No-code for Enterprise: Opportunities and Challenges
No-code and low-code development platforms allow non-programmers to create apps without writing any or much code. They often consist of graphical user interfaces that write application code automatically behind the scenes.
Over the past couple of years, no-code development has taken the IT industry by storm. According to Gartner, 80% of technology products and services will be built outside of IT by 2024. According to a recent Tonkean survey, 96% of 500 US-based IT and operations professionals have reported that they have already adopted or will soon to adopt no-code/low-code tools.
While the concept of empowering business users to build their own applications has been around for a long time, this new wave of products — powered by a significant infusion of private capital and wider adoption of cloud computing — is becoming a viable alternative to traditional application development. Larger enterprises could significantly benefit from this trend.
Business users in large enterprises have been building and maintaining their own applications for decades. To this end, many business users choose spreadsheets as their main platform — in particular, Microsoft Excel. Those familiar with VBA (Visual Basic for Applications) are also able to implement more advanced capabilities in Excel and create integrations with other software like Microsoft Access for data persistence. But this type of no-code usage has always suffered from the inherent limitations of a file-based approach.
The new generation of no-code technologies offers a unique opportunity to build applications that are often indistinguishable by the end user from those that are built by professional developers.
Huge No-code Opportunities for Enterprise
No-code platforms can present huge opportunities for enterprises in the application development space.
Application development is expensive and time consuming. This is especially true in large enterprises — and for good reason: rushing the release of a buggy application can be very costly to an enterprise. Thus, they have tedious internal processes around the development, testing, and release of applications, ensuring that they’re secure, stable, and scalable. This makes the application development lifecycle a time-consuming and costly process. The development cost of an average enterprise-level web application is typically in $100k to $1m range. According to a 2016 survey by Enterprise Mobility Exchange, 29% of respondents budgeted $250-500k and 25% budgeted over $1.5m for an average mobile application development project.
While this is understandable for business-critical, external-facing applications, there are many other application development needs that are less critical and intended for internal usage only. Yet, these are often subjected to the same level of scrutiny. Why should an application that will only be utilized by a handful of internal users take so long and cost so much to develop?
Often, business units have already built their target applications in Excel, but these are not as efficient as web applications. Most enterprise CIOs and IT managers have heard these arguments so many times. Yet, they have had no sanctioned solution aside from building traditional applications. The new generation of no-code platforms can change this. Offering business units an alternative platform, where they can build web applications with minimal dependence on IT departments, can be an invaluable boon to large enterprises.
What type of applications most benefit from no-code?
Developing internal applications is perhaps the category most ripe for benefiting from no-code development. These applications typically have a small user base. Since all users are internal, they can be deployed behind enterprise firewalls to ensure compliance with enterprise security standards. Most internal applications are not business critical, so they can accommodate limited down-time.
This is probably the largest category of application development in an enterprise. Since the majority of these projects tend to be low priority and retain only a small budget, these support needs often go unmet or deprioritized by IT departments. Business units typically handle these needs by building applications in Excel without even bringing them to IT for consideration. This leads to countless, disparate Excel spreadsheets flowing across the organization, which ends up being a nightmare for enterprise security teams.
Moving these applications to an enterprise-wide, no-code platform resolves many of these problems without taking any flexibility away from the business units.
Another category ideal for no-code is low-usage, external-facing applications. This category of applications is often used by partners, intermediaries, or some customers. They’re not business-critical and can accommodate limited downtime. They also don’t process any sensitive data.
Additionally, the process of building prototypes and minimum viable products (MVPs) for business-critical applications can also easily be facilitated by no-code platforms. Prototyping is a part of the software development process where developers and end users can interact on a partially functional application to evaluate and iterate on the business needs until an agreement on a final design is reached. This helps finalize the design before the actual development process starts — which, in turn, helps reduces the overall time and cost of a project by identifying and eliminating potential changes beforehand.
The concept of developing MVPs lends itself especially well to startups. The idea is to develop a partially functional version of your idea quickly and with minimal cost and deploy it to a limited user base. The purpose is to collect data from users to understand the viability of your product. Ultimately, you invest into developing the full product only if the feedback is positive. Otherwise, iterate and improve until you reach the expected level of feedback.
Whether it’s for prototyping or building MVPs, no-code platforms can be highly beneficial for enterprise as a part of developing business-critical applications. Since they’re only for gathering information and iterating on the results, the capacity to accomplish this quickly and cost-effectively improves the overall flow of the process. It’s also important that they’re developed by the business users, which helps to reduce the load on IT teams. Once the prototype is finalized, or the MVP is approved, then IT departments can start the actual development, knowing full well that there’s little or no chance of requirements changing. This ensures a higher success rate for the entire development process.
