Young women using computer, Cyber security concept.
Perspectives

Security View: Two Ways Low-Code Platforms Help Reduce Enterprise Risk

Written By: Mike Lemire
January 17, 2020
4 min read

Enterprises are engaged in defending their digital footprint on a daily basis. With proliferation of cloud services in recent years the occurrence of data breaches has also increased dramatically.

So, what’s the correlation? Cloud services, while not inherently less secure than on-premise IT, do introduce new risks brought on by complexity, chance of human error and increased exposure.

Risk reduction is therefore a critical practice for every enterprise to reduce the chances of a data breach. So, how can adoption of a low-code platform help reduce risk to an enterprise?

How low-code differs from other cloud services

Low-code cloud-based application and automation platforms sit in between public cloud infrastructure, like Infrastructure as a Service (IaaS) providers Amazon Web Services (AWS) and Azure and point solutions like Salesforce, Dropbox, ZenDesk and thousands of other Software as a Service (SaaS) products.

Low-code platforms provide enterprises the ability to quickly and securely build and deploy business process software solutions to desktop or mobile users enabling more work to get done more efficiently. Low-code platforms, like Quickbase, increase visibility to data while providing security and governance controls.

As with IaaS, low-code platforms can be used to build and deploy business process solutions in the cloud. The difference with low-code is there’s a lot less for IT teams to architect, configure and manage since the service provider is responsible for managing the underlying infrastructure of the platform.

Cloud complexity

Many forward-thinking organizations are moving IT workloads and services to IaaS providers, in order to achieve quicker deployments and greater flexibility than they could achieve with their own data centers.

But, building solutions on IaaS comes at a cost. It’s no secret that IaaS is complex (as of writing this article AWS has 165 distinct services) and requires technically experienced personnel to build and manage highly available and secure services.

With complexity there’s a lot that can go wrong, and therein lies the risk. We are all getting numb to seeing yet another large data breach caused by an Amazon AWS misconfiguration. It does not seem to matter that the victims are often large companies with experienced cloud architects, engineers and security professionals on staff.

Proliferation of point solutions

Let’s face it—you have a lot of SaaS products in use in your organizations providing a wide variety of services to departments throughout your enterprise. SaaS platforms provide a lot of value and are easily deployed. However, every SaaS product in use in a company creates a new vector that can be attacked, providing a new risk plane to that organization.

Additionally, each new SaaS tool requires IT user management and governance and comes with its own set of configuration settings which must be thoughtfully implemented. The sheer number of outsourced SaaS platforms in use, while reducing IT overhead overall, creates new vectors for attacks, increasing complexity and risk of misconfiguration.

Every SaaS solution you can eliminate in your organization removes an attack vector to your users and your data. However, business users need technology solutions and it certainly doesn’t make a good argument to not use a SaaS tool which is providing value.

This is where low-code platforms can help.

Many applications, one management plane

Low-code platforms like Quickbase require administration and carefully considered policy and configuration settings. But, if you’re deploying applications on an application platform much of the legwork you’d have to do to deploy an application into an IaaS environment is taken care of for you. Redundancy, elasticity, encryption, storage – not things your IT or dev teams need to worry about or configure with because the provider is doing that as part of the service. Plus, you can build as many applications to satisfy many use cases while maintaining one management plane.

This makes low-code platforms inherently less complex than IaaS. Low-code platforms consolidate point solutions and instead offer a single endpoint that can host many custom solutions, reducing the vectors and planes that attackers can exploit.

Less complexity + less vectors to be attacked = reduced risk.

The trick with low-code platforms is the ability to deploy more technology solutions under one management plane. If you are using a low-code platform in your organization, it’s a good idea to take a look at what SaaS platforms you have in use. Can you replicate that tool’s functionality, or even improve it, in a Quickbase application?

Chances are you can and by doing so you’ve eliminated one more point solution, reducing the risk to your organization.

Written By: Mike Lemire
Mike is the Compliance and Information Security Officer at Quickbase. Previous to Quickbase, Mike managed the Information Security programs at Yesware, Acquia and RiskMetrics and has held management and technical positions at Pearson Education, JPMorgan and Time, Inc. Mike earned his B.S. from New York Institute of Technology and has attended postgraduate education at Columbia and Boston University. Mike was certified as a CISSP in 2006.

Never miss a post — subscribe to the Quickbase Blog.

Sign up to receive the latest posts on everything from Operational Excellence to Digital Transformation.