Page 30 - Cyber Defense eMagazine RSAC Special Edition 2025
P. 30

However,  security  is  not  often  at  the  forefront  of  app  development  when  using LCNC  platforms,  as
            business users often lack a strong understanding of secure development methods.



            Strategies to Secure LCNC Platforms

            A breach of the LCNC platform could result in financial losses, damage to the organization’s reputation,
            and  violation  of  compliance  regulations.   Below  are  some  ways  in  which  the  security  of  the  LCNC
            platforms can be preserved-

               1.  LCNC vendor assessment: Before procuring an LCNC platform, the organization's security team
                   must review the vendor's security policies, data backup and recovery policies, and controls for
                   securing the platform against vulnerabilities. Organizations should have an inventory of approved
                   LCNC  tools  vetted  by  the  security  teams  and  prevent  employees  from  installing  and  using
                   unapproved LCNC tools that can expose the organization to compliance and security risks.
               2.  Citizen Developer Training: Before building apps, citizen developers must thoroughly familiarize
                   themselves with the LCNC tool and its security best practices.
               3.  Identity  management:  Organizations  can  implement  Single  Sign-On  (SSO)  with  multifactor
                   authentication (MFA) so that users use a single password to log in to the network but confirm their
                   identity every time they log in to the LCNC application, thereby ensuring security.
               4.  Access management: Enforce role-based access in all environments in combination with the
                   principle  of  least  privilege  to  bolster  overall  security.  System  administrators  must  assign
                   administrator  privileges  to  only  a  few  citizen  developers  who  have  taken  the  organization’s
                   security training and monitor user accounts to track for suspicious behavior.
               5.  Enforce Static and dynamic application security testing: Technical developers can perform
                   static and dynamic application scanning to ensure no new vulnerabilities have been introduced in
                   citizen-developed applications.
               6.  Incident  response  plan:  Create  a  robust  incident  response  plan  and  execute  the  tabletop
                   exercises, simulation attacks, and testing included in the plan to prepare for threats or security
                   incidents.
               7.  Push the latest updates and security patches: Technical developers need to update the LCNC
                   tools with the latest vendor patches, as these provide fixes for code flaws. Conclusion

            As  Low-code  and  no-code  (LCNC)  platforms  reshape  the  development  ecosystem,  it’s  important  to
            assure that developers and users of LCNC platforms integrate appropriate security strategies into their
            application.
















                                                                                                              30
   25   26   27   28   29   30   31   32   33   34   35