In the realm of modern enterprise productivity suites, Copilot for Microsoft 365 stands as a huge driver for efficiency, offering business users the ability to aggregate, summarize, and process data within the M365 suite of tools. However, for organizations with diverse infrastructure and applications, and the need for real-time data interactions, the out-of-the-box functionality requires augmentation to reach its full potential, not to mention secure controls for Copilot for M365. Enterprises seek to bridge this gap through the integration of plugins. Put another way, plugins are extensions t ..read more

Developing applications using low code platforms has gained popularity in recent years due to its ability to accelerate the software development process. However, with increased speed and efficiency comes the need for robust security measures to protect sensitive data and ensure a safe user experience. In this article, we will explore the best practices and strategies for enhancing low code application security. Understanding Low Code Application Security Before diving into the best practices, it is crucial to understand the importance of security in low code applications. As more organization ..read more

In today’s rapidly evolving digital landscape, the importance of low code security cannot be overstated. As organizations increasingly rely on low code development platforms to accelerate application and software development, it is crucial to understand the significance of robust security measures. Understanding Low Code Security Before delving into the intricacies of low code security, it is imperative to define what exactly it entails. Low code security is a critical aspect of modern application development and ensuing application security, especially with the increasing adoption of low code ..read more

Technology can change in the blink of an eye, and nowhere is this more evident than in the rise of “citizen developers.” Often without formal technical training, these individuals leverage user-friendly platforms to create, innovate, and deploy AI-driven solutions.  But with the support of intuitive interfaces, templates, and code snippets come challenges. Security can be a challenge hidden in the simplicity of drag-and-drop designs. If a vulnerability is found, it has the potential to be exploited across every instance of that code. That could mean potentially thousands (or more) of expl ..read more

Low-code platforms have become a transformative force in the dynamic world of software development. They’ve democratized the designing, building, and deployment of software, which has had a ripple effect across entire industries. Today, with minimal coding expertise, users can craft innovative applications tailored to meet the needs of consumers and businesses alike.  But the allure of low-code simplicity also creates a challenge. With user-friendly interfaces and pre-built templates, these low-code environments also mask potential vulnerabilities. This, in turn, creates a potential breed ..read more

What Happened?  Varonis researchers have recently disclosed that several government agencies and private-sector companies had customized or added features to their Salesforce Apex code that leaked data, allowed data corruption, or allowed an attacker to disrupt business functions.  Impacted data included the usual suspects like phone numbers, addresses, social security numbers, and username/password combinations.  Why is This a Big Deal? Because of the obfuscated nature of custom Apex code that is used in internal Salesforce instances and apps (i.e. Lightning ..read more

What Happened In a story that’s making rounds, Air Canada, Canada’s largest airline, is being ordered to pay a misled customer based on information they received from one of its chatbots. For those that missed it, the long and short of it is that a customer had a conversation with one of Air Canada’s chatbots that was told he could apply for a refund for a bereavement fare within 90 days of the date of ticket issue, but when applying for a refund was told that bereavement rates did not apply to completed travel, and cited information on the company’s website.  Initially the airliner made ..read more

Unless you have been living under a rock, you have seen, heard, and interacted with Generative AI in the workplace. To boot, nearly every company is saying something to the effect of “our AI platform can help achieve better results, faster,” making it very confusing to know who is for real and who is simply riding the massive tidal wave that is Generative AI. This is only exacerbated in cybersecurity where we find a plethora of companies touting AI capabilities, and/or the ability to lend a hand in securing and governing AI. However, this extraneous noise muddies the issue of what is top of mi ..read more

Many are speculating that at long last, OpenAI’s GPT store is set to go live this week. GPT builders and developers received an email on January 4th notifying them of the launch, which has been rumored for months, and likely only delayed due to the drama that has taken place at the company. This blog will summarize what this means for citizen development and how security teams should approach this new technological breakthrough from the AI giant.  No-Code, No Problem  In that email, OpenAI asked developers to check that their GPTs are compliant with OpenAI policies and guidelines. In ..read more

Businesses of all shapes and sizes are leveraging Microsoft Power BI to find insights within their own data. This standalone tool (not a part of Power Platform, despite its name) has emerged as a powerful tool, empowering all business users, not just trained data scientists, to transform raw data into meaningful insights. From data visualization to interactive dashboards, Power BI has become a cornerstone for decision-making across industries. However, as organizations harness the capabilities of this robust platform, it’s crucial to be aware of the cybersecurity risks that come with end users ..read more