No-code is the future. This has been said a lot of times whether in Twitter, research firms, or tech blogs. It is after all the democratization of software development, a realm that was once exclusive for those brave enough to take on coding.
Although it is a growing development option and the community is growing, there has been some hesitation. There had been concerns that with citizen development, professional web developers might become obsolete. Others saw this as a play tool and would not be enough or establish a real business.
We are a no-code agency and we offer different no-code services. But even we know that no-code does have its limitations. We have touched this subject in HERE but discuss it further and see some ways to work around it.
Since it is a 3rd party platform, you are working on something where you can’t see the source code, associated vulnerabilities or have the data on what kind of testing and rigor the platform has undergone. Without this knowledge there is risk of not knowing who worked on or has domain knowledge or that knowledge can be lost when on maintenance mode.
Security experts say that this uncertainty can be mitigated by requesting a software bill of materials (SBOM) from the vendor. The SBOM is a key building block in software security and software supply chain risk management that can provide insight into the software components and their associated vulnerabilities.
According to a TechCrunch article, some investors are concerned over how can no-code work for a technical and nontechnical team. They feel that there will be some level of confusion, where a set of co-workers on a team may be pushing for collaboration while another set of workers may be pushing for a competing solution. This miscommunication might deter productivity and slow things down.
The agile methodology makes sure that iteration and building goes smoothly by ensuring communication through scrums and sprints. This can be expanded in organizations with horizontal structure to prevent redundancy and miscommunication. The main practice should be lateral communication. This is a practice of sharing information across all organization levels, rather than just certain pieces trickling down from the top.
Even though the platforms are labeled as low-code and no-code, they still have codes that work to make building a software easier. The platform abstracted the coding and allowed the end user instead to use pre-provided code functionality which makes it convenient for developers and non-developers. The problem lies when the code that is used is insecure and is extrapolated across organizations and applications through the low-code and no-code platforms. Insecure code comes from lack of formal verification methods, hard-coded credentials, or improper exception handling.
To mitigate this, you can ask your platform vendor for the security scanning results for the code that is used within the platform. These scan results such as those from static and dynamic application security testing (SAST/DAST) can give end-consumers some assurance that they aren’t just duplicating insecure code. SAST is a white box method of testing wherein the tester has access to the underlying framework, design, and implementation. DAST on the other hand is a black box testing method that examines an application as it's running to check vulnerabilities that an attacker could exploit.
Another aspect to consider is that many low-code and no-code platforms are delivered as software as a service (SaaS). You can request industry certifications such as ISO, SOC2, FedRAMP and others from the vendor that will provide further assurance.
The pre-coded templates might be a blessing but can be a disadvantage specially for professional developers. There are limits to what it can perform especially when a business can start scaling up. The platform may not have the buildings blocks to implement that function. This setback might divert you from doing what you need to build to resort to complex and often costly workarounds. Moreover, you will only be left with a rigid piece of software even after investing heavily in making your application work that to within the constraints of the no-code provider.
Choose your platform wisely. There are platforms that will let you export your source code you can hard-code it or transfer to another platform. The key is to review and analyze when is it time to transition to coding if you are scaling your business.
Since low-code/no-code can be done by non-professional developers, it can lead to widespread shadow IT. According to Wikipedia, shadow IT refers to information technology systems deployed by departments other than the central IT department, to work around the shortcomings of the central information systems. This may lead to sensitive data leaking or being mismanaged
This is a concern for both IT department and the HR department since this is about what the employee does with the data thatthey have access to. Monitoring is an important aspect for IT especially when no-code projects are developed. For HR, there should be a limit to the accessof important data and proper accountability.
Right now, low-code/no-code is still in the innovators phase of the tech life cycle. This means that it is still is its infancy and there’s a long way for it to go. These disadvantages are the reality of the development and it’s something that developers need to work on.
Low-code/no-code promises an easier execution of once was an impossible feat of creating your own program or software. This means that even someone who has no means to take up and IT course can now create a game-changer. It promises a practical and efficient way to validate an idea, launch websites and apps for small businesses, and get startups on their feet.
No-code may have its disadvantages and you will need a team of experts to mitigate it so it can work for your business. If you want to see how no-code can create a positive result for your business, schedule a discovery call with us. We have a team of experts ready to provide business solutions.
Join our newsletter for more info on no-code or anything about ESTEL!
You may also want to read