Zenity identifies shadow IT apps and ensures good governance and security


A survey by the Everest Group shows that shadow IT accounts for 50 percent or more of an organization’s IT spend. This shows that shadow IT can be problematic, but not entirely detrimental. There are valid reasons why many organizations use unapproved and unverified IT systems or components. First, it supports innovative solutions and enables departments to creatively find ways to meet their specific needs.

However, the benefits of shadow IT are wiped out when its greatest challenge is not solved: security. Shadow IT poses significant security risks, including poor visibility into an organization’s technology environment, increased potential for data loss and theft, compliance issues, disrupted workflows, and vulnerabilities that can be exploited to commit various types of cybercrime.

One of the biggest sources of shadow IT is the growing popularity of low-code/no-code (LCNC) app development. Many organizations are now embracing LCNC development platforms to build their own apps that meet their specific functional requirements. They quickly produce apps in response to various operational issues without the knowledge of IT.

Zenity: Zen for apps with little or no code

Founded in 2021 by a duo of cybersecurity experts, Ben Kliger and Michael Bargury, Zenity is the first and (so far) only governance and security platform built specifically for low-code/no-code apps. Its founders describe it as a “win-win environment where IT and information security can give business and professional developers the independence they want to drive the business forward while maintaining complete visibility and control.”

Kliger, a former Information Security Consultant at Deloitte, and Bargury, a veteran cybersecurity specialist, noted that there was a lack of cybersecurity solutions to match the new dynamics when it comes to developing LCNC apps. The two noted that all existing app and development security solutions are for traditional development. Current cybersecurity systems do not consider the risks of shadow IT apps built using low-code/no-code platforms.

Zenity changes all this by enabling organizations to monitor and protect their LCNC assets across platforms. It maximizes the benefits of low-code apps by ensuring that security vulnerabilities don’t become stumbling blocks. Kliger and Bargury worked with the largest US companies to understand what they really need and want when it comes to low-code/no-code applications.

How Zenity is tackling the shadow IT problem

Zen brings enlightenment, and this is what Zenity does in a sense for using low-code apps. It takes apps away from shadow IT by making them visible to those who should know what these apps are and what they do. Zenity not only makes those responsible for IT security aware of the presence of the apps, but is also able to monitor them and enforce security rules and policies on them.

Five key roles were defined in a message from Zenity’s founders. These are as follows: (1) enforcing security policies, (2) continuously detecting policy violations, (3) discovering shadow enterprise IT apps, (4) automatic remediation and troubleshooting, and (5) detect deviant behavior.

Zenity does this by first identifying all low-code/no-code apps that are used in an organization across platforms. This “discovery phase” results in cross-platform visibility, allowing IT, or at least the security team, to know all the apps connected to the network, who the creators and users are, and what data is being sent or exchanged between these applications.

Once all LCNC apps have already been inventoried, which essentially means pulling the apps out of shadow IT, the organization can effectively implement security, governance, and mitigation functions.

Zenity’s protection feature is mainly about detecting suspicious and malicious LCNC app activities, especially those related to supply chain attacks. This focus on attacks on the software supply chain is crucial, as high-profile incidents like SolarWinds’s demonstrate the kind of threats faced by any organization using software from different vendors. It is necessary to always be on the lookout for malicious or deviant behavior to prevent attacks before they escalate.

When it comes to governance, Zenity facilitates the formulation and implementation of the organization’s app governance policies. It provides a systematic way to create and configure app guardrails, supported by rules-based automation. This helps eliminate risks and prevent business disruption.

Finally, the mitigation aspect of Zenity focuses on the need to reduce risk surfaces through continuous risk assessments. All low-code/no-code apps and their components are continuously monitored for possible configuration anomalies, use with vulnerabilities, and use of third-party components that may be considered insecure. Zenity accelerates remediation of security vulnerabilities by providing prompt alerts, along with description and details of the breached security policy and recommendations on actions to take.

Does Zenity Eliminate Shadow IT?

Zenity is not designed to destroy shadow IT, which is not entirely detrimental. What it does is allow organizations to take advantage of shadow IT without compromising their security. Zenity helps organizations take their LCNC apps out of the shadows of IT with its cross-platform visibility, but it’s not intended to completely stop organizations from using shadow IT.

For example, in the case of departments using Robotic Process Automation (RPA), Zenity makes it possible to discover any bots or virtual agents built with an RPA platform and to detect risks and other security vulnerabilities. Zenity doesn’t stop organizations from using methods or tools that lead to more shadow IT systems and components, but it can expose apps that could potentially become vulnerabilities in an organization’s security posture.

Zenity also provides management and security for all applications created using citizen automation and development platforms (CADP) and low-code application platforms (LCAP). It provides visibility and app tracking, as well as the application of standard software development lifecycle (SDLC) security practices and governance.

This LCNC app security and governance platform supports the secure self-building of interconnected business apps and the “hyper-automation” of various processes, especially those created using Integrated Platform as a Service (iPaaS). Zenity enables the continuous investigation of all iPaaS integrations, including how they store and transmit sensitive data between SaaS apps and on-premises endpoints.

In addition, Zenity ensures secure configuration of business processes and data flows. This is important when using modern automation platforms such as Intelligent Business Process Management Systems (iBPMS) to securely automate complex workflows. Organizations gain cross-platform visibility for all their iBPMS apps, creators, and data. They also benefit from quickly finding and remediating misconfigured automations and are aware of questionable data flows and security compliance issues.

Providing a new, reliable solution

Founded in 2021 as a SaaS solution for app security and governance, Zenity is relatively new to the cybersecurity industry. However, the particular groundbreaking solution it offers holds great promise in securing low-code apps, which will comprise 75 percent of all apps used by organizations by 2024. It’s a solution that works and is backed by renowned cybersecurity figures.

Ory Segal, Senior Director of Product Management, Palo-Alto Networks, commended Zenity for taking on the challenge of securing LCNC applications and enabling organizations to “gain visibility and control over the wild west of enterprise application development.” . Similarly, Omer Mar-Chaim, director of IT technology at Varonis, notes Zenity’s role in advancing the secure use of low-code/no-code apps, calling it an “innovative platform that helps enable the development of secure citizen and business applications.”

Zenity doesn’t promise to end shadow IT, but as far as business apps go, it helps ensure the safe use of low-code/no-code apps. These apps would otherwise be part of insecure shadow IT if they are created and deployed in the same way as before to lack a viable security and governance platform.

Image: Zenity

Leave a Comment