Latest news with #YairFinzi
Business Wire
5 days ago
- Business
- Business Wire
Nokod Security Opens U.S. Office in Boulder, Colorado to Support Growing Demand for No-Code Application Security
TEL AVIV, Israel & BOULDER, Colo.--(BUSINESS WIRE)-- Nokod Security, the security company for no-code development, today announced the opening of its U.S. office in Boulder, Colorado. The new location strengthens Nokod's presence in North America and positions the company to better serve its rapidly expanding customer base in the fast-growing market for no-code and citizen developer application security. According to Gartner, Inc., '42% of organizations have already deployed low-code/no-code platforms, with another 38% planning to do so by 2027.' Yet organizations struggle to manage security and privacy for citizen developed apps using existing IT tools. Share The move comes as demand is surging for solutions that secure business-led application development. According to Gartner®, 'in the 2025 Gartner CIO and Technology Executive Survey, 42% of respondents said they have already deployed low-code/no-code development platforms, while an additional 38% said they will deploy by 2027.' However, the research warns that 'Software engineering leaders struggle to manage security and privacy risks in low-code/no-code development, because the governance approaches they use for IT developers are difficult or impossible to apply to citizen developers.' 1 'Opening our Boulder office is more than just a geographic expansion, it's a commitment to being on the front lines with our U.S. customers and deepens our ability to support them as they navigate the unique security and governance challenges of citizen development,' said Yair Finzi, CEO of Nokod Security. 'Our mission is to give organizations complete visibility and control over these apps, so they can innovate without compromising security or compliance.' The Boulder office will be the base for additional Nokod customer success, sales, and technical support teams for the Americas, enabling faster response times, deeper customer engagement, and a foundation for continued growth in the region. Nokod Security's platform protects against the unique risks of unmanaged no-code and citizen-developed 'shadow apps', including security vulnerabilities, externally exposed applications, misconfigurations, weak access controls, and unpatched components that can lead to breaches, compliance violations, and operational disruptions. Nokod's tools empower security teams to discover, assess, and enforce guardrails on no-code apps developed across platforms like Microsoft Power Platform, UiPath, ServiceNow, and Salesforce. The company's growing momentum reflects a broader market trend: 'Third-party tools can help mitigate the security and compliance risks associated with business-led low-code/no-code development,' according to Gartner 1. Nokod's platform enables cross-platform risk visibility and security policy enforcement, addressing a key need identified in the research. Gartner Attribution and Disclaimer Gartner, How to Support and Govern Low-Code Applications for Citizen Development, by Mukul Saha and Oleksandr Matvitskyy, April 17, 2025. Gartner is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved. About Nokod Security Nokod Security is the security company for no-code development. The Nokod Security Platform protects enterprises from security risks introduced by no-code, RPA (robotic process automation) and AI Agent development created in a wide range of platforms, including Microsoft Power Platform, UiPath, ServiceNow, Salesforce, and more. The company's management team were founders of Imperva and SecuredTouch (now Ping Identity). Nokod has received investments from Acrew Capital, Meron Capital, and Flint Capital. For more information about Nokod, follow us on LinkedIn. To schedule a demo, visit or contact us at .
Forbes
11-08-2025
- Business
- Forbes
How To Secure No-Code Applications In Regulated Industries
Yair Finzi is cofounder & CEO of Nokod Security and was cofounder & CEO of SecuredTouch (now Ping Identity) and a product leader at Meta. No-code development platforms are rapidly gaining traction across highly regulated industries such as financial services, pharmaceuticals, healthcare, manufacturing and government. There's good reason for this: These solutions empower citizen developers to quickly build and modify custom applications without the need for extensive coding expertise. Some healthcare organizations, for example, rely on no-code platforms to develop patient management systems that streamline patient intake, appointment scheduling, billing and electronic health record (EHR) management. Likewise, financial services firms leverage no-code platforms for loan and claims management applications, significantly speeding up processes like application tracking, approval workflows, disbursements and insurance claims processing. Even compliance-related tasks benefit from no-code automation, including workflows for licensing, permitting, regulatory reporting and audit documentation. While this increased agility and flexibility allows organizations to rapidly respond to new business opportunities, it also introduces potential security and regulatory compliance risks. The very features that make no-code platforms appealing—ease of use and accessibility—also introduce notable security trade-offs. Because no-code applications frequently operate beyond the oversight of traditional application security (AppSec) programs, the likelihood of overlooked vulnerabilities increases, particularly in sectors governed by stringent regulations like PCI DSS, HIPAA, GDPR and various federal guidelines. Unique No-Code Security Issues No-code applications introduce several new risks not typically addressed by existing security frameworks. Often created by business users outside formal IT oversight, no-code applications that manage sensitive data commonly do not undergo necessary security reviews. Data connectors over-sharing compounds this visibility gap. Citizen-developed applications that connect broadly to critical systems, like payment gateways, patient records or customer databases, inadvertently allow access that far exceeds necessary limits. Traditional software development teams have rigorous protocols for securely managing API keys and tokens. Conversely, in no-code applications, credentials are often hard-coded into workflows, making them difficult to monitor and easier targets for exploitation if compromised. Third-party connectors amplify these vulnerabilities. No-code applications often rely on