Everyone is a Power Platform Developer. Where does that Leave Security?
Microsoft Power Platform is an excellent suite of tools to help to empower everyone to easily and quickly create applications, automations, workflows, and more on their own without IT interference or supervision.
While Power Platform does have governance and security measures, the controls are similar to how cloud vendors secure the platforms and underlying infrastructure, but not the resources themselves. Power Platform inherently creates a silo of low-code/no-code development, and lacks the depth needed to truly secure the resources that are created using the tools. Here are some key things to consider:
- Power Platform users hold “the keys to the kingdom” because Power Platform apps often integrate with a variety of other apps, services and data sources with no centralized visibility or defined ownership
- Power Platform tools have had several high-profile authentication problems, including Power Pages having default access enabled for “local users”, i.e. users outside of Azure AD, and Power Apps portals having default configurations that allowed public access
- Power Platform places development tooling into the hands of citizen developers, who are less inclined to design and configure applications and automations that are secure, which can lead to data leakage, insecure credential sharing, insecure dependencies and more
- The Power Platform ecosystem includes a variety of connectors, add-ons and extensions that users can integrate into their apps and automations. Many of these resources come from third parties and open source projects outside of Microsoft
- The speed at which professional and citizen developers can create and deploy apps and automations on Power Platform means businesses may end up with little visibility into where Power apps and automations exist within their IT estate
Only Zenity provides the visibility, risk assessment, and governance controls necessary to ensure that Power Platform developments don’t become security liabilities and cost-eaters.
Conquer Power Platform Security and Governance Risks with Zenity
Zenity enhances Power Platform with the features that businesses need to track apps and automations, identify potential security risks within them and enforce governance requirements.
You can’t protect what you don’t see. The Zenity platform continuously scans Power Platform environments to ensure that security teams and Power Platform administrators always know who is creating what, and are aware of the relationships between users, data, and applications. Zenity automatically discovers applications and workflows as they are created. IT and security teams can see and assess all potential Power Platform security risks through a continuously updated app inventory. They can also evaluate the role that each app plays in the business and identify component relationships.
Zenity continuously scans Power Platform deployments for underlying risks and vulnerabilities of each created resource. Within the Zenity platform, there is a comprehensive, out-of-the-box knowledge base with actionable remediation, automated playbooks, and triage recommendations to stop attackers in their tracks. With Zenity, security teams can automatically discover risks that originate from faulty business logic, misconfigurations, third-party dependencies, and add-ons and more and map violations against common security frameworks like the OWASP Top 10 and MITRE.
By leveraging custom policies and automated playbooks, security teams can take action to mitigate security violations in Power Platform in a granular, environment-specific way. Additionally, Power Platform administrators can ensure that as the business grows and undergoes continuous digital transformation, that members of the workforce can harness the power and flexibility that Power Platform brings to professional and citizen developers – while keeping security risks in check. Administrators and security teams can also identify unused or unowned resources that can eat up license costs and cause security risks.
Maximum Power. Minimum Risk.
As one of the most advanced and widely used Low-Code/No-Code solutions, Power Platform is an obvious choice for organizations that want to empower all business users. Zenity provides the visibility, risk assessment and governance features to ensure both professional and citizen developers can build what they need, without putting the organization at risk.
Want to learn more?
See us in action!