Low-code and no-code tooling has become increasingly popular among developers of differing skill levels; from citizen developers to professional development engineers, low-code and no-code solutions have a part to play in several different workflows. This brings up the question of how far developers can really go using this type of coding. According to Andrew Manby, head of product management at HCL Digital Solutions, low code can be used for anything from creating simple workflows to increase productivity, to building applications that work to address specific employee and business problems.

“I think when you get to the level we’re operating at, its very much based on a challenge, a business opportunity, and also part of how people are thinking innovatively about becoming digital first,” Manby said. He went on to explain that, particularly during the COVID-19 pandemic, major organizations are utilizing low-code and no-code tooling to solve the problem of maintaining the business when people have no interest in going into a physical store anymore. 

According to Manby, regardless of the industry, the use cases for no-code and low-code tooling comes down to a fairly specific problem that needs solving. “We have a ferry company in Germany that we’re working with right now, and they wanted to replace their booking app, but once you start getting into what the business problem they are trying to solve is, you find that it’s not about just buying that ticket, they want to build it into more an engaging experience,” he explained. These particular use cases are being successfully taken on by IT teams and professional developers utilizing low code or no code in order to save time and increase productivity. 

How these platforms support low-code/no-code initiatives
A guide to low-code/no-code platforms

Paulo Rosado, CEO of OutSystems, explained that the level of sophistication provided by low-code or no-code is mainly determined by the platform or tool itself. He said, “Fundamentally, you can go from a small portal or workflow to building a claims processing system or the brand’s mobile native application at the other end of the spectrum.” 

He went on to explain that today, no-code and low-code tools have become extremely advanced, going beyond just delivering functionality. According to Rosado, these types of tools bring the capability to support non-functional requirements as well, such as high scalability, high security, reliability, and several other key factors that used to require more advanced coding to accomplish. 

“One thing limiting the reach of low-code is that you have to analyze, in advance, whether a low-code platform can meet your current and future requirements,” said Charles Kendrick, CTO of Reify. Kendrick explained that doing this analysis delays the project start, and if the analysis is done wrongly, you may outgrow your low-code platform in the future.

“To extend the reach of low-code, we designed Reify so that it can contribute screens to a larger application, or even to a legacy application.” continued Kendrick. “So, with Reify, the question is no longer ‘Can I build this with a low-code or no-code tool?’ but rather ‘How much of this can I build in Reify?’

“We’ve found that even for large, complex business applications — where a low-code platform would not normally be a feasible choice — as much as 70-80% of the application can be built and maintained in Reify,” he said. “This means you can get the benefits of the low-code approach in every single project, not just the simpler ones.”

Frank Zamani, president and CEO of Caspio, highlighted different aspects of no-code and low-code tools. According to Zamani, when this type of technology was first introduced, many professional developers felt somewhat intimidated by its potential and the ease of use that it offered. On the other side of this, there were developers who vastly underestimated these tools and did not believe that it was truly possible for them to create in-depth applications the right way.

“I would say now, after educating the user base… I think two things have happened, on one hand they are taking these platforms more seriously and seeing that these are good for certain types of use case scenarios, and the other thing is that they’re realizing that these platforms are mostly doing the work that a good developer does not even want to do,” Zamani explained. 

He compared the concept of having highly skilled developers doing the work that can be done with no-code or low-code tools to having a neurosurgeon water plants in a hospital just because they work there. All this to say that there are more pressing and demanding issues that these professional developers should be spending the majority of their time and resources on while no-code and low-code tools can take care of the mundane. 

Chandra Ranganathan, co-founder and CEO of Opsera, pointed out that low-code or no-code technology also makes it easier for organizations to roll out applications in a more holistic way, due to the increased ease of use and decrease in the time commitment. “No-code development platforms can be extended beyond just creation of simple workflows to also accomplish the end-to-end needs of software delivery,” he said. 

According to Ranganathan, these needs include provisioning infrastructure, integrating toolchains, developing workflows and pipelines to build, test, secure, and deploy software, and also get unified and predictive insights. “Architecting and implementing no-code approaches holistically will ensure maximum value in terms of agility, security, and efficiency.”

He went on to discuss the increasing complexity of digital transformation, multi-cloud, and SaaS first ecosystems, and the way that taking a no-code approach could be helpful in adapting because of this all encompassing method that can be easily achieved. 

