When working with security teams and application security analysts, the new world of low-code/no-code development presents new questions that invariably begin with ‘where do we start?’ With so many new applications, automations, and more that are introduced to the corporate environment, it can seem like an endless pit of concerns about data flows, user permissions and potential security risks introducing my organization that need to be analyzed and brought under management.

On paper, applications are created to be useful tools that solve specific business needs. Think of an application that tracks all ongoing projects for a product manager, an automation that triggers emails to prospective customers when they fill out a marketing form, or a flow that sends aggregated payment information to a finance manager. While all these applications are fairly straightforward, and seemingly used for singular cases, they are anything but.