The Unfortunate Truth Behind Low Code/No Code Platforms
Data security, it's always front of mind, at least it should be. With the rise of low code/no code platforms there is always a risk of data being exposed at the wrong time, to the wrong people and in the wrong way.
What we saw this week from Power Apps Portals with 38 million records being exposed you have to ask the question, is it the platform or the configuration?
We often hear that customers and Partners find Power App Portals is complex and hard to configure at times. With many settings and options it can indeed make delivering an online self-service portal quick to configure by a novice. However, without proper guidance or skill we end up were we are now with over 1000 company sites inadvertently exposing data.
As a provider of a low code/no code platform we understand the risk associated with relatively non technical people configuring a portal. Our focus is on education by providing free training, openly discussing security and offering services to help along the way with our daily Q&A sessions with developers to clarify any questions they may have.
Back to the question, is it the configuration of the platform. I would say it's both. On a platform level there should be absolutely no question on how to configure security. By default, settings should be configured out of the box to limit exposure and it should be followed up with, as discussed above, training and guidance from the vendor.
Of course if the vendor offers the services and by default reduces exposure then it should come down to the organization and people configuring the platform. It's like the old saying "you can lead a horse to water...", what the horse does next should be based on your organization's internal policies.
Low code/no code platforms have their place and provide significant value. But when you have sensitive data measures should always be taken to ensure its secure with internal and 3rd party assessments.