While these types of applications are ideal for no-code, there are lots of other application types that are well-suited to the no-code process. However, these present higher levels of risk to an organization, which must be properly mitigated.
No-code Security Considerations
The security of no-code apps is still the biggest challenge for enterprise. Empowering business users to build web apps for internal or external users may inadvertently expose the network infrastructure to security vulnerabilities. The larger the surface area for attack, the more exposed enterprise becomes to external attacks.
There are two categories of vulnerabilities that should be addressed in evaluating no-code platforms for security. Firstly, the security of the no-code platform itself should be interrogated. Most no-code platforms are cloud based, meaning that the customer data will be hosted in a third-party facility, over which the enterprise may have little or no control. The prospect of putting sensitive data on a no-code vendor’s multi-tenant cloud platform is a major concern for enterprise security teams.
However, there are ways to mitigate this type of security risk. Ensuring that the no-code vendor’s cloud infrastructure maintains security certifications by third-party auditors is one means of accomplishing this. Enterprise security teams can also perform vulnerability scans and penetration tests on the platform.
Deploying the application and data on a single-tenant cloud infrastructure where enterprise security teams can maintain some level of control is another option. The ideal scenario would be to host the platform on an infrastructure fully controlled by the enterprise. These are some of the ways enterprise security professionals can ensure the infrastructure surrounding the no-code platform is up to their security standards.
The second category of security vulnerability is the human factor. While the platform itself can meet the security requirements of the enterprise, it may still expose sensitive information to unauthorized users because business users control the development and deployment of those applications.
One of the ways to mitigate this type of vulnerability is to train business users developing no-code applications on enterprise security best practices. It may be beneficial to place restrictions on who can publish apps and to make sure only those who’ve been through security training can be involved. However, this would require that the no-code platform includes such capabilities.
Another option is to require approval from IT security teams before publishing a new application on the platform. While this may diminish the agility of the development lifecycle, it will certainly help to prevent the exposure of sensitive information. These types of approval mechanisms should also be included in the no-code platform. Periodic audits by the IT team of any no-code applications can also help to improve security. Since no-code applications can be updated by business users any time, a previously approved application may start leaking sensitive data after an update. Periodic audits can help mitigate these risks.
How do you mitigate no-code vendor lock-in risks?
Most no-code products are proprietary and closed platforms. Once an application is built on a no-code platform, it’s exceedingly difficult to migrate it to another one. Moreover, most no-code platforms are developed by startups funded by private investment. There’s already a slew of no-code companies with very similar products. As of writing this article, G2 lists 180 products on their no-code development platforms software page. Capterra lists 80 products on their no-code platform software page. NoCodeList, another popular no-code site, lists 300+ tools. As the market matures, some of these startups won’t survive. Others will pivot, which will make it harder to support clients using earlier products.
These present major risks for large enterprises when considering no-code platforms. Nevertheless, most vendor lock-in risks can be mitigated. It all starts with a detailed vendor evaluation process. One of the factors to consider is if the vendor has prior experience working with other large enterprises. Working with enterprise clients isn’t easy, and has its own unique challenges. Businesses must make sure to contact current enterprise clients and learn about their experiences with the platform.
Additionally, funding history and financial stability is another important factor to consider in the evaluation process. Development platform decisions are long-term commitments for large enterprises. Committing to a platform that may not be around in a few years can prove a costly mistake.
Detailed service level agreements are also important tools for mitigating vendor lock-in risks. Enterprise legal departments must consider incorporating clauses for providing fast and high-quality support, priority issue resolution, business continuity and disaster recovery, price stability, and data migration into their agreements.
No-code Opportunities Outweigh Risks
The opportunities offered by no-code platforms outweigh the risks.
The challenge is decades old: how do large enterprises offer the flexibility and swiftness of business-driven tooling without the costly time and resource expenditure? While no-code poses its own unique set of challenges, it also provides a viable and highly beneficial resolution: allow the business users to develop and maintain their own tools. It does so without introducing significant costs and without requiring the heightened learning curve associated with traditional software development. No-code can empower an enterprise organization by removing the weight of smaller development projects from technical resources and enabling the business to drive their own goals forward.
The market for no-code platforms is booming, so enterprises have plenty of choices from a series of robust toolkits that can be suited to their business needs. As long as an enterprise is aware of the potential pitfalls, it can quickly and effectively begin integrating any number of no-code solutions into its daily operations.