Ben Kliger is the CEO and Co-Founder of Zenity. He is a cyber security expert with extensive hands-on and product management experience and an involved, down-to-earth business leader and team builder. He is extremely passionate about the intersection of technology democratization and cyber security.
Michael Bargury is the CTO and Co-Founder of Zenity. He is an industry expert in cyber security who has led innovation and teams in areas such as API security, IoT security, Confidential Computing and many more. He is a thought leader and key figure in the low-code/no-code security space, and is excited about empowering security professionals to become key business enablers and be part of the low-code/no-code and digital transformation revolution.
In this interview, Ben Kliger and Michael Bargury provide insights into low code/no code application development and cyber security.
What business challenges can low code/no code applications help resolve?
Every business that needs to customize software faces lack of developer manpower and/or a lack of time. Business units need updated modern applications or features to do their jobs better and to push the business forward. In typical situations, departments request this assistance from IT. Of course, the sooner business users get their applications, the better it will be for the company, but IT often has a lot on their plates already. That, plus the inevitable back-and-forth, “yes, this is what I wanted,” “no, you didn’t understand,” means that business growth is hampered.
Low-code/no-code platforms democratize development and enable business users to take ownership for developing the applications that they need on their own. It removes the dependency on pro developers’ attention and time, and enables the business to move faster.
How are these new classes of applications expanding avenues for attack?
Low-code/no-code is a separate development pipeline that runs parallel to the traditional software development pipeline. Traditional development is carefully constructed for control over the development process and the finished product. Business continuity, regulatory compliance and risk management are top priorities and they are accomplished through established procedures, roles and responsibilities.
The low-code/no-code development lifecycle involves significantly shorter procedures and fewer roles than traditional cycles. This makes the development process -from concept to finished product- simpler and faster, but without the typically required means of governance and security. Low-code/no-code applications are vulnerable to business logic errors because, unlike traditionally developed applications, they are developed and maintained by business users who lack information security training and tools to help them avoid security risks.
What technologies were in existence to secure these avenues ahead of Zenity?
There weren’t any. The InfoSec and AppSec technologies in existence were all structured to monitor and secure the traditional development pipelines and runtime environments. Low-code/no-code is a different animal, with its own security and governance needs.
Why are new technologies needed?
CIOs, business application teams, low-code/no-code platform admins, CISOs and information security professionals need visibility and control over the low-code/no-code application estate in their organization so that they can securely open up new development channels, becoming powerful business enablers and key figures in moving the business forward.
Tell us about the Zenity story
Michael (my co-founder) and I both held positions in Microsoft cloud cyber security organizations, working with large companies -Fortune 1000 included- and have in-depth experience in elite Israeli intelligence units and cyber security-focused companies. We kept seeing the struggles and frustrations of such companies in dealing with governance for their low-code/no-code platforms. The consequences of allowing low-code/no-code could be introducing security risks, gaps in business continuity and non-compliance. But the consequences of not allowing low-code/no-code would be putting a stranglehold on the organization’s growth and business success.
Information security was stuck between a rock and a hard place. It was that desire to provide the right tools -so they could give their business users freedom while maintaining control- that drove us to create Zenity.
Tell us about the technology behind the product
Zenity connects to any low-code/no-code platform and continuously assesses the security state of every app component and configuration, in the business logic level of every application developed on top of the platform. Zenity continuously monitors the apps and provides cross platform inventory, discovers business logic vulnerabilities, detects suspicious or malicious activities, provides guidance for immediate remediation, and enables you to configure guardrails to enforce automated actions based on risk, environment and app usage.
What are your main security concerns regarding low code/no code applications?
According to our security research, some of the main security concerns involve privilege escalation, data leakage and many more, such as those covered in Zenity’s whitepaper on the 7 Deadly Sins of Low-Code Security.
What kinds of low code/no code solutions are customers adopting most often?
We are seeing massive adoption of Low-Code Application Development Platforms (LCAP), workflow automation platforms, Integration Platforms as a Service (iPaaS) and Robotic process automation (RPA). These types of platforms enable businesses to create advanced applications and automations, helping them to be more productive and business-oriented, remove repetitive manual processes, transform their businesses by creating modern business applications for mobile devices or internal ML-based systems, and optimize human resource investment. In many cases, these initiatives are also led by the business units themselves, strengthening the “citizen development” movement in some of the largest organizations in the world. This enables business users to create powerful enterprise-grade applications simply, quickly and efficiently.
Your perspectives on the future of low code/no code?
First, we must say that we absolutely love and are big believers in low-code/no-code technologies. They make it possible for every person in the world to be a potential developer, allow greater productivity and efficiency, as well as help to bridge the gap between people with different backgrounds and skills.
By 2024, experts predict that 65% of application development will be done through low-code/no-code platforms. Low-code/no-code development saves time, encourages innovation, enables businesses to move fast in an ever-more competitive environment – of course any intelligent business would jump on it! Low-code/no-code is here to stay, and it will just get bigger and more pervasive.
Anything else that you wish to share with the Cyber Talk business audience?
Zenity is experiencing rapid growth, the platform gets better and broader on a weekly basis, and we are seeing more super interesting use-cases and risk and attack avenues. We are eager to talk to you and hear your perspectives on the problem space in your organizations and the kind of concerns you are dealing with when it comes to business led citizen development.
Lastly, please join us at the premiere cyber security event of the year – CPX 360 2022. Register here.