Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label low code/no code. Show all posts

Generative AI Empower Users, But it May Challenge Security


With the easy-going creation of new applications and automation in recent years, low-code/ no code has been encouraging business partakers to deal with their requirements on their own, without depending on the IT. 

The power of generative AI, which has caught the attention and mindshare of the business and its customers, both increases the power as the entry barrier is virtually eliminated. Generative AI is integrated into low-code/no-code, accelerating the business' independence. Today, everyone is a developer, without a doubt. However, are we ready for the risks that follow? 

Business professionals began utilizing ChatGPT and other generative AI tools in an enterprise setting as soon as they were made available in order to complete their tasks more quickly and effectively. For marketing directors, generative AI creates PR pitches; for sales representatives, it creates emails for prospecting. Business users have already incorporated it into their daily operations, despite the fact that data governance and legal concerns have surfaced as barriers to official company adoption.

With tools like GitHub Copilot, developers have been leveraging generative AI to write and enhance code. A developer uses natural language to describe a software component, and AI then generates working code that makes sense in the developer's context. 

The developer's participation in this process is essential since they must carry the technical knowledge to ask the proper questions, assess the software that is produced, and integrate it with the rest of the code base. These duties call for expertise in software engineering.

Accept and Manage the Security Risk

Traditionally, security teams have focused on the applications created by their development organizations. However, users still fall prey to believing that these innovative business platforms are a ready-made solution, where in actual sense they have become application development platforms that power many of our business-critical applications. Bringing citizen developers within the security umbrella is still a work in progress.

With the growing popularity of generative AI, even more users will be creating applications. Business users are already having discussions about where data is stored, how their apps handle it, and who can access it. Errors are inevitable if we leave the new developers to make these decisions on their own without providing any kind of guidance.

Some organizations aim to ban citizen development or demand that commercial users obtain permission before using any applications or gaining access to any data. That is a sensible response, however, given the enormous productivity gains for the company, one may find it hard to believe it would be successful. A preferable strategy would be to establish automatic guardrails that silently address security issues and give business users a safe method to employ generative AI through low-code/no-code, allowing them to focus on what they do best: push the business forward.