Varonis Applies Security and Governance To Low-Code/No-Code Development with Zenity

As a global cyber security leader helping organizations across the world to secure and analyze their data, Varonis has an intimate understanding of the role and importance of cybersecurity tools and processes within modern businesses.

In addition to investing great effort and considerable resources in internal security measures across its business units, Varonis also takes the security of the tools that they use very seriously – including within the context of the low-code/no-code (LCNC) development and automation platforms that they use to boost productivity and streamline workflows.

That’s why Varonis chose Zenity to gain visibility into and apply security governance for its LCNC workflows. With help from Zenity, Varonis has been able to identify misuse of LCNC tools, block risky data flows within LCNC automations and more, using granular security policies. Keep reading for the full story of why Varonis chose Zenity to deliver LCNC security governance, and how the company has expanded its use of the Zenity platform since initial adoption.

“Varonis appreciates and prioritizes security measures at all times, in every aspect of our work.”

 

“….Securing the  integrations and automations that people are building is a top priority for the company.”

Omer Mar-Chaim, Director of Development

Protecting LCNC integrations and more with Zenity

The company found the solution it needed in Zenity, because as Varonis VP of IT Business Applications Yariv Kaufman noted,  “Zenity is a solution focused on security governance for low-code/no-code development.”

Zenity also stood out for its ability to integrate easily and adjust into Varonis’ LCNC workflows, including supporting highly granular configurations and controls, which make it possible to apply different protections to different LCNC assets.

With help from Zenity, Varonis has solved a number of issues related to LCNC workflows across the business including

• Account Access. Identifying when employees build  LCNC integrations and automations using personal accounts instead of enterprise accounts – against security best practices and opening the possibility of misuse.
• Principle of Least Privilege. Identifying overly permissive access control configurations within LCNC integration and automations. If an integration grants access to a large group of users instead of using granular policies and permissions to give access only to users who specifically require it, Zenity flags the settings so the IT team can take action.
• Tracking Data Flows. Zenity tracks the way that data flows between applications and environments using LCNC automations. “We can see suspicious or risky flows,” Mar-Chaim explains.

Zenity proved so simple and powerful for protecting Varonis’ LCNC integrations that the company has expanded its deployment to help secure its Microsoft Power Platform environment as well. Because Zenity is a platform-agnostic LCNC security governance solution, it can protect Power Platform assets just as effectively as those created with any other major LCNC development, automation and integration platform.

Application security practices, even for LCNC development

Zenity is a platform-agnostic LCNC security and governance platform that can protect applications, workflows, integrations, bots, and connectors that are built using any number of LCNC development platforms, all in a unified pane of glass. That’s a big deal, Mar-Chaim says, because without Zenity, Varonis may not have been able to enforce mature security practices for integrations developed using a no-code/low-code approach. He adds, “When it comes to no-code/low-code development, we were looking for a solution. Zenity was easy to integrate, and provided in-depth security policies and granular visibility that we needed from Day 1.“