Low-code and no-code development platforms are great tools for rapid software development, helping non-technical business experts and IT quickly write powerful, useful applications. But are they safe and secure — and what can be done to make sure they meet enterprise-level standards for security?
That’s the question posed by the article in Dark Reading, “In App Development, Does No-Code Mean No Security?” The article poses the conundrum simply: “The question is whether no-code also means no security.” It goes on to quote Vinay Mamidi, senior director of project management at security vendor Virsec: “While trained developers may have varying levels of skill in security, no-code developers are generally oblivious to security best practices or risks.”
The reason for that, the article notes, is that no-code developers haven’t been trained in security, as have more experienced developers. Because of that, it’s vital that businesses choose low-code/no-code platforms that “themselves build security into the final product,” the article says.
Mounir Hahad, head of Juniper Threat Labs at Juniper Networks believes that the right low-code/no-code platform may be even more secure that other development tools. That’s because low-code/no-code platforms assume that whoever is writing applications will not have a background in security, and so take care of a lot of security issues by themselves. He notes that with these platforms, “There's a huge step up [in security] because there is a common denominator as far as security best practices and implementations that framework providers build into their own SDLC [software development lifecycle]."
That doesn’t mean, though, that IT should assume that every aspect of security will be handled by the platforms. Hahad warns, “In no way does this solve the general problem of securing an application. Patching for vulnerable subsystems and third-party code still needs to be done, for example."
Virsec’s Mamidi adds, “Enterprises must find ways to audit processes and vendors, and maintain reasonable security oversight, even if that makes the [development] process a bit less convenient.”
The same general rules of security apply whether your company uses traditional development tools or a right low-code/no-code platform. The article concludes that it’s vital that organizations have someone focused on security. It quotes Jason Kent, hacker in residence at Cequent, saying “The most successful organizations that I see have an application security architect — somebody with a foot in security and a foot in development. They can more easily identify and define the kinds of controls that you need to make low-code/no-code environments secure and still collaborative."
Choosing the Right Low-Code/No-Code Platform with the Best Security
Alpha TransForm (for non-developers) and Alpha Anywhere (for developers) are no-code/low-code tools that include the highest levels of enterprise security. Alpha Anywhere has the unique ability to rapidly create mobile-optimized forms and field apps that can easily access and integrate with any database or web service and can exploit built-in role-based security or robust offline functionality. Alpha TransForm and Alpha Anywhere can work independently or together as a single platform and are well-suited for both IT, citizen developers and other staff. Alpha TransForm helps business users craft online or offline mobile apps in minutes that utilize the latest mobile features (camera, GPS, etc.) for fast, accurate data capture. Learn more take a free trial for 30 days.