Couldn’t attend Transform 2022? Check out all the top sessions in our on-demand library now! Look here.
Low-code and no-code tools enable a whole new generation of developers. In particular, Salesforce continues to release features that allow users to “click, not code.”
A growing workforce of less experienced developers requires tools with enhanced capabilities, especially those related to cybersecurity, explains Eric Pearson, senior product manager and regional vice president at devops company AutoRabit.
To help organizations monitor performance and mitigate risk in a growing threat landscape, AutoRabit today announced the launch of CodeScan Shield. With the new no-code analytics tool, administrators and developers can easily scan a Salesforce ecosystem for security threats and be immediately notified of potential errors before a major breach occurs.
“By expanding our DevSecOps toolset to monitor performance and mitigate risk, we can now help development teams with consistency, compliance and data security,” said Pearson.
MetaBeat will bring together thought leaders to offer advice on how metaverse technology will change the way all industries communicate and do business October 4 in San Francisco, CA.
Salesforce is the dominant leader in the customer relationship management (CRM) software market, with nearly 24% market share in 2021. A recent report from the International Data Center (IDC) commissioned by Salesforce predicts that the company and its partners 9.3 million new jobs and $1.6 trillion in new operating revenues worldwide by 2026.
DevSecOps is a process that simultaneously addresses development, security, and operations throughout an application’s lifecycle. In the wake of growing – and increasingly sophisticated – cyber attacks, DevSecOps Market is booming – estimated at $2.55 billion in 2020 and projected to be $23.42 billion in 2028.
According to Emerging research, growth is driven by the increasing need for repeatable and adaptive processes and automated monitoring and testing. Customized code security with different testing approaches — for example, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST) — also drives adoption of DevSecOps tools.
“DevSecOps provides flexibility for repetitive and adaptive procedures,” the report states. “This ensures that security is uniformly enforced across the environment as the environment changes and adapts accordingly to meet newer requirements.”
Consistency, Compliance, Data Security
Static code analysis provides insight into the health of the code from the first line written to its final implementation in production, explains Pearson. It’s critical because it drives the quality, speed, and security of Salesforce development.
“Poor code quality slows down the speed of functions and creates additional risks to compliance and security,” he said.
Not to mention the cost of fixing manufacturing flaws versus fixing them in early development is a million dollar difference. He pointed out that the average cost of a data breach is: $4.35 million — an increase of almost 13% since 2020. And 23% of data breaches are caused by human error.
Having trust in processes is critical to staying secure and compliant amid growing security risks, Pearson said. Stability of coding structures in updates and applications – along with strict adherence to internal rules and standards – requires consistency.
CodeScan Shield is the next iteration of the AutoRabit code analysis tool used by thousands of Salesforce developers. It extends metadata rules and also introduces the OrgScan module.
This new module allows pro code developers, point-and-click developers, and Salesforce admins to incorporate security scans into their workflows. They can scan Salesforce profiles, permission sets, user and session settings, flows, and other metadata components to check for 100% compliance with native and custom Salesforce policies, in support of regulatory compliance standards, Pearson said. After a scan is complete, an interactive dashboard displays the results and identifies areas of concern.
Combining code scanning and policy management
With the introduction of CodeScan Shield, AutoRabit says it is the only company to provide an all-in-one code scanning and policy management product.
Without such tools, “…administrators are responsible for field-level security and developers are responsible for code quality and security; we’ve learned from our customers that when everyone owns something, nobody has it,” says Pearson.
Scanning the entire Salesforce organization, not just the code, provides “…a holistic security and governance layer that gives technical leaders the guidance they need to ensure their employees are operating within the defined security parameters set by the organization have been established,” said Pearson.
AutoRabit will demonstrate CodeScan Shield on Dream Force 2022 next week.
The mission of VentureBeat is a digital city square for tech decision makers to gain knowledge about transformative business technology and transactions. Discover our briefings.