4 security concerns for low-code and no-code development

Low code does not mean low risk. By allowing more people in an enterprise to develop applications, low-code development creates new vulnerabilities and can hide problems from security.

Low-code and no-code development promises to speed up the deployment of new applications and to allow non-technical users to create apps. The idea has been around for a long time. Now, new cloud-based platforms for creating mobile and web apps, as well as tools built into platforms like Microsoft's Office 365, Google's G Suite and Salesforce, are bringing app development capabilities to a growing user base.

According to research by Markets and Markets, the low-code development platform market is expected to grow from $4.3 billion in 2017 to more than $27 billion by 2022. In fact, 84% of enterprises have adopted a low-code development platform or tool, according to a Forrester survey of global IT and business decision makers released this March, and, of those, 100% have seen a positive return on their investment.

In many respects, these development platforms are more secure than the technologies they're replacing, since the cloud vendors can implement global access controls and permission while giving enterprises a single view into what all their employees are doing with the data. However, 59% of respondents to the Forrester survey cite security as the top challenge when it comes to adoption of low-code platforms.

Here are four security concerns around low-code apps that experts believe enterprises need to consider.

1. Lack of visibility

One of the biggest challenges of low-code and no-code development is that it might be difficult for enterprises to get a handle on what their employees are building. Part of it has to do with the whole problem of shadow IT, says Mounir Hahad, head of threat research at Juniper Networks. "Most shadow IT we hear about is tied to the hip with shadow development," he says. "Very often, when employees go around corporate IT to stand up a public cloud infrastructure, be it storage or compute, it is usually accompanied by some application that allows processing of data in the cloud.”

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!