Data security, it's always front of mind, at least it should be. With the rise of low code/no code platforms there is always a risk of data being exposed at the wrong time, to the wrong people and in the wrong way.
What we saw this August 2021 from Power Apps Portals with 38 million records being exposed you have to ask the question, is it the platform or the configuration?
We often hear that customers and Partners find Power App Portals (now called Power Pages) is complex and hard to configure at times. With many settings and options, it can indeed make delivering an online self-service portal quick to configure by a novice. However, without proper guidance or skill we end up where we are now with over 1000 company sites inadvertently exposing data.
As a provider of a low code/no code platform we understand the risk associated with relatively nontechnical people configuring a portal. Our focus is on education by providing free training, openly discussing security, and offering services to help along the way with our daily Q&A sessions with developers to clarify any questions they may have.
Back to the question, is it the configuration of the platform. I would say it's both. On a platform level there should be absolutely no question on how to configure security. By default, settings should be configured out of the box to limit exposure and it should be followed up with, as discussed above, training and guidance from the vendor.
Of course, if the vendor offers the services and by default reduces exposure then it should come down to the organization and people configuring the platform. It's like the old saying "you can lead a horse to water...", what the horse does next should be based on your organization's internal policies.
Low code/no code platforms have their place and provide significant value. But when you have sensitive data measures should always be taken to ensure its secure with internal and 3rd party assessments.
Thanks for reading - Steve Webb, Managing Director
A post by The Portal Connector
