Leveraging low-code no-code for cyber security
One topic that dominates headlines on a regular basis is cybersecurity. Not a day goes by where we don’t hear about some kind of data breach here or ransomware attack there. For example, in the IoT industry, we’re putting all these connected devices all over the place, and some of these devices were not manufactured with security in mind. To drive this message home, within the past several years, tens of thousands of IoT devices were hacked to mine Bitcoins, or to form a Botnet to carry out malicious attacks. With the prevalence of low-code no-code platforms, businesses are having an easier time than ever developing business applications with little to no involvement from IT. In order to better understand how low-code no-code platforms affect governance and cyber security, I had the pleasure of interviewing Himanshu Arora on #AskTheCEO. Himanshu is the Global Business Head for Low Code/No Code, Automation, and Integration practice at Infosys. He is a trusted digital transformation advisor, speaker, and certified storyteller and has helped many customers “Think, Adopt and Live” various types of transformation journeys in his 23-year career. You can watch the entire interview here.
Avrohom:
As you know, everybody is very conscious about their security needs. Given the daily occurrence of data breaches in companies of all shapes and sizes, can you elaborate on the cyber security aspects of low-code no-code platforms?
Himanshu:
Let's start off with an analogy. Yesterday, I was with a couple of friends in a restaurant, and we had just met up after so long, so we decided to do BYOB — bring your own bottle and spent a nice evening out there. The same concept applies to development and security principles as well. So, on one hand, with all the shiny new toys and objects of low-code no-code platforms, everybody can actually build their apps — and we call it the “Do your own app” paradigm, where the ability for us to teach and train and help everybody create these apps is great. On the other hand, everybody forgets after creating these apps, that somebody has to own these apps as well.
Avrohom:
They have to maintain it.
Himanshu:
Absolutely! So do your own apps, but in the process own your apps. And then you have to really start thinking about RBAC (role-based access control) principles, getting the right data security, security by design, privacy by design, looking at the data attributes, what is allowed versus not allowed. Where do you really need help from your core enterprise IT to come in and help you, versus something that you can do on your own. What are the right boundaries and use cases that you can do with this entire conversation, how can you enable security, especially for the external-facing consumer applications that you are going to put out there, and so on and so forth. And that is exactly what’s important. So, when we go ahead and do adoption sessions with developers, we do two things. (1) To help them understand the concept of owning your app, and hence all of these principles, upfront, before they start designing the applications. (2) Creating a facade layer on top of the standard low-code no-code platforms which helps foolproof, to a good degree, some of these principles, because we have coded it into that facade, and helped the developers not make some basic mistakes in sharing all of that data and problems out there.
Avrohom:
Sort of like hard-coding passwords or ID numbers.
Himanshu:
Absolutely! We have seen them in the past, by the way.
Avrohom:
I started my career as a software developer, and you see this all the time, when developers need to build something quickly, they just cobble something together, and getting it done is more important than getting it done right. There are no comments anywhere. How does low-code no-code help with things like that?
Himanshu:
The ability to do massive simplification of processes while enabling agility is at the core of low-code no-code. So, when we go about working with our customers, developer, and analysts, and helping them and showing that they are solving the right problems we also ensure that they are using the right design principles embedded within the low-code no-code platforms to make it happen. For example, if you are defining a workflow or a process, which is a direct set of steps done by a set of actors who have a defined role, who interact with a set of systems, play with a set of data, to be able to achieve its business outcome. That’s, by the end of the day, a business process. The ability for them to start thinking those words and realizing that, “Hey! I did not set up the right user permissions for this role, this access. I did not even think about this integration, and I hard-coded this data. I did not even think about what’s the end KPI this app is going to deliver for what business process. I coded it! But, to do what? Just because it helped me save 5 minutes of my work? That is the entire fundamentals that we get into with both, from a mindset, the technology foolproofing, as well as leveraging the core, out-of-the-box features of low-code no-code platforms in this area.
About the Author
Avrohom Gottheil is the founder of #AskTheCEO Media, where he helps global brands get heard over the noise on social media, by presenting their corporate message using language people understand.
Avrohom presents his clients as Thought Leaders, which challenges his audience to reimagine their own mission and vision, delivering actionable insights, and leaving them passionate, motivated, and with the necessary tools to take immediate action.
Avrohom comes from a 20+ year career in IT and Telecom, where he helped businesses around the world install and maintain their communication systems and contact centers. He is a Top-ranked global expert in IoT, AI, Cloud, and Cybersecurity, followed worldwide on Twitter, and a frequent speaker on leveraging technology to accelerate revenue growth.
Listen to him share the latest technology trends, tools, and best practices for IoT, AI, Cloud, Cybersecurity, and emerging technologies on the #AskTheCEO podcast — voted as the #1 Channel Friendly Podcast in 2019 by Forrester, and #2 Podcast from Thinkers360 Thought Leaders in 2020.
Contact Avrohom:
Facebook: https://facebook.com/AvrohomGottheil
Twitter: @avrohomg
Instagram: @avrohomg
