Cloud Wars
  • Home
  • Top 10
  • CW Minute
  • CW Podcast
  • Categories
    • AI and Copilots
    • Innovation & Leadership
    • Cybersecurity
    • Data
  • Member Resources
    • Cloud Wars AI Agent
    • Digital Summits
    • Guidebooks
    • Reports
  • About Us
    • Our Story
    • Tech Analysts
    • Marketing Services
  • Summit NA
  • Dynamics Communities
  • Ask Copilot
Twitter Instagram
  • Summit NA
  • Dynamics Communities
  • AI Copilot Summit NA
  • Ask Cloud Wars
Twitter LinkedIn
Cloud Wars
  • Home
  • Top 10
  • CW Minute
  • CW Podcast
  • Categories
    • AI and CopilotsWelcome to the Acceleration Economy AI Index, a weekly segment where we cover the most important recent news in AI innovation, funding, and solutions in under 10 minutes. Our goal is to get you up to speed – the same speed AI innovation is taking place nowadays – and prepare you for that upcoming customer call, board meeting, or conversation with your colleague.
    • Innovation & Leadership
    • CybersecurityThe practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.
    • Data
  • Member Resources
    • Cloud Wars AI Agent
    • Digital Summits
    • Guidebooks
    • Reports
  • About Us
    • Our Story
    • Tech Analysts
    • Marketing Services
    • Login / Register
Cloud Wars
    • Login / Register
Home » The Risky Intersection of Low-Code Development and Cybersecurity
Cybersecurity

The Risky Intersection of Low-Code Development and Cybersecurity

Robert WoodBy Robert WoodDecember 20, 20214 Mins Read
Facebook Twitter LinkedIn Email
No-Code Apps & Cyber Security
Share
Facebook Twitter LinkedIn Email
Acceleration Economy Cybersecurity

Low-code and no-code application development have been emerging over the last few years, as a way to empower more users to innovate and lower the barriers to automating work. Armed with this capability from technologies like Zapier, AWS Honeycomb, and Microsoft PowerApps, users can begin to merge their creativity, domain knowledge, and some of the benefits of software development together.

But what about cybersecurity and low-code/no-code? Well, the jury is still out as to whether or not this trend is beneficial. Like most things, it depends on the circumstances:

  • The scenario or business process supported
  • The data handled by these tools
  • The planned support and maintenance model
  • The integrations used with other applications and cloud services

When considering the security of these platforms, the above dimensions matter a great deal to the overall risk. There is no one-size-fits-all risk assessment for these technologies and their planned use.

Shared Responsibility Model

These platforms typically deploy as a part of a software-as-a-service model, which may follow a model similar to the one below.

Standard cloud service provider shared responsibility model

The low-code/no-code platform complicates this model in several ways:

  • Multiple provider solutions are connected together with data, or other application context, shared between them
  • Different risk profiles likely exist for each connection point
  • The user is building new workflows or lightweight applications on top of functionality inside of the low-code/no-code platform
  • The user is using functionality exposed by these other connected services. This functionality is in some ways an abstraction of lower layers of this shared responsibility model. By extension, it shifts back in favor of more user control.

This model is not as clean as it is with typical cloud service provider consumption. It also changes as use cases evolve.

Opportunity Cost

Teams must consider today’s risk alongside the risk of what might change. There is complexity in the shared responsibility model, but it’s not the only focus. Risk is in everything we do.

There is a natural tendency to focus only on what’s changing or what’s new, not on the risk of something staying as-is: for example, spreadsheets filled with sensitive data passed over email; or data saved on a user’s file system, all of it subject to loss or mishandling. Creating a simple automated flow to connect several applications together is usually solved through the manual exchange of files and analysis. How does that change the risk profile?

The answer is different for every scenario. But it’s something we as cybersecurity professionals need to consider, while asking ourselves a fundamental question:

What’s the risk of doing nothing?

We may not want mission-critical business processes built on these kinds of platforms. However, if they enable simple things to move faster or operate more safely, that might be worthwhile in your environment. These platforms can also be very useful for rapid experimentation to find solutions that add value. This learning process may pave the way towards building a more robust, scalable, and mission-reliable solution.

Empowering Domain Experts

The growth and maturity of low-code/no-code platforms are exciting, and highlight what is possible when engineering-like capabilities are put in the hands of more people. That’s especially true when focused on empowering people with problem and domain expertise.

However, these platforms are no silver bullet. The complexities around risk and shared responsibility make them optimal for small-scale task automation, support, and experimentation, but not as much for large-scale mission-critical functions.

There’s a growing trend to empower end-users to not accept the status quo in how to do their work or how business processes come together. As a cybersecurity team, prepare for how this risk assessment comes together in your environment and seek to enable where you can.

Cyber Security Cybersecurity channel featured low-code/no-code
Share. Facebook Twitter LinkedIn Email
Robert Wood

Robert Wood is an Acceleration Economy Analyst focusing on Cybersecurity. He has led the development of multiple cybersecurity programs from the ground up at startups across the healthcare, cyber security, and digital marketing industries. Between experience with startups and application security consulting he has both leadership and hands on experience across technical domains such as the cloud, containers, DevSecOps, quantitative risk assessments, and more. Robert has a deep interest in the soft skills side of cybersecurity leadership, workforce development, communication and budget and strategy alignment. He is currently a Federal Civilian for an Executive Branch Agency and his views are his own, not representing that of the U.S. Government or any agency.

Related Posts

Google Cloud Still World’s Hottest Cloud and AI Vendor; Oracle #2, SAP #3

July 1, 2025

SignUp Software Insights on Optimizing Dynamics 365 With ISV Partnerships

July 1, 2025

Hottest Cloud Vendors: Google Cloud Still #1, But Oracle, SAP Closing In

July 1, 2025

Marc Benioff AI Report Card Includes A+ for Vision but C- for Math

June 30, 2025
Add A Comment

Comments are closed.

Recent Posts
  • Google Cloud Still World’s Hottest Cloud and AI Vendor; Oracle #2, SAP #3
  • SignUp Software Insights on Optimizing Dynamics 365 With ISV Partnerships
  • Hottest Cloud Vendors: Google Cloud Still #1, But Oracle, SAP Closing In
  • Marc Benioff AI Report Card Includes A+ for Vision but C- for Math
  • OpenAI Partners with Google Cloud Amid Soaring AI Demand, Reshaping Ties with Microsoft

  • Ask Cloud Wars AI Agent
  • Tech Guidebooks
  • Industry Reports
  • Newsletters

Join Today

Most Popular Guidebooks

Accelerating GenAI Impact: From POC to Production Success

November 1, 2024

ExFlow from SignUp Software: Streamlining Dynamics 365 Finance & Operations and Business Central with AP Automation

September 10, 2024

Delivering on the Promise of Multicloud | How to Realize Multicloud’s Full Potential While Addressing Challenges

July 19, 2024

Zero Trust Network Access | A CISO Guidebook

February 1, 2024

Advertisement
Cloud Wars
Twitter LinkedIn
  • Home
  • About Us
  • Privacy Policy
  • Get In Touch
  • Marketing Services
  • Do not sell my information
© 2025 Cloud Wars.

Type above and press Enter to search. Press Esc to cancel.

  • Login
Forgot Password?
Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.