One remarkable change during the COVID-19 pandemic was the increase in citizen developers. Companies needed digital platforms to interface with their customers and fast, and they turned to internal business experts to develop these tools using low-code SaaS applications.

What exactly are citizen developers? They have expertise on the business but lack formal training in computer science and other disciplines. In a Forrester survey of nearly 800 digital and IT professionals, 39% reported that they empower employees outside of IT to deliver apps – in other words, they use citizen developers. In this same survey, 74% indicated they had experienced some sort of data breach in the past year. And alarm bells are signaling that a major data breach is just a matter of time.

We recently sat down with Forrester Senior Analyst, Security and Risk Janet Worthington to take a look at the rising risk of data breaches in a webinar titled “Will Citizen Development Lead to a Headline Cybersecurity Breach in 2023?” and to discuss key watch-outs and a cultural shift needed to enhance security.

In the webinar, we discussed:

  • How low-code helps organizations develop business-relevant applications quickly.
  • Why it’s important to know who is using low-code platforms in your organization.
  • The importance of applying security controls that match your developer’s persona.
  • Understanding the security features of your low-code platform.
  • Implementing appropriate guardrails before or during application design.

Low-code presents its own set of challenges

Worthington cites several risks associated with low-code application development, including:

  • Cyber risk: Unauthorized data access, deletion, theft or modification.
  • Human risk: Accidental deletion or other human error.
  • Application risk: Data protection failure resulting in an old, incomplete or failed backup.
  • Operation risk: Hardware corruption resulting in an incomplete or unusable backup.
  • Environmental risk: Downtime or inability to access backup for recovery.

While low-code platforms often appear to have security covered, a re-think is required. We need to take a step back and really understand and evaluate what exactly the low-code platform offers.

The pressure to release applications faster and faster has led to a proliferation of customer-facing apps built using low-code development. Gone are the days of the waterfall methodology where security could review every step. Today, it’s about using Agile and DevOps in order to meet the enhanced need for speed.

A new mindset necessary for security’s sake

A common pitfall of the DevOps process is that while security tends to play a heavy role early on, the initial cyber security process agreed to gets set aside. This leads to a major event – an audit, compliance, or security breach – and thrusts security back into the spotlight, but often not before significant damage has been done.

Today, security isn’t always fully integrated into the DevOps process, but it can be. DevSecOps is a culture shift. It’s about establishing a fully-integrated process where security is an integral part of the development lifecycle.

Ultimately, security bears the responsibility for applying guardrails to the low-code development process. These parameters include:

  • Data classification and protection.
  • Access control.
  • Threat Remediation.
  • Security testing. 
  • Implementing Security Policy as code.

Flosum is a reliable solution to establish a true DevSecOps process that enables fast deployments in a security-conscious environment. Schedule a free demo of Flosum to learn more.

signup for our blog


“Flosum is the best native release management tool that you will fall in love with. I have gained confidence in my role and has given me the ability to view release management from a whole different perspective.”

Faizan Ali

Faizan Ali
Salesforce Consultant at Turnitin