“The right platform and a properly designed no-code development and orchestration approach can help address multiple use cases across organizations,” he said. “Product delivery across multi-cloud, mobile application deployments, or release automation for SaaS applications, and also provide flexibility for ‘low-code’ extensions or customizations for application specific needs.”

Rosado also spoke about the role that low code plays in mobile development as well as edge computing. He said, “A lot of the applications that we deliver are mobile applications and we also have web applications that need to be operated at the edge that are delivered by low-code… one of our international customers, for instance, is the navy for a particular country and they run the platform in each one of the boats that they operate, and so that’s a case of edge computing.” 

Manby echoed Rosado, saying that there are people using mobile applications created with low-code technology to conduct processes as critical and complicated as inspections of oil rigs. Using an app built with low code, someone can complete the inspection while the person operating the rig can receive live incident recordings from them all in one centralized application. “This kind of inspection and reporting and field services is one of those pervasive things [that can be accomplished with low-code],” he said. 

Ranganathan explained that with low-code or no-code technologies, the process remains the same no matter where you deploy the application to. The no-code approach used for mobile applications should be the same as what the process used for deployment to data centers or cloud based applications looks like. Organizations should be looking to extend their capabilities, standards, architecture, and modules to enable them to deploy low-code applications in multiple different ways.

“To implement an effective no-code approach, organizations have to consider how the solution fits into their existing or planned technology stack, (re)engineer processes to ensure seamless integration and collaboration across the SDLC functions and ensure buy-in and change management with the ultimate users,” Ranganathan said. 

Zamani emphasized that as long as the ultimate goal falls under the umbrella of what a low-code or no-code tool is good at, the deployment method shouldn’t have much of an impact. “If the use case scenario falls into one of these areas that Caspio is good at, then yes, but edge computing itself is a huge universe… It’s also a balance, in terms of how much makes sense to do in a no-code way, and what percentage of it should be done through coding,” he said. 

Manby explained that with the current state of no-code and low-code, there is virtually no limit to what it can do. Applications that used to require multiple development teams and extremely advanced coding can now be completed with much fewer resources while achieving the same quality in the end product. Manby pointed out that particular use cases for low-code vary drastically depending on the industry. “It’s just immense, and it really comes back to solving that specific business problem,” he said. 

However, when organizations are working with smaller tools, it becomes much more difficult to access the full breadth of what is possible. According to Rosado, a key issue with smaller scale no-code or low-code tooling is the aspect of completing change requests. “It’s a challenge that we’ve seen in a lot of situations in the past 30 years with technologies like development productivity tools,” he said. He went on to explain that this is because of the aspect of the buildup of technical debt and the growth of software as it evolves with change requests.

Despite this issue though, investing in no-code or low-code capabilities still proves to be an increasingly smart move. Manby said, “I think that the majority of the larger organizations have started to embrace low code… in a survey that we did with Forrester we found that over 80% of organizations surveyed had low-code as one of their top IT priorities. So I think if they don’t already have something in house which they’re piloting right now, then this certainly is a consideration for the next 18 months or three years to bring in house.”

Rosado also discussed the ways that no code and low code can be especially helpful during the shortage of skilled developers that is currently being seen. “The talent shortage is so huge and the backlogs of things to do doesn’t stop,” he said. 

He went on to explain that no-code and low-code tools help fuel developer productivity, and ensure that more work can be done using less professional developers, which is extremely helpful when there’s not many highly skilled developers to begin with. “It just makes pro developers more scalable and allows them to help more and deliver more with higher impact.”

Zamani also discussed the role of no-code and low-code tools in the midst of this developer shortage. He said that these types of tools can be incredibly helpful, but it all comes down to the extent that customers are willing to adopt them. “This problem is not going away, this shortage of developers, if anything it’s only going to get worse… The need is growing and the supply is not as much so it will be a bigger issue as time goes on.” 

Tools continue to rise in popularity 

John Bratincevic, an analyst at Forrester, said, “[No-code and low-code] are becoming first class options for software development in virtually every enterprise it seems, and in our last developer survey, 30% of professional developers say that they’re using one of those tools themselves.” 

