Secure Low-Code/ No Code App Development
Imagine a medieval knight, headed into battle, and suddenly realizing he is only wearing half of his suit of armor. Many Fortune 500 companies are not aware of the size of their low-code / no-code (LCNC) environment. The number of apps and automations developed using low code application platforms such as Microsoft Power Platform, Salesforce, ServiceNow, Appian, UiPath, etc. often outsize the professionally developed code environments by 3-10 times. With the introduction of Generative AI capabilities within these platforms, it has never been easier or faster for business users of all technical backgrounds to create powerful business applications, automations, bots, connections, and more.
In recent years we have witnessed exponential growth in the use of LCNC applications and automations – Gartner predicts by 2026, low-code development tools will account for 75% of new application development, up from 40% in 2021 (Gartner Forecast Analysis: Low-Code Development Technologies, 2022). However, as newly equipped developers are creating apps, automations, and integrations within their environment, they are also creating a new application attack surface within their organizations. Yet, the existing tools and application testing techniques (SAST, SCA, DAST, IAST, etc.) are not built to address the unique characteristics of LCNC applications across visibility, governance, and remediation.
Application security tools spending increased 27% from 2021 to an estimated $3.4B in 2022 (Gartner Magic Quadrant for Application Security Testing, 2023) as companies realized that supply chain attacks are a real threat and one that regulators expect to be mitigated.
Security leaders don’t want to block LCNC solutions since these enable significant impact by streamlining productivity at scale. But as almost anyone can now develop with LCNC, these “citizen developers” are less aware of the security risks and are more prone to creating applications that are susceptible to data leaks, implicit sharing, identity misuse, and more. Until recently there has not been a way to assess and mitigate these security vulnerabilities. Like the shared responsibility of the cloud, LCNC vendors are responsible for the underlying architecture and infrastructure, but not for the resources that are built on top of the platforms, nor the data that they subsequently touch.
Zenity completes the knight’s armor. It provides an enterprise-grade platform for these obstacles by maintaining full, up-to-date, cross-platform inventory of all LCNC apps, providing visibility into apps moving sensitive data between SaaS applications or endpoints, and identifying shadow-IT business apps across the LCNC fleet. The platform enables risk mitigation and automates remediation using continuous risk assessment for LCNC apps and reduction of configuration drifts and exposure to vulnerable third-party app components. It also assists enterprises in improving governance by configuring guardrails to enforce automated actions and policies based on risk, environment, and app usage without disrupting business processes.
Zenity Founders, Ben Kliger and Michael Bargury are cybersecurity veterans who led cloud security initiatives at Microsoft where they experienced firsthand the governance and security challenges of LCNC environments.
The major SaaS tools are now so pervasive and used by business users, third-party contractors, outsourced IT and more to improve productivity and create new solutions. Today, such platforms are already full-fledged development platforms that are empowered by LCNC and Gen AI tools. Business led development with LCNC and Gen AI is widely in use, yet some organizations continue to be unaware of the risks associated with such applications.
We are proud to lead Zenity’s Series A and join existing investors Vertex and UpWest, as well as new investors Gefen Capital and B5, in partnering with Zenity to help businesses understand and address the risks related to their LCNC development.