Amid today’s growing movement to enable solution development, there is an increased push for utilizing low-code or no-code (LC/NC) frameworks and tools to allow non-technical employees -- referred to as citizen developers -- to create business friendly applications.

By expanding the ability to create applications beyond the traditional IT skillset with a LC/NC strategy, organizations can significantly alleviate the burden on IT teams and open them up to innovative work that supports evolving digital transformation journeys -- a critical move in today’s IT labor shortage.

However, as tech leaders move to adopt LC/NC development, some are worried about employees without coding experience building applications this way -- there's a reason programming is a specialized field.

“While low-code/no-code strategies offer benefits for IT teams, they also introduce new vulnerabilities that are of increasing concern -- notably compliance and security risks,” cautions Deepak Mohan, executive vice president of engineering at Veritas Technologies.

He explains that because citizen developers don’t have the same experience in implementing security and privacy, many of the applications they develop won’t be adequately protected and protection policies may be inaccurately applied.

“As a result, not only may organizations face compliance issues, but their applications may also create new vulnerabilities for bad actors to exploit,” he says.

To combat these issues, Mohan says organizations should incorporate LC/NC governance and security requirements that properly restricts the ability to create applications that are unsafe.

“Furthermore, IT departments need to ensure they have programs in place to provide proper oversight and visibility into what applications are being created and how they are being used,” he adds.

Lastly, organizations need to consider and factor in any licensing costs or intellectual property issues that may arise well in advance of building out these applications through LC/NC strategies.

Shortening Development Time, Keeping Scale in Mind

Yehuda Rosen, senior application engineer at nVisium, points out that skilled software engineers can be difficult to recruit and tend to be expensive.

“If a project can be completed via a low-code/no-code solution, the company will not only reduce their need for a hard-to-find engineer and better utilize their engineering resources for needs that can't be addressed otherwise,” he says. “Additionally, the speed of which an application can be built within a low-code/no-code strategy results in a dramatically shorter time-to-market.”

However, he cautions low-code/no-code is not a magic fix and won't remove the need for traditional software programming.

“It resolves some issues, but if an application requires novel features or other things that the low-code/no-code framework doesn't provide for, then a company will need to identify that before investing too much time in a solution that simply doesn’t work or scale,” Rosen explains.

He says it's critical that all required functionality is identified prior to developing any application via a LC/NC strategy, to prevent investing too much time and focus on a strategy that ends up not being capable of addressing all needs.

Full Visibility, Flexible Strategies

To guarantee a LC/NC strategy is successful, organizations must ensure there is a bulletproof infrastructure, data governance and security system in place, as well as full visibility into their data and applications.

“As a first step, enterprises must gain an understanding of their data -- what it is, where it is and what it’s worth,” Mohan says. “From there, IT leaders can understand where security and compliance vulnerabilities lay and then work to eliminate these threats while ensuring sufficient oversight for potential legal and contractual issues.”

While the responsibility of developing a LC/NC strategy falls, initially, on an enterprise’s CTO or CIO, Mohan advises tech leadership should loop in experts in data security, data protection and governance to address cyber and compliance threats and ensure employees are following proper company and legal protocols.

Rosen adds a company can be quite flexible at how such strategies are implemented.

“Every level of leadership can decide to use a low-code/no-code strategy, ranging from an engineering team manager who is tasked with building products for the company, to a CTO setting the strategic direction of the organization's engineering efforts,” he explains.

Low Code/No Code Gathers Momentum

Mohan predicts that in the coming months, low code/no code adoption will become mainstream, and citizen developers across any organization will have the power to create applications that suit their daily work.

“As companies determine if they should incorporate LC/NC apps into their own strategies, IT leadership must first equip their data management and compliance teams with processes to ensure data protection and compliance infrastructure is in place across the company,” he says.

Only when an organization is confident in their infrastructure, should they feel equipped to take on LC/NC application development strategies.

Rosen notes some types of projects already have mature solutions to build low-code/no-code projects, including Wix or Squarespace for websites, Airtable or AppSheet for data-driven CRUD and analysis applications, and many others.

“A company can confidently pick a low-code/no-code strategy if there are vendors with a proven track record of enabling similar types of apps,” he says. “In the next year or two, many more capabilities will be brought to low-code/no-code solutions and allow developers to build a wider range of functionality and application types.”

What to Read Next:

Quick Study: Low Code/No Code for the Business Side

3 Questions Startups Should Be Asking About Low Code/No Code

Can Low-Code Tools Really Deliver Business Value?