The Zenity Team was busy this week in San Antonio as sponsors of the H-ISAC Fall Americas Summit! We had a blast at the rodeo at Knibbe Ranch, as well as on the showroom floor, talking to security leaders about the evolving landscape of cybersecurity for healthcare organizations. One prominent theme that emerged was the increasing risks faced by healthcare organizations in the era of citizen development and the widespread adoption of Generative AI by business users of all technical backgrounds.  Healthcare institutions are grappling with the surge in individuals harnessing Generative AI ..read more

What Happened?  Microsoft Ignite 2023 was an eventful one, with many announcements across Microsoft’s AI Copilot capabilities. The biggest announcement, in our opinion, is that of Microsoft Copilot Studio, a low-code tool that allows professional and citizen developers to build standalone AI Copilots, as well as customize Microsoft Copilot for Microsoft 365. These exciting technological advancements allow business users (of all technical backgrounds, mind you) to customize Copilot for Microsoft 365, publish standalone copilots and custom GPTs, and be left to their own devices to manage an ..read more

Introduction Citizen developers, often without a formal background in programming, are harnessing the power of generative AI capabilities to create powerful business applications and automations in low-code/no-code platforms like Microsoft Power Platform, Salesforce, and ServiceNow. While this democratization of software development brings about numerous benefits, it also introduces a host of new cybersecurity risks that organizations must address to safeguard their sensitive data and maintain compliance standards. The Proliferation of Shadow Application Development One of the key cybersecurit ..read more

Introduction In an era of rapid technological advancements, healthcare organizations are always looking for ways to become more productive and more efficient. In this quest, they are increasingly turning to citizen development and Generative AI tools to streamline processes and drive innovation. Citizen development empowers non-technical employees to create their own applications and automations, thereby enhancing operational efficiency.  Citizen Development in Action In talking to customers and partners we have seen a huge variety of really interesting use cases for citizen development w ..read more

In a rapidly evolving digital landscape, data security has become a paramount concern within the AppSec community As organizations embrace digital transformation and the shift towards cloud-based solutions, the onus is on them to protect sensitive data. However, the recent ServiceNow data exposure highlights an alarming concern: what happens when developers build apps and automations with risky default settings? The first step is to even identify or realize you have a problem, which likely cannot happen within the native platform. The crux of the issue therefore lies in the fact that rectifyin ..read more

In an era where humans are becoming closer and closer to technology, it is reshaping the way we work and do business. This was a prevalent theme from the Microsoft Power Platform 2023 conference, and it was great to experience the event as it provided insight into the cutting-edge tools and strategies driving the next wave of business productivity. From engaging discussions with Microsoft administrators, operators, and superusers to exploring the new reality of AI Copilots as part of Power Platform, and addressing concerns about governance and security, the conference was a treasure trove of i ..read more

Welcome back to the final part of my blog series on taking Power Platform security and governance to the next level. In Part 2 (which you can read here), I dove into essential strategies for securing and governing Power Platform environments. Today, I’ll encourage everyone to push the envelope further by exploring advanced techniques to establish good hygiene for citizen development, maintain audit logs, implement automation playbooks, and provide ongoing education for builders and makers. Establishing Good Hygiene for Citizen Development Citizen development is at the heart of Power Platform’s ..read more

Recap of Part 1 In the first part of this blog series, we explored the foundational steps required to kickstart a robust security program for any organization’s low-code/no-code development environment within Microsoft Power Platform. We discussed the importance of differentiating between sensitive and non-sensitive data, identifying the makers and builders, and implementing the principle of least privilege access. To recap briefly: We emphasized the need to classify data based on sensitivity and apply appropriate controls and restrictions using Data Loss Prevention (DLP) and default settings ..read more

Introduction The world of software development has witnessed a significant transformation thanks to low-code/no-code development platforms like Microsoft Power Platform, Salesforce, and ServiceNow. These platforms have empowered developers and business users of all technical backgrounds to create applications, automations, bots, connections (and more), rapidly and with greater accessibility. However, this newfound agility and democratization comes with an inherent challenge – the increased risk of security vulnerabilities stemming from third-party dependencies. Noteworthy incidents, such as th ..read more

Introduction Welcome to the first installment of my three-part blog series on securing low-code/no-code development within the Microsoft Power Platform ecosystem. As Zenity’s Director of Customer Success I’ve seen firsthand how businesses are embracing the power of applications like Power Apps, Power Automate, and Dynamics 365, all fortified by the impressive capabilities of generative AI. However, with great power comes great responsibility, and the challenges surrounding security are both significant and complex, and I wanted to provide an outline for how organizations can approach the uniqu ..read more