The maturity of an organization and rapid changes in technology have dovetailed to result in legacy assets that continue to drive value for some time. One of those technology advances has been in low-code/no-code solutions, which offer enterprises the ability to modernize their older applications through integrations.

While old-school, hand-coded integrations with legacy systems are still necessary in some cases, low-code/no-code platforms tend to provide a variety of connectors out of the box.

Low-code/no-code development heats up
Low-code for mobile: Toys or tools?

“There’s an important distinction between low-code tools and enterprise low-code tools,” said Jason Bloomberg, founder and president of industry analyst firm Intellyx. “The enterprise [platforms] have more sophisticated integration capabilities and more enterprise-centric security and regulatory compliance as well.”

Enterprise low-code tools also enable developers to build custom connectors. In fact, building connectors is one of the main reasons developers still drop down into code when using a low-code tool.

“Even with one of the lower-end low-code products, if you want to integrate with something and the tool doesn’t do it out of the box, you can do it with a traditional integration. You can build to the API or if there is no API, you could leverage a legacy integration tool to leverage the API and hand-code a connector so you can work in the no-code environment, but that’s a lot of trouble,” said Bloomberg. “It’s easier if the tool gives you a low-code way of doing that, but that’s difficult for the tool vendors to create.”

Building a custom connector is fairly straightforward. However, legacy data integration can be a challenge given different data formats and contexts. It’s important to understand the metadata associated with the data schema, which some low-code/no-code tools do.

Some products on the market that are getting more sophisticated with that, using the UI to interpret what the metadata tell you about various integration challenges,” said Bloomberg. “In many cases, you have some sort of legacy application that has a database that supports it. You could bypass the application and send a SQL query to the database, but you often don’t want to because you lose the application’s business logic. When the application is maintaining consistency between tables, going directly to the database can cause problems.”

Meanwhile, low-code/no-code development is extending out beyond applications to include robotics process automation (RPA), which makes sense since low-code/no-code is often used (particularly by business users) to improve workflows and processes. Some of those workflows and processes involve legacy assets.

“RPA tools are in large part glorified screen-scraping tools. They’re particularly useful where you have an application interface where there isn’t an API you can easily program to,” said Bloomberg. “You want to mimic what a user would do, which is a kind of screen-scraping. Generally speaking, low-code players partner with the RPA players to offer this consolidated low-code environment that can essentially script interactions with legacy user interfaces.”

The impact on shadow IT
On one hand, it could be argued that low-code/no-code platforms reduce shadow IT because line of business (LOB) users can build their own applications.

While low-code/no-code may help reduce shadow IT, it won’t eliminate it completely. For one thing, shadow IT dates back at least to the 1980’s. The modern workforce is more tech-savvy than its predecessors and as a result, today’s end users have definite opinions about user experiences. If they don’t like the tech available at work, they’ll find another solution, whether it’s devices, applications or low-code/no-code platforms.

Also, because LOBs now tend to have their own IT budgets, they’re empowered to procure their own tech, including low-code/no-code platforms. The proliferation of low-code tools and subsequently low-code applications is often nowhere on IT’s radar until an issue arises, so in effect, IT lacks complete visibility into the enterprise’s application portfolio. In addition, a patchwork of low-code/no-code solutions could mean that different departments are duplicating development efforts, building functionality or optimizing tasks and workflows that could be reusable, with or without modifications.

Security issues can also arise. For example, a recent Oracle/KPMG study found that 93 percent of respondents are dealing with shadow IT. Half cited a lack of security controls and misconfigurations as common reasons for fraud and data exposures. Meanwhile, 26 percent said cloud services are their biggest cybersecurity challenge. Some organizations are attempting to manage risks and increase operational inefficiencies by taking a platform approach to self-service including low-code/no-code development. That way, the appropriate enterprise controls are in place while end users or departmental IT have the freedom to build their own low-code/no-code applications. Fintech company NES Financial standardized on the OutSystems low-code platform because it wanted an enterprise-class tool capable of supporting regulatory compliance. IT maintains control of enterprise data and then provides APIs that can be leveraged by departmental applications.

