2020 saw some of the highest-profile data breaches in history, subsequently highlighting the risks to both customer and business reputation. Whilst the targets highlighted are all large, established companies, it is important to remember that data breaches can affect businesses of all sizes – be they large, medium or small. Many smaller businesses fail to plan for a potential data breach, unaware of the potential target they pose. When these smaller businesses do find themselves under attack, the consequences can be devastating. Fines into the millions, bans on data processing, reputational damage and loss of customer confidence and trust are just a few of the potential outcomes.
With the majority of the world’s population having transitioned to remote working over the last year, businesses have had to rapidly shift to remote operations. Cybercriminals have adapted to these changes, exploiting the Covid-19 pandemic to carry out highly advanced cyberattacks. In fact, according to a global survey, 91 percent of enterprises reported an increase in cyberattacks with more employees working from home amid the pandemic. This increase in both internal and external pressures has required IT teams to keep on top of latest technology developments and ensure that cybersecurity hygiene is as strong as possible.
- These are the best online collaboration tools
Continued home working increases shadow IT risk
In large organizations, IT functions are under pressure to provide accelerated business change, but the vast majority of budget and resources are dedicated to maintaining legacy hardware, and to managing the vital, back-office applications that businesses run on. This is where shadow IT – the use of IT-related hardware or software by a department or individual without the knowledge of the organization – can sneak in. Shadow IT usually occurs where a department or individual is not willing to wait for an IT-sanctioned solution, and feels they can deliver something themselves more quickly and easily, or use quick workarounds under time and resource constraints. However, the use of unsanctioned solutions can inadvertently open new vectors for cybersecurity attack. It is therefore critical that IT has visibility to ensure this does not happen.
According to Snow Software’s ‘2021 IT Priorities Report’, 41 percent of workers said general access to technologies has improved, but IT leaders may overestimate the ease at which teams are able to procure applications, cloud resources, and software. As a result, this could provide an opening for shadow IT, with employees bringing in solutions to help modernize and improve productivity without considering the potential risks and consequences. Shadow IT is becoming a huge problem for companies because remote working has caused massive growth in the number of uncontrolled bring-your-own-devices (BYOD) and cloud apps, which are typically owned and managed by non-technical staff. In addition, this opens new entry points to accessing critical systems – access points which aren’t governed by corporate regulations or strong password guidance, and which cybercriminals can therefore exploit.
Aligning business and IT through low-code
Whilst shadow IT can seemingly help to enhance efficiency, it also subjects users and organizations to heightened risks of data breaches and non-compliance issues. This is where low-code platforms can help, as they can be scaled up without the need to hire developers to meet demand, consequently reducing operational costs such as maintenance and support. In fact, the Forrester WaveTM: Low-Code Development Platforms For AD&D Pros, Q1 2019 report highlights that digital businesses’ demand for the latest software is the biggest driver of low-code adoption.
Here, a low-code platform can help mitigate shadow IT by bridging the gap between business and IT. For organizations looking to put the power – safely – back into the hands of its employees, the platform makes it easy to build apps without needing specialist development expertise, but that have a ready-made understanding of the problems that need solving. These apps can help streamline internal processes and automate manual tasks, whilst adding value and driving developments from the very core of the organization. And it helps reduce the risk of employees using unauthorized apps and tools to do their work, subsequently minimizing potential security threats. Low-code providers secure their platforms on their ‘own’ clouds, which helps mitigate various security risks, particularly around issues like hacking techniques such as SQL injection and cross-site scripting. So, while business users can build apps, they do so under a ‘security umbrella’, provided by the platform and managed and controlled by IT. The platform itself must be secure and ensure the apps it supports are also secure with full identity management capabilities and access control.
In addition, IT is provided with the tools it needs to ensure new app development is done underneath the security umbrella. This is achieved by providing the correct policies to enable secure access and use of the apps being built. After all, one of the biggest causes of shadow IT is a lack of visibility. Put simply, in embracing low-code technology, businesses can build multiple apps while IT retains control of new systems and applications.
- Check out our rundown of the best antivirus software
Removing the risk of human error
Low-code technology, by its very nature, enables applications to be more secure when built. Users are prompted for required information throughout the development process, ensuring fewer entry errors compared to hand-coding apps. Additionally, low-code platforms often include a validator that monitors an application, and notifies users of any areas that need attention. The platform provides end-to-end security throughout the development lifecycle of the app, from the initial development stages, throughout the testing period and upon deployment.
During a time when cyberattacks are on the rise, it is essential that businesses and employees are provided with a range of easy-to-use and scalable tools. The myth that low-code is only useful for simplistic apps has long since been dispelled – organizations need a better understanding of its power to create effective applications, as well as bridge the gap between IT and business. The security risk of shadow IT can be significantly reduced, whilst also increasing employee productivity through the provision of more effective tools. And, perhaps most importantly, the lessons learned through 2020 about good cybersecurity hygiene cannot be cast aside moving forwards.
Richard Farrell, Chief Innovation Officer, Netcall