Low-Code/No-Code: Five key questions to form your strategy
Answer these questions to ensure that you can unlock the promised value of no- and low-code platforms.
Low-code or no-code platform adoption has gained unprecedented momentum in the last few years. Gartner predicts that “by 2023, over 50% of medium to large enterprises will have adopted a low-code application platform as one of their strategic application platforms.”
It’s no surprise that low-code platforms like Microsoft Power Apps, Google App Sheets, and OutSystems have grown popular, and adoption is on the rise. However, many enterprise efforts to adopt and scale low-code or no-code platforms have experienced severe setbacks. Some organizations get stuck in an experimental mindset without a sense of where their low-code journey is headed. Others struggle to achieve an enterprise-grade adoption and justify business value.
At a time when technology needs frequently outpace delivery capacity, low-code or no-code platforms can completely transform the development process and expand organizational development capabilities beyond the engineering and IT horizon. These platforms enable organizations to take advantage of citizen developers, or business users outside of IT realms, who can develop and launch apps with little or no input from engineering.
But business and engineering leaders may not be aware that these platforms don’t always solve business needs or deliver the desired value – in fact, they often add complexity and security risks, as they decrease IT visibility and lack mechanisms to control things like data security, access controls, encryption, etc. They also open the door to the development of apps that aren’t aligned with corporate or federal compliance requirements.
These problems exist because enterprises approach the implementation of low- and no-code platforms much as they would a traditional development platform. Citizen developers don’t have the same skills and knowledge of programming languages, architecture, and best practices as the average engineer does, and they can’t be expected to learn standard security or compliance control. This creates a distinct set of organizational challenges that must be addressed.
To be successful with low- or no-code platforms, businesses must rethink how they’re implemented entirely. We recommend starting at the beginning of the process by considering five key questions.
#1: How are you going to implement security, governance, and testing?
Security, governance, and testing are often an afterthought when an enterprise platform is being adopted. Many companies think a platform’s built-in capabilities are sufficient, and this can lead organizations that are implementing a low- or no-code platform to use manual testing and ad-hoc governance control, undermining employees’ ability to use the platforms and leading to misalignment on objectives.
Organizations must instead adopt a security-first mindset with a test-driven development approach with a series of stopgaps and oversight built into the process. There’s no one-size-fits-all solution, and businesses must strike a balance between oversight and agility. For example, applications that contain personally identifiable information or sensitive data or connect to transactional systems should be more highly governed than single-purpose, standalone apps. Every organization should map out its own set of criteria for appropriate levels of governance, oversight for various kinds of apps, access to sensitive data, performance, security policy, and integrations.
#2: What integrations are essential, and how tightly coupled with your no- or low-code platform do you want them to be?
Enterprises typically use built-in adapters/connectors within low-code platforms for system integration, and this results in point-to-point integration. These standard connectors usually don’t scale well over time because they were created with a focus on operating with a systems/service integration mindset. Many organizations will take the approach of deconstructing monolithic apps into microservices, but that isn’t aligned with the adoption strategy behind low-code or no-code apps. Most organizations should consider embracing an API-led connectivity approach instead of integrating systems directly with an adapter. Adding an API layer can also decouple adapters and enable easier scaling.
#3: How can you reduce the risk of technical debt?
Technical debt happens when developers build apps that violate best practices, resulting in structural flaws in the code. Left unfixed, technical debt puts businesses at serious risk. Even though developers don’t write code with low-code apps and platforms, there are still configuration and adapter-based integration constructs that need careful consideration to prevent violations. These can include:
- Robustness: The stability of an application and the likelihood of introducing new defects when modifying it.
- Performance: The responsiveness of an application.
- Security: An application’s ability to prevent unauthorized intrusions.
- Transferability: The ease with which a new team can understand the application and quickly become productive when working with it during the onboarding period.
- Changeability: The ability to modify an application easily and quickly.
It’s difficult to eliminate technical debt, but organizations can develop proactively, so app constructs don’t add to existing debt. Organizations can infuse proactivity into low- and no-code app adoption by:
- Spreading awareness: Educate your teams; the more citizen developers are aware of the effects of technical debt, the higher a priority eliminating it can and should take.
- Following good architectural practices: Create easy-to-understand guidelines for citizen developers, keeping in mind their level of technical expertise.
- Leveraging abstraction: Reduce complexity by removing unnecessary functions and data from citizen developers’ plates and enabling them to focus on creating apps that solve business needs.
- Avoiding tight coupling: Create scalable integrations that can be adjusted as organizational needs evolve to avoid becoming reliant on platform capabilities.
- Incorporating enterprise security controls: Create safeguards or countermeasures to avoid, detect, counteract and minimize security risks. Such controls protect the confidentiality and integrity of the apps and should be incorporated from an early stage in the low- and no-code app development process.
- Maintaining a high percentage of test coverage: Develop processes and procedures to test at least 85% of low- and no-code app features and functionality.
- Tracking challenges: Use issue trackers to stay organized with regard to technical debt.
#4: What metrics will determine platform business value?
Choosing metrics requires considerable thought and care to support specific outcomes that truly meet business needs. It’s critical to design measurements that answer business questions and to make incremental improvements to processes and production environments. Some of the objective measures that can be tracked include IT backlog, cycle time, team velocity, security metrics, endpoint incidents, and mean times to failure and recovery.
#5: What’s needed to empower citizen developers and reduce IT workload?
Most enterprises do not have a citizen developer enablement playbook that is repeatable and consistent. Onboarding with these programs is typically ad-hoc and lacks the foundation needed for non-business users to be successful. As citizen developers have limited or no coding experience, they need easy-to-use tools that provide enough functional depth to accommodate their business needs.
Enterprises should adopt a comprehensive citizen developer enablement program with the establishment of a center of enablement (CoE) and set up governance around tools, process, and technology adoption. Use the following steps as guiding principles for creating an enablement program.
- Identify existing or potential citizen developers.
- Establish a citizen developer credentialing process, such as training and certification.
- Determine what projects are being or have been created.
- Establish where citizen developer apps are being created (for example, in-office tools or using a commercial platform).
- Establish agreed-upon points of technology that call for IT involvement.
- Set up standard protocols for low-code development — sandboxing, testing, validation, audit, integration, and deployment.
- Determine an evaluation process to decide whether a project is a candidate for IT development or low-code development.
- Establish processes for app development and appropriate governance processes based on this evaluation. This could include planning (thinking through your application before you start building it), data (the data you want to gather, display, process, and report), design (how you want others to interact with your application), and logic (the way your application will work).
With no- and low-code platforms, enterprises have the power to leverage citizen developers to speed time to market and expand engineering capabilities beyond IT, but doing so requires rethinking every aspect of how platforms are adopted. Start by answering these questions to ensure that you can unlock the promised value of no- and low-code platforms.
About the Author
Raja Roy is vice president of technology at PK. He is responsible for driving the overall technology initiative, strategy, and innovation for PK. Raja has nearly 20 years of experience leading technology strategy, initiatives and innovation for Fortune 500 brands.