Where There’s No Code, There’s No SDLC

When developing applications, organizations rely heavily on the software development lifecycle (SDLC) to engrain security into the development process early and continuously. The SDLC lays out how to build security into early steps as developers are creating and testing applications. As such, organizations are able to embed security practices when it matters most. However, as low-code/no-code development becomes more and more common, by both professional and citizen developers alike, security teams are evaluating new ways to bring these business users under security’s purview.

In low-code/no-code development, rather than defined stages of planning, development, testing, deployment, monitoring, and ongoing maintenance that is detailed in the SDLC, business users are able to create applications, connectors, workflows, bots, and more, and get them into production with just a few simple clicks of the mouse. As development speeds up, security steps are often, unfortunately, skipped. As business users continue to leverage low-code/no-code development tools to build things to help them get their jobs done more efficiently, security teams must take a close look at what makes this type of development unique and establish a new responsibility matrix to make sure security does not go by the wayside.

Be sure to check out the full article on DarkReading to learn more about how security teams can approach this fast-growing development strategy and make sure that business agility does not come at the expense of risk.

Subscribe to Newsletter

Keep informed of all the latest news and notes within the world of securing and governing citizen development

Thanks for registering to the Zenity newsletter.

We are sure that you will like it and are looking forward to seeing you again soon.