Understanding Low-Code and Citizen Development in Salesforce DevSecOps

There isn’t much in daily life that remained unchanged post-pandemic. Among the standout impacts was the enhanced need for speed in application development. Digital platforms that would interface with customers fast became all the rage – and along with it, a new approach to turning around tools at a lightning-fast pace.

The pressure to release applications faster and faster has led to a proliferation of customer-facing apps built using low-code and citizen development. We recently sat down with Forrester Senior Analyst, Security and Risk Janet Worthington to discuss this trend and more in a webinar titled “Will Citizen Development Lead to a Headline Cybersecurity Breach in 2023?”

According to Forrester, in 2023, 60% of new applications developed by organizations will use low-code or no-code technologies. Meanwhile, the use of so-called citizen developers is also on the rise. In fact, when Forrester surveyed nearly 800 digital and IT professionals, 39% say they empower employees outside of IT to deliver apps.

What exactly are citizen developers? They have expertise in the business but lack formal training in computer science and other disciplines. And this lack of formal training coupled with the use of low-code SaaS applications has given way to a new era of security risks.

Security in low-code may be ‘fool’s gold’

When using low-code platforms, one may be lulled into a sense of false security because low-code platforms often appear to have security covered. Not so fast, according to the experts. First, an evaluation of what the low-code platform offers in the way of security is recommended. That’s because failure to do so opens up a plethora of security risks and may just lead to a headline security breach.

Worthington cites several risks specifically associated with low-code application development, including:

  • Cyber risk: Unauthorized data access, deletion, theft or modification.
  •  Human risk: Accidental deletion or other human error.
  • Application risk: Data protection failure resulting in an old, incomplete or failed backup.
  • Operation risk:  Hardware corruption resulting in an incomplete or unusable backup.
  •  Environmental risk: Downtime or inability to access backup for recovery.

With the proliferation of low-code and citizen development comes the need to bring security back to center stage – where it belongs.

Giving security center stage

To help organizations reap the benefits of citizen development while keeping their systems and data safe, security teams needs to establish guardrails to keep the development process moving while maintaining that security mindset. These guardrails include data classification and protection, access control, targeted application reviews, and lastly, security testing.

While today’s DevOps teams are getting better at engaging security early on, security processes tend to get bypassed as the pressure to speed up development intensifies. Ultimately, this opens the door for a security breach. Only then is security thrust back into the forefront, which is obviously not an optimal scenario. As we all know, security
breaches come with a hefty price tag, both in terms of actual costs and damaged customer trust.

The expanding use of low-code SaaS applications for development presents a host of security issues in and of itself. Couple that with the ever-growing use of technically untrained citizen developers and you’ve got a recipe for disaster. What’s needed is a complete mind shift, a cultural change that fully integrates security back into the entire process – Salesforce DevSecOps.

Flosum is native to Salesforce and provides a reliable solution to establish a true DevSecOps process that enables fast deployments in a security-conscious environment. Schedule a free demo of Flosum to learn more.

Once in place, the heightened risks associated with the use of low-code platforms and citizen developers can be successfully abated, allowing businesses to benefit from these in-house subject matter experts.

To get the full benefit of our chat with Forrester, watch the webinar here

signup for our blog


“Flosum is the best native release management tool that you will fall in love with. I have gained confidence in my role and has given me the ability to view release management from a whole different perspective.”

Faizan Ali

Faizan Ali
Salesforce Consultant at Turnitin