When some 38 million data records were exposed because of a misconfiguration in Microsoft Power Apps, companies like American Airlines, J.B. Hunt, Microsoft itself and even city and state governments experienced significant fallout. Individuals’ personal vaccine records, job applicant databases and Social Security numbers were among the data exposed.
Microsoft Power Apps are a “low-code” Rapid Application Development tool for essentially designing software for those who do not know how to design software. Their obvious appeal is for people with little or no programming knowledge to quickly build relatively robust technology tools. This includes the ability to store records and pull data for use elsewhere. The misconfiguration in Power Apps was that all data types – including personally identifying information – was public instead of private.
The disaster raises important questions about the perceived cost savings of Do-It-Yourself solutions vs the advantages of a Custom Software Development initiative.
Can Low-Code Work For Your Culture?
A primary benefit of Custom Software to any business is the ability to tailor your software solution to suit the way your company works without changing your processes. While there can be a great deal of value in off-the-shelf solutions, many of them require significant customization and setup to turn a general solution into something specific for your organization’s vision.
There can be a danger to this approach because, if customizing an off-the-shelf solution is in order, the solution that is chosen can be a matter of preference or familiarity with internal “developers” in an organization. Rather than building a tool most suitable to business goals and objectives, the focus can be on adjusting an existing tool that somebody’s most familiar with – even though that tool might not be the appropriate solution in the first place! This is a common error made by internal, non-professional, developers.
This is, as ever, where a highly collaborative and consultative approach is essential. A discovery process, inherent to Custom Software Development at InterSoft Associates, helps uncover business priorities and work towards achieving those with appropriate technologies. Without that approach, technology can drive business priorities.
The Experienced, The Expert, or The Easy
As the remote workforce has become increasingly prevalent and relevant, companies have been scrambling to accommodate some of the technical demands of this reality. This is one reason why Power Apps and low or no-code solutions are popular and powerful – there is a perception that they are easy to use and quick to implement.
Again, that can be true. Power Apps can be a powerful part of an organization’s technology and data stack. But a hastiness to just get it built means inexperienced people are often creating apps and platforms. Security concerns are not always well understood and best practices are almost never followed. Default configurations and implications in cloud applications like Power Apps are not always well understood. In fact, Power Apps was not hacked or broken into as 39 million data records were exposed. The records were just defaulted to “public.” As Microsoft intended. A decade ago, this might not have been the issue it is today.
For off-the-shelf solutions, top priorities include ease of use, flexibility and access – priorities that are not generally aligned with security. This means default configurations, as with Power Apps, are often set incorrectly and are not well documented. For example, setting API calls to public is easier than private. Database access is simpler. Moreover, confidence in these platforms and their developers, like Microsoft, can make the people that are using them for development complacent. The presumption is somebody else is taking care of data security. Moreover, Power Apps and those that employ them can generally not interface well with third party software that is used by the enterprise.
With Custom Software done properly, there are no presumptions. When platforms and applications are developed from the ground up with data integrity, security and performance in mind, risk is more easily managed and avoided in the development process. Administrators will not be required later on to be solely responsible for important security and access thresholds. In addition, properly developed software keeps track of code revisions, is properly documented and can service the enterprise.
Should You Use Power Apps and other Low Code Development Tools?
Should you use low and no-code platforms like Power Apps? Maybe. Automation and integration apps are growing more sophisticated and powerful. Your business can easily benefit from putting this to work for you. On the other hand, Power Apps are best used to meet a particular need, usually for a small group or a small department – not for enterprise. In any case it is important to consider some key questions:
- Why this solution? If it is to augment or complement existing software or technology needs, low-code might be the right tool for the job. If it is because the IT person is familiar with it, you might regret the decision later on. If it is to avoid the perception of something more costly, consider a conversation with a custom software developer first to get a more complete picture.
- Will this solution be future proof? If the internal developer working on the no-code platform leaves next week, can somebody else pick things up in a timely fashion? Will the technology still work for you in a year or three or five? Can it grow with your needs as your company grows? As technologies grow?
- Do I understand any inherent risks? Does your internal developer know which default configurations to watch out for or change, and why? Do they understand what threat actors are looking out for and practice best security protocols? Are they even able to, given the nature of the tool in use?
Before getting seriously invested in the time and resource commitment to a no-code or low-code solution like Power Apps, give us a call. It is free, and we will never try to sell you something. With a better understanding of what you are trying to achieve and why, we can make suggestions to help you accomplish your goals more quickly, safely, and thought-out and help you to choose the appropriate tools for your solution.