Citizen developers, often without a formal background in programming, are harnessing the power of generative AI capabilities to create powerful business applications and automations in low-code/no-code platforms like Microsoft Power Platform, Salesforce, and ServiceNow. While this democratization of software development brings about numerous benefits, it also introduces a host of new cybersecurity risks that organizations must address to safeguard their sensitive data and maintain compliance standards.

In an era of rapid technological advancements, healthcare organizations are always looking for ways to become more productive and more efficient. In this quest, they are increasingly turning to citizen development and Generative AI tools to streamline processes and drive innovation. Citizen development empowers non-technical employees to create their own applications and automations, thereby enhancing operational efficiency.

In a rapidly evolving digital landscape, data security has become a paramount concern within the AppSec community As organizations embrace digital transformation and the shift towards cloud-based solutions, the onus is on them to protect sensitive data. However, the recent ServiceNow data exposure highlights an alarming concern: what happens when developers build apps and automations with risky default settings?

In an era where humans are becoming closer and closer to technology, it is reshaping the way we work and do business. This was a prevalent theme from the Microsoft Power Platform 2023 conference, and it was great to experience the event as it provided insight into the cutting-edge tools and strategies driving the next wave of business productivity.

Welcome back to the final part of my blog series on taking Power Platform security and governance to the next level. In Part 2 (which you can read here), I dove into essential strategies for securing and governing Power Platform environments. Today, I’ll encourage everyone to push the envelope further by exploring advanced techniques to establish good hygiene for citizen development, maintain audit logs, implement automation playbooks, and provide ongoing education for builders and makers.

In the first part of this blog series, we explored the foundational steps required to kickstart a robust security program for any organization’s low-code/no-code development environment within Microsoft Power Platform. We discussed the importance of differentiating between sensitive and non-sensitive data, identifying the makers and builders, and implementing the principle of least privilege access.

The world of software development has witnessed a significant transformation thanks to low-code/no-code development platforms like Microsoft Power Platform, Salesforce, and ServiceNow. These platforms have empowered developers and business users of all technical backgrounds to create applications, automations, bots, connections (and more), rapidly and with greater accessibility.

Welcome to the first installment of my three-part blog series on securing low-code/no-code development within the Microsoft Power Platform ecosystem. As Zenity’s Director of Customer Success I’ve seen firsthand how businesses are embracing the power of applications like Power Apps, Power Automate, and Dynamics 365, all fortified by the impressive capabilities of generative AI.

I am thrilled to share some exciting news that marks a significant milestone in the Zenity journey. Today, our company has successfully closed our Series A round of fundraising, led by Intel Capital. We are thrilled to welcome Intel Capital, in addition to Gefen Capital and B5, who join our existing partners from UpWest and Vertex Ventures. Together with the Zenity team, we know this is just the beginning.

When working with security teams and application security analysts, the new world of low-code/no-code development presents new questions that invariably begin with ‘where do we start?’ With so many new applications, automations, and more that are introduced to the corporate environment, it can seem like an endless pit of concerns about data flows, user permissions and potential security risks introducing my organization that need to be analyzed and brought under management.