With the dust now settled and life returning to some semblance of normalcy, we’ve still been ruminating on our week in San Francisco. It was an incredible and busy week, with a lot of top notch sessions, discussions, and of course the bustling expo. We compiled some of our daily thoughts after each full-day at the show, which you can read here, but now with some perspective, we wanted to share our four most memorable takeaways from RSA Conference 2023.
With the first full day of RSAC 2023 in the books, we wanted to publish a running diary of some of the key takeaways and themes that we are hearing on the show floor and at the various sessions we’re attending.
When developing applications, organizations rely heavily on the software development lifecycle (SDLC) to engrain security into the development process early and continuously. The SDLC lays out how to build security into early steps as developers are creating and testing applications. As such, organizations are able to embed security practices when it matters most.
Last week, on March 31st, NetSPI researchers announced that they found a cross-tenant Azure vulnerability in the Microsoft Power Platform connectors infrastructure, which allowed them to then access “at least 1,300 secrets/certificates in 180+ vaults”. In this article, we set out to analyze the root cause behind this vulnerability, explain its impact, and provide our own recommendations for Power Platform users and administrators.
Recent research from penetration testing company NetSPI found that Azure on-premises data gateways allow Power Platform and Power BI to access customer resources and databases. Threat researchers found that these gateways can communicate with Power Platform through an Azure service called Azure Relay (previously known as Azure Service Bus).
In recent years, companies have been looking for ways to streamline their HR processes and make them more efficient. In recent years it has become practically feasible for business users such as HR professionals to create their own solutions, due to the wave of citizen development which is exploding worldwide. Huge market players perceive this as a growth area and are heavily investing in providing solutions and platforms to enable business users to build what they need, when they need it.
Some of the world’s largest tech companies, like Google and Microsoft, have embedded AI into their business productivity suites, with Microsoft going a step further and releasing AI Copilot for Power Apps, its low-code platform. This integration has raised concerns over the decision-making power granted to business users to integrate data with AI and grant access, which can be done without oversight or control from IT.
Hello everyone! I’m Yuval Adler, Customer Success Director at Zenity.
39% of organizations already use low-code and another 27% plan to start doing so in the next year (Forrester). By 2025 more than 70% of all application development will be done using no-code/low-code (LCNC), according to Gartner. LCNC is already everywhere – so what does that mean for your business?
A recent LastPass breach has once again raised concerns about password managers’ security, especially commercial password managers with cloud infrastructure. The breach led to hackers gaining access to both code and data. This time on Dark Reading, I describe how I became a proponent of secret managers and LastPass, my chosen password manager, and how I helped my family and colleagues to do the same.
