Security

When User Identity Loses Its Meaning, Hackers Win

Michael Bargury
Jul 18th, 2022

When it comes to cybersecurity, businesses typically want to assume that every user is a special snowflake.

The premise that each user has a unique identity, and that cybersecurity teams can manage access permissions and identify anomalous activity based on that identity, is a cornerstone of modern security operations.

Unfortunately, it’s also often a flawed assumption, as Zenity CTO and co-founder Michael Bargury explains in his latest Dark Reading column: “Watch Out for User Impersonation in Low-Code/No-Code Apps”.

The reason why is that low-code/no-code apps may create scenarios where users share their identities with other users via a process that Michael calls credential-sharing-as-a-service. Usually, the sharing results from the best of intentions. Employees want to help each other access the systems and data that they need to do their jobs, and creating low-code/no-code integrations that allow one user to impersonate another is often the path of least resistance toward achieving this goal.

As Michael notes, employees may go so far as to perform MFA validations on behalf of their colleagues in order to help each other do their jobs.

The problem with practices like these, of course, is that they’re a nightmare from a security perspective, because credential sharing “strips away the basic meaning of an online identity,” Michael says. When IT and security teams can no longer safely assume that each user identity actually maps onto a single, unique human being, they can’t establish effective networking and access control policies to protect sensitive resources. Nor can they perform behavioral analytics to identify suspicious activity that could reflect the breach of a user’s account, because it’s much harder to establish a baseline of normal user behavior when there are multiple users sharing an account.

In the column, Michael details how these risks arise. And, lest readers assume that these are purely theoretical scenarios, he goes on to narrate how credential sharing created a major security risk at an actual business.
For the full story, click through to the article on Dark Reading.

Subscribe to Newsletter

Keep informed of all the latest news and notes within the world of securing and governing citizen development

Thanks for registering to the Zenity newsletter.

We are sure that you will like it and are looking forward to seeing you again soon.

Related posts

April 4th, 2024

Low Code Application Security Best Practices and Strategies
Developing applications using low code platforms has gained popularity in recent years due to its ability to accelerate the software development process. However, with increased speed and efficiency comes the need for robust security measures to protect sensitive data and ensure a safe user experience. In this article, we will explore the best practices and…
Blog
April 4th, 2024

The Importance of Low Code Security in Today’s Digital Landscape
In today’s rapidly evolving digital landscape, the importance of low code security cannot be overstated. As organizations increasingly rely on low code development platforms to accelerate application and software development, it is crucial to understand the significance of robust security measures. Understanding Low Code Security Before delving into the intricacies of low code security, it…
Blog
March 14th, 2024

Cybersecurity in the Low-Code Age: Emerging Threats and Protective Strategies
Uncover low-code cybersecurity strategies & stay ahead of threats with Zenity.io. Empower your development securely today!
Blog