With Zenity, Telit Cinterion Maximizes Low-Code/ No-Code Development While Minimizing Security Risk

Telit Cinterion is a global Internet of Things (IoT) services provider for millions of devices across thousands of customers’ networks. The company prioritizes flexible, scalable and efficient business processes. No-code and low-code development tools help them achieve these goals. These tools make it easy for anyone — including business users without technical expertise — to build applications, automations and integrations to offer modern digital solutions and streamline manual processes.

Yet taking advantage of low-code/no-code (LCNC) development comes with a significant trade-off: The need to manage the security risks inherent to developing software through a no-code/low-code approach without direct oversight by professional developers or security engineers.

Telit Cinterion solved this challenge with the help of Zenity. Zenity’s innovative security and governance solution for no-code/low-code applications, automations and integrations allows Telit Cinterion to leverage LCNC platforms fully while minimizing associated security risks.

The problem: No visibility or security tooling for low-code/no-code processes

Telit Cinterion uses LCNC platforms, such as Microsoft Power Platform and Zapier, to build internal business applications and automations to improve processes for business units like sales and marketing. By allowing any member of their workforce to create applications or automations, LCNC helps Telit Cinterion operate as nimbly as possible and maximize value to its global customer network.

However, the team faced a major problem using Microsoft Power Platform and Zapier. LCNC development processes couldn’t be secured or governed using approaches the company applies to software development with conventional methodologies. LCNC development processes and platforms lack security practices and tooling, such as

• Security training for business users
• Business logic vulnerability scanning
• Secure methods of separating development environments from production ones

“Non-technical low-code/no-code users don’t follow app development security best practices, We had no visibility or control over the lowcode/no-code tools.”

Itzik Menashe Telit Cinterion VP of Global IT and Information Security

At first, these risks made it difficult for Telit to take full advantage of LCNC development. The company had to limit the extent to which employees were allowed to use LCNC platforms for creating integrations because it struggled to manage the security risks generated by LCNC development, particularly when created by less technical citizen developers.

The solution: Automated security scanning and governance

To solve these challenges, Telit Cinterion turned to Zenity, which it first used to secure the Microsoft Power Platform. That initiative was so successful that they were able to extend the  Zenity deployment to support Zapier, giving the company the confidence to allow itsmarketing and sales teams to deploy Zapier for corporate usage. Knowing that Zapier LCNC applications were receiving the same guardrails and protections as other business apps because of Zenity, Telit Cinterion was able to take full advantage of marketing automations without the risk.

Zenity allows Telit Cinterion to identify risks and vulnerabilities in LCNC applications and automations business logic through all components, identities, data objects, and connectors. By providing the security, visibility, and monitoring that is absent from the LCNC platforms themselves, Zenity enables the same security protection level for low-code/no-code processes that Telit Cinterion applies to its traditional development pipelines.

Visibility and risk assessment are only part of the solution. Equally important is the ability to enforce governance policies regarding when and how business users are allowed to take advantage of LCNC platforms. Previously, Telit Cinterion had little ability to ensure that employees followed security best practices when using LCNC platforms, but Zenity automates the enforcement of those policies.