As a 25-year CTO, the thing that always keeps me up at night is the fear of a data release. Whether you’re Target or Bob’s Grocery—waking up and seeing your financial data, customer list, or payroll information plastered all over the web (or even rumored to be all over the Web) can be a reputational/financial disaster.
No/low-code apps are software. Software MUST be secure.
The ease with which Quickbase can connect to internal legacy systems and the external world is stunning. It also means that we have to understand that with connectivity comes responsibility. We must realize that security requires thought, expertise, and oversight to safely connect systems (as it always has).
However, because IT often does not understand no/low-code, or doesn’t have the time to mess with it, they fear it.
As a result of this fear, some organizations (especially those with IT organizations) have simply “turned off the faucet” when it comes to allowing no/low-code connectivity. Rather than allowing their no/low-code apps to attain their full business potential and ROI by incorporating legacy system and external data, they simply prohibit them from accessing any corporate or external data.
This head-in-the-sand approach reminds me how the mainframe folks at the large bank I worked at in 1992 talked about the new client-server Linux and .NET “toys” the youngsters were all excited about.
IT should (and must) be involved in no/low-code oversight and security—because that’s where the expertise is. However, they need tacklers instead of blockers in terms of data access. Quickbase has a stunning array of tools that can harden your no/low-code apps. IT should understand them, advocate, and supervise their use.
From Active Directory integration; to SSO; to its amazing role, app, form, and field-level security; Quickbase has you covered with configurable security. On top of that, their enterprise platform security addresses network, operating system, and a myriad of other Web app attack surfaces, which were previously something that kept this CTO on his toes over the last 25 years—things I don’t even have to think about now.
The fact is, if your Quickbase apps are not far more secure than your full-stack apps, you’re not using Quickbase’s security tools to their fullest capability.
Ideally, organizations with no/low-code apps should bake-in a security review of every application on a scheduled basis, and whenever a change is made to an app or a connected system. These activities don’t have to be onerous, most of the time security issues are pretty evident—but you have to look and test to find vulnerabilities.
Review. Test. Repeat.