Where There’s No Code, There’s No SDLC
When developing applications, organizations rely heavily on the software development lifecycle (SDLC) to engrain security into the development process early and continuously. The SDLC lays out how to build security into early steps as developers are creating and testing applications. As such, organizations are able to embed security practices when it matters most. However, as low-code/no-code development becomes more and more common, by both professional and citizen developers alike, security teams are evaluating new ways to bring these business users under security’s purview.
In low-code/no-code development, rather than defined stages of planning, development, testing, deployment, monitoring, and ongoing maintenance that is detailed in the SDLC, business users are able to create applications, connectors, workflows, bots, and more, and get them into production with just a few simple clicks of the mouse. As development speeds up, security steps are often, unfortunately, skipped. As business users continue to leverage low-code/no-code development tools to build things to help them get their jobs done more efficiently, security teams must take a close look at what makes this type of development unique and establish a new responsibility matrix to make sure security does not go by the wayside.
Be sure to check out the full article on DarkReading to learn more about how security teams can approach this fast-growing development strategy and make sure that business agility does not come at the expense of risk.