Answer these questions to ensure that you can unlock the promised value of no- and low-code platforms.
Low-code or no-code platform adoption has gained unprecedented momentum in the last few years. Gartner predicts that “by 2023, over 50% of medium to large enterprises will have adopted a low-code application platform as one of their strategic application platforms.”
It’s no surprise
that low-code platforms like Microsoft Power Apps, Google App Sheets, and OutSystems
have grown popular, and adoption is on the rise. However, many enterprise
efforts to adopt and scale low-code or no-code platforms have experienced severe
setbacks. Some organizations get stuck in an experimental mindset without a
sense of where their low-code journey is headed. Others struggle to achieve an
enterprise-grade adoption and justify business value.
At a time when
technology needs frequently outpace delivery capacity, low-code or no-code platforms
can completely transform the development process and expand organizational
development capabilities beyond the engineering and IT horizon. These platforms
enable organizations to take advantage of citizen developers, or business users
outside of IT realms, who can develop and launch apps with little or no input
But business and engineering leaders may not be aware that these platforms don’t always solve business needs or deliver the desired value – in fact, they often add complexity and security risks, as they decrease IT visibility and lack mechanisms to control things like data security, access controls, encryption, etc. They also open the door to the development of apps that aren’t aligned with corporate or federal compliance requirements.
These problems exist because enterprises approach the implementation of low- and no-code platforms much as they would a traditional development platform. Citizen developers don’t have the same skills and knowledge of programming languages, architecture, and best practices as the average engineer does, and they can’t be expected to learn standard security or compliance control. This creates a distinct set of organizational challenges that must be addressed.
To be successful
with low- or no-code platforms, businesses must rethink how they’re implemented
entirely. We recommend starting at the beginning of the process by considering five
#1: How are you going to implement security, governance, and testing?
and testing are often an afterthought when an enterprise platform is being
adopted. Many companies think a platform’s built-in capabilities are sufficient,
and this can lead organizations that are implementing a low- or no-code
platform to use manual testing and ad-hoc governance control, undermining employees’ ability to use the
platforms and leading to misalignment on objectives.
must instead adopt a security-first mindset with a test-driven development
approach with a series of stopgaps and oversight built into the process. There’s
no one-size-fits-all solution, and businesses must strike a balance between
oversight and agility. For example, applications that contain personally
identifiable information or sensitive data or connect to transactional systems
should be more highly governed than single-purpose, standalone apps. Every
organization should map out its own set of criteria for appropriate levels of
governance, oversight for various kinds of apps, access to sensitive data,
performance, security policy, and integrations.
#2: What integrations are essential, and how tightly coupled with your no- or low-code platform do you want them to be?
typically use built-in adapters/connectors within low-code platforms for system
integration, and this results in point-to-point integration. These standard
connectors usually don’t scale well over time because they were created with a
focus on operating with a systems/service
integration mindset. Many organizations will take the approach of
deconstructing monolithic apps into microservices, but that isn’t aligned with
the adoption strategy behind low-code or no-code apps. Most organizations should consider
embracing an API-led connectivity approach instead of integrating systems
directly with an adapter. Adding an API layer can also decouple adapters and
enable easier scaling.
#3: How can you
reduce the risk of technical debt?
Technical debt happens when developers build apps that
violate best practices, resulting in structural flaws in the code. Left
unfixed, technical debt puts businesses at serious risk. Even though developers
don’t write code with low-code apps and platforms, there are still configuration
and adapter-based integration constructs that need careful consideration to
prevent violations. These can include:
- Robustness – The stability of an application and the likelihood of
introducing new defects when modifying it.
- Performance – The responsiveness of an application.
- Security – An application’s ability to prevent unauthorized intrusions.
- Transferability – The ease with which a new team can understand the
application and quickly become productive when working with it during the
- Changeability – The ability to modify an application easily and
It’s difficult to eliminate technical debt, but organizations can develop proactively,
so app constructs don’t add to existing debt. Organizations can infuse
proactivity into low- and no-code app adoption by:
- Spreading awareness – Educate your teams; the more citizen developers
are aware of the effects of technical debt, the higher a priority eliminating it
can and should take.
- Following good architectural practices – Create
easy-to-understand guidelines for citizen developers, keeping in mind their
level of technical expertise.
- Leveraging abstraction –Reduce complexity by removing unnecessary
functions and data from citizen developers’ plates and enabling them to focus
on creating apps that solve business needs.
- Avoiding tight coupling –Create scalable integrations that can be
adjusted as organizational needs evolve to avoid becoming reliant on platform
- Incorporating enterprise security controls –Create safeguards or
countermeasures to avoid, detect, counteract and minimize security risks. Such controls
protect the confidentiality and integrity of the apps and should be incorporated
from an early stage in the low- and no-code app development process.
- Maintaining a high percentage of test coverage – Develop processes and
procedures to test at least 85% of low- and no-code app features and
- Tracking challenges – Use issue trackers to stay organized with regard to technical
#4: What metrics
will determine platform business value?
requires considerable thought and care to support specific outcomes that truly
meet business needs. It’s critical to design measurements that answer business
questions and to make incremental improvements to processes and production
environments. Some of the objective measures that can be tracked include IT
backlog, cycle time, team velocity, security metrics, endpoint incidents, and
mean times to failure and recovery.
#5: What’s needed
to empower citizen developers and reduce IT workload?
do not have a citizen developer enablement playbook that is repeatable and
consistent. Onboarding with these programs is typically ad-hoc and lacks the foundation
needed for non-business users to be successful. As citizen developers have limited or
no coding experience, they need easy-to-use tools that provide enough
functional depth to accommodate their business needs.
should adopt a comprehensive citizen developer enablement program with the
establishment of a center of enablement (CoE) and set up governance around tools,
process, and technology adoption. Use the following steps as guiding principles
for creating an enablement program.
- Identify existing or potential citizen
- Establish a citizen developer credentialing
process, such as training and certification.
- Determine what projects are being or
have been created.
- Establish where citizen developer apps
are being created (for example, in office tools or using a commercial platform).
- Establish agreed-upon points of
technology that call for IT involvement.
- Set up standard protocols for low-code
development — sandboxing, testing, validation, audit, integration, and
- Determine an evaluation process to
decide whether a project is a candidate for IT development or low-code
processes for app development and appropriate governance processes based on
this evaluation. This could include planning (thinking through your application
before you start building it), data (the data you want to gather, display,
process, and report), design (how you want others to interact with your
application), and logic (the way your application will work).
With no- and low-code
platforms, enterprises have the power to leverage citizen developers to speed
time to market and expand engineering capabilities beyond IT, but doing so
requires rethinking every aspect of how platforms are adopted. Start by
answering these questions to ensure that you can unlock the promised value of
no- and low-code platforms.