Cybersecurity in Low-Code/No-Code platforms
I recently got myself into a very interesting challenge — I invited 3 platform owners (ServiceNow, Salesforce, and Appian) and I bet that I ask a very simple question about the platforms that they won’t be able to address.
I was right, and it was fun.
Need to add some background — I’m exploring cybersecurity issues that could arise while working with low-code/no-code platforms.
Platforms like ServiceNow and Salesforce significantly invest in security architecture, and they are very secure against external threats like hacking, exploits, DDoS, etc. But external threats are not the only focus of cybersecurity. There is another type of cybersecurity threat which is called “insider threat”.
An insider threat is a malicious or negligent activity managed by people within the organization, such as employees, contractors or business associates. It is a very complex issue because we’re talking about legitimate people with legitimate access to the platform, data, and processes.
The insider threats problem appears to be the hottest topic in the cybersecurity domain in recent years. Credential thefts, for example, have almost doubled in number since 2020.
Insider threats caused by careless or negligent employees are the most prevalent. According to the research by Ponemon Institute, 56% of incidents were due to negligence, and the average annual cost to remediate the incident was $6.6 million.
The insider threats problem is complex because it conceptually differs from external threats. When low-code/no-code platforms are highly secure from external intrusions and exploits, we may face a hard question — how do we protect (and should we?) ourselves from legitimate internal users.
Insider threat problem is about people, it’s not about technology. So what do you know about users on your platform?
Who are my admins?
Back to my challenge with the platform owners. The question I asked was really simple but very sensitive from a security standpoint:
Do you know how many admins you had on your platform last weekend? And what are the names?
They laughed at me first, and said of course we know, we can go to the platform and check it out in a minute. And then I asked a follow-up question:
These users are admins as of NOW. How do you know that last Saturday between 2am and 4am it was the same list of admins?
It was a moment when the significance of the insider threat problem revealed itself.
They immediately realized the lack of visibility and how it could affect the security of data and operations. If we cannot address a simple audit question about our users, how do we even know what is going on in our platform?
Insider Threats in Low-code/No-code platforms
We tend to have more and more people, applications, and processes on low-code/no-code platforms. This is an evolution of business operations supported by the evolution of software development processes. And this evolution brings new cybersecurity challenges.
Insider Threats are not something new to the cybersecurity domain, but it is a new and emerging topic for low-code/no-code market. The more business operations we move to low-code/no-code platforms, the more insider risks we’ll face, and the cost of incidents increases significantly.
Experts say that by 2025 65% of business application development will be happening on LCNC platforms, so it will be a fun ride.
Just remember: insider threats are all about people and visibility, and technology is just a tool.