One remarkable change during the COVID-19 pandemic was the increase in citizen developers. Companies needed digital platforms to interface with their customers and fast, and they turned to internal business experts to develop these tools using low-code SaaS applications.
What exactly are citizen developers? They have expertise on the business but lack formal training in computer science and other disciplines. In a Forrester survey of nearly 800 digital and IT professionals, 39% reported that they empower employees outside of IT to deliver apps – in other words, they use citizen developers. In this same survey, 74% indicated they had experienced some sort of data breach in the past year. And alarm bells are signaling that a major data breach is just a matter of time.
We recently sat down with Forrester Senior Analyst, Security and Risk Janet Worthington to take a look at the rising risk of data breaches in a webinar titled “Will Citizen Development Lead to a Headline Cybersecurity Breach in 2023?” and to discuss key watch-outs and a cultural shift needed to enhance security.
In the webinar, we discussed:
Low-code presents its own set of challenges
Worthington cites several risks associated with low-code application development, including:
While low-code platforms often appear to have security covered, a re-think is required. We need to take a step back and really understand and evaluate what exactly the low-code platform offers.
The pressure to release applications faster and faster has led to a proliferation of customer-facing apps built using low-code development. Gone are the days of the waterfall methodology where security could review every step. Today, it’s about using Agile and DevOps in order to meet the enhanced need for speed.
A new mindset necessary for security’s sake
A common pitfall of the DevOps process is that while security tends to play a heavy role early on, the initial cyber security process agreed to gets set aside. This leads to a major event – an audit, compliance, or security breach – and thrusts security back into the spotlight, but often not before significant damage has been done.
Today, security isn’t always fully integrated into the DevOps process, but it can be. DevSecOps is a culture shift. It’s about establishing a fully-integrated process where security is an integral part of the development lifecycle.
Ultimately, security bears the responsibility for applying guardrails to the low-code development process. These parameters include:
Flosum is a reliable solution to establish a true DevSecOps process that enables fast deployments in a security-conscious environment. Schedule a free demo of Flosum to learn more.
And to get the full benefit of our chat with Forrester, watch the webinar here.