He also discussed the market leaders for no-code and low-code tools, in terms of adoption. He said that the giants right now are most of the larger well known companies that have a good reputation in other areas and come with a good amount of notoriety. “The big companies where low-code is one part of the puzzle… they have a bunch of go-to-market paths and a bunch of entry points… which is kind of a big starting point for enterprises,” he said.

According to Bratincevic, the adoption of no-code and low-code technology spans across nearly every industry, from finance to retail. “There’s definitely a move towards verticalization for some platforms, especially smaller ones as they kind of find their niche. So, a lot of people are starting to focus on under digitized industries… but it’s pretty broad, the tools themselves are broadly applicable,” he explained. 

When actually adopting no-code and low-code tools into an organization, Bratincevic said that the most common issue professional developers struggle with is finding a way to implement it into their toolchains and pipelines without causing any disruption. He said that this becomes highly ambiguous because there are several different avenues to tackle this problem. “How do they manage that? Should it have its own pipeline? Should it use the one they already have? Answering that question and understanding what the best answer is… the market doesn’t know exactly how to deal with it yet,” he said.

Another challenge that developers have to overcome is governance. According to Bratincevic, no-code and low-code tools bring in more developers, whether professional or citizen, and more developers means more people have to be on the same page. This becomes especially challenging when several developers come from differing IT backgrounds. 

He also said that as these problems become more prominent, there is an ecosystem forming around them and their solutions. “The governance, and the culture change, and the framework, and how to integrate… the multifaceted question of how to do this at scale is just beginning to form,” said Bratincevic.

Heightened productivity with built-in security 

Andrew Manby, head of product management at HCL digital solutions, highlighted the aspect of security in low-code tools. He said, “We have a manufacturer in the CPG (consumer packaged goods) space… and in order for them to try and manage their production, they have to figure out where the areas of exposure are and building these new applications using low-code enables them to be more productive and efficient and be safer for that matter.” 

Safety and security are becoming increasingly important factors to consider. However, just because no-code and low-code tools bring a heightened level of ease, doesn’t mean they come with any increased risk of security vulnerabilities.

According to Paulo Rosado, CEO of OutSystems, “If the low-code vendor puts the investment in the underlying platform, then these platforms can be more secure than traditional coding, and the reason for this is that in a lot of use cases, security practices are done at the level of the platform infrastructure.”

He explained that the way for organizations to build security into low-code tools is to take a transpiler and compiler approach and translate it to cloud-native applications. Rosado said, “What we translate usually is fundamentally packed with high security-grade constructs, both in the code and in the infrastructure.” This prevents the developer from having to go back and check that all of the security requirements needed have been fulfilled. 

Chandra Ranganathan, co-founder and CEO of Opsera, also discussed the simplicity of integrating security into a no-code or low-code tool. He explained that the developer can insert security checks into their tooling wherever they think it is necessary, saving time in the long run by accounting for security in the development process. “Seamlessly integrating it into a workflow ensures security and ensures compliance while also improving collaboration and productivity,” he said. 

Manby reinforced this, saying that, if done right, applications created with low-code tools are just as secure — if not more so —  as applications that were developed with more complicated coding. “We fully integrate with those types of best practices and tools,” he said. “So, taking a full stack developer and teaching them how to use low-code, they feel very much at home, it’s not an alien environment, it’s really about productivity… there’s no need to sacrifice [security].”

Frank Zamani, president and CEO of Caspio, said that he believes that no-code and low-code tools have the power to make applications even more secure because the level of compliance is not determined by a specific developer. 

“An application built the traditional way is as good as the developer who wrote it, but inherently, it doesn’t have any built-in security. It’s as good as how well the developer was trained, how much they thought about security, and also how well they slept the night before,” he explained. 

While he also pointed out that there is no such thing as the perfect tool, no-code and low-code tools usually have full teams dedicated to security and compliance. “This team’s only job is to stay up to date on the security issues that can arise and many other things that a single developer would have to think about, and have to code, and have to implement [themselves],” he said. 

Rosado also discussed the feedback loop that OutSystems has achieved due to the open-source nature of their code, and how it has helped to create even stronger security. He said, “The customer can look into everything that’s generated and use their own tools to scan the code. Sometimes we have customers that are so sophisticated that they come to us and say that they have detected a non-compliance.”

After receiving this feedback, it is simple to go back in and make the necessary changes to the code in order to make it security compliant. With this, organizations who were not even aware of the vulnerabilities in their own companies then become compliant as well.