prebuilt integrations with external services—such as payment processors or document management systems—that may introduce insecure configurations or outdated libraries. No-Code Compliance Challenges Proper governance of these no-code integrations is essential in regulated environments to ensure comprehensive vendor management, but compliance becomes a moving target within no-code environments. Data classification and handling are common issues. Many no-code apps lack clearly defined data management policies, potentially exposing personally identifiable information (PII), protected health information (PHI) and financial data to unauthorized access, improper storage locations or insecure third-party transfers. Auditability presents another substantial challenge. Compliance regulations such as SOX, HIPAA and PCI DSS mandate detailed audit trails for sensitive data applications. Yet, no-code platforms typically fall short on providing the necessary forensic-level tracking capabilities, leaving security teams struggling with basic visibility questions such as identifying application creators, connected systems and recent updates. Security Best Practices For No-Code Applications To address these risks, security teams need to extend their existing application security and governance programs to cover no-code applications. The goal isn't to slow down innovation, but to embed sensible guardrails that allow no-code development to thrive without exposing the organization to unnecessary risk. Here are some best practices to help security teams manage no-code application risks in regulated industries: • Establish a formal discovery and governance process for no-code development. Continuously identify, catalog and perform a risk assessment on all no-code applications across the organization. Since enforcing strict policies on citizen developers can be challenging, focus on automated discovery and visibility to surface potential risks, misconfigurations and unapproved third-party integrations before they reach production. • Continuously monitor the security posture of no-code applications. Use tools or processes to gain real-time visibility into no-code assets, configurations and data flows. Set automated alerts for excessive permissions, unauthorized external integrations and sensitive data access outside approved workflows. • Adapt application security processes to address the unique nature of no-code applications. Traditional AppSec programs are built around source code visibility and secure coding practices, but no-code platforms operate differently—vulnerabilities often stem from misconfigurations and flawed logic, not insecure code. Security teams should focus on reviewing high-risk workflows, data flows and integration points, applying configuration-based risk assessments and logic reviews to no-code applications. Securing no-code applications in regulated industries requires more than retrofitting traditional AppSec practices. By building oversight into no-code development workflows, security can enable faster, safer innovation, helping the business automate processes, improve agility and meet regulatory requirements without introducing unnecessary risk. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Business Wire
24-07-2025
- Business
- Business Wire
Nokod Security Mentioned in 2025 Gartner® Research on Citizen Application Development Platforms
TEL AVIV--(BUSINESS WIRE)-- Nokod Security, the security company for citizen application development platforms, today announced it was mentioned in the June 2025 Gartner report 'CADP Providers Threatened by Unexpected Market Entrants' as a security-specific provider that can help organizations minimize threat exposure, protect sensitive data and comply with regulatory standards. According to Gartner: CPOs should advance their application security program, either through in-product capabilities or by establishing partnerships with security-specific providers… to minimize threat exposure Share According to the Gartner report, 'The growth of the CADP market will be powered by the contributions of citizen developers to digital initiatives which are expected to quadruple over the next three years, rising from 10% in 2025 to 40% in 2028.' 'In the 2024 Gartner Democratized Delivery Insights Survey, an inability to establish effective governance practices (lack of clear roles, responsibilities or processes) is the No. 1 barrier to implementing democratized digital delivery, followed by data security concerns and skills gaps. To grow revenue, CPOs should prioritize capabilities relating to governance and security to help customers overcome these barriers.' The report also states that: 'One gap in LCAP (low-code application platform) governance capabilities that can have an impact on security is that LCAP providers often focus only on managing and governing their own solutions, lacking broader support for multivendor environments.' And CPOs should: 'Advance their application security program, either through in-product capabilities or by establishing partnerships with security-specific providers… to minimize threat exposure, protect sensitive data and comply with regulatory standards.' 'We believe being recognized by Gartner in this report for the fast-evolving CADP market reflects the growing importance of addressing security and governance gaps in citizen development initiatives,' said Yair Finzi, CEO of Nokod Security. 'As citizen development scales, security teams are being left behind. Nokod helps organizations catch up by discovering all citizen developed applications, detecting vulnerabilities and malicious activities, and remediating and mitigating risks across multivendor CADP environments.' Gartner Attribution and Disclaimer Gartner, CADP Providers Threatened by Unexpected Market Entrants, by Kelli Smith, Molly Beams, 20 June 2025. Gartner is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product, or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. About Nokod Security Nokod Security is the security company for no-code development. The Nokod Security Platform protects enterprises from security risks introduced by no-code, RPA (robotic process automation) and AI Agent development created in a wide range of platforms, including Microsoft Power Platform, UiPath, ServiceNow, Salesforce, and more. The company's management team were founders of Imperva and SecuredTouch (now Ping Identity). Nokod has received investments from Acrew Capital, Meron Capital, and Flint Capital. For more information about Nokod, follow us X and LinkedIn. To schedule a demo, visit or contact us at info@
