech investment giant SoftBank? You may recognize their bold moves like a $100 billion Vision Fund or early bets on startups like Alibaba. But behind those flashy...

Musk Launches Profanity Attack Against Advertisers

Musk Launches Profanity Attack Against Advertisers

Law Drafted by ChatGPT Passed By Lawmakers In Brazil

Law Drafted by ChatGPT Passed By Lawmakers In Brazil

Montana’s State-Wide Ban on TikTok Blocked in Federal Ruling

Montana’s State-Wide Ban on TikTok Blocked in Federal Ruling

Apple Users Must Make These Changes NOW to Stay Safe

Apple Users Must Make These Changes NOW to Avoid Being Hacked