“The big benefit of it is now all the shadow IT organizations use the same tools, so you get the same branding, styling and cross-utilization of capabilities that one department develops — tools, technologies, dashboards all sorts of things,” said Izak Joubert, CTO at NES Financial. “In the bigger scheme of things, low-code platforms probably mitigate risk and actually enhance our capability to deliver on the vision… whereas more point solutions in my estimation probably hurt an organization in terms of shadow IT because it’s not well-controlled. There’s no one that centrally looks after the company and prevents people from running with scissors.”

Large enterprises have increasingly adopted a hub-and-spoke IT model so there is a center of excellence and dedicated, department-specific IT or software development resources. That way, departments get what they need while the core enterprise assets remain protected and managed by a central function. Centralized governance is necessary to ensure security, compliance, data integrity, etc.

At the same time, centralized governance should not interfere with user experience, particularly if citizen developers are creating applications. If the user experience becomes awkward, sluggish or unresponsive, users will be inclined to find another alternative.

“If you can get in the ideal world where you have a big enough organizations with these departmental IT organizations and you train them up to use the same low-code platform to develop their applications, now you have a relatively well-controlled processing place for a shadow IT organization because IT can still protect the data and implement corporate policies and you only expose those APIs in a controlled fashion to the shadow IT organizations,” said Joubert. “The big benefit of it is all the shadow IT organizations [throughout the enterprise] use the same tool set so you get consistency in branding, functionality, styling [and] cross-utilization of capabilities that one department develops.”

Low-code/no-code as shadow IT
On the other hand, it can also be argued that low-code/no-code tools are a form of shadow IT because LOBs are circumventing IT when they procure such tools. Going around IT is the very definition of shadow IT.

“In the no-code space, the risk of exacerbating shadow IT is greater [than low-code] because the no-code space is a next-generation of tool like Access and Lotus Notes where users could build applications and the IT organization wasn’t aware of them, and couldn’t ensure they were secure. They might be redundant applications so there are all these shadow IT issues,” said Intellyx’s Bloomberg. “A lot of these tools are trying to be proactive so you can build applications but someone will put governance in that will allow IT to manage the quality of the applications or ensure that security policies are being enforced.”

Whether low-code/no-code tools eliminate or exacerbate shadow IT has less to do with the tools and more to do with the way companies operate. An important aspect of that is the relationship between IT and lines of business – whether they’re in the habit of working in partnership or whether IT is seen as a bottleneck or obstacle to what LOBs want to achieve.

Another factor is marketing. No-code tools in particular are often touted as requiring no IT involvement, which may not be the case, especially when connecting to legacy systems and data sources.

Low-code/no-code isn’t perfect
It’s important to understand the capabilities and limitations of a low-code/no-code platform before adopting it. While business users and developers can accomplish a lot using such tools, traditional development expertise is typically necessary to deal with customizations.

“Low-code/no-code can be customized only to some extent and legacy systems written with code, libraries and APIs much more than often have complex business rules that are hard to port to no-code platforms,” said Sebastian Dolber, CEO and founder of software development service provider Astor Software. “Another big limitation/red flag with these new platforms is vendor lock-in. Once you develop your app, it’s almost impossible to move to another platform/provider.”

Although there are low-code/no-code tools aimed specifically at professional developers, web developers and LOB users, the vendors are actively looking to address other markets. That means the high-end tools providers are offering (or may plan to offer) simpler tools for web developers and/or LOB users. Meanwhile, no-code (simpler to use) tool providers are targeting web developers and/or professional developers.

While low-code/no-code tools aren’t perfect, they help enable faster time to market. Moreover, with digital transformation, software requirements are outpacing the capabilities of traditional software teams because there just aren’t enough programmers to handle all the work. Low-code/no-code tools are seen as a solution to the problem, but it’s important to approach democratized application development in a sound manner that manages potential risks while enabling new opportunities. Generally speaking, low-code/no-code development must be supplemented with traditional coding expertise to achieve its goals.

Moving forward, developers may find themselves under pressure to utilize low-code tools if hand-coded software development is viewed as a bottleneck to delivering business value.