According to a report by Markets and Markets, the enterprise low-code market is forecasted to grow to more than 27 billion US dollars by 2022. In fact, 84% of organizations have adopted a low-code development platform or tool, according to a Forrester overview of global IT and business decision makers, 100% have seen a positive ROI. That shows the business reasons enterprise low-code platforms are sound; however, the platforms can fail to meet all of your expectations. When evaluating a low-code platform, it is important to understand the following hidden drawbacks and risks.
10 Challenges of Enterprise Low-code
1. Lack of visibility call
One of the top concerns of low-code development is that it can be challenged for organizations to get a handle on what their people are building. Most shadow IT we hear about is tied to the hip with shadow development. Usually, when employees go around corporate IT to stand up a public cloud infrastructure, be it storage or compute, it is accompanied by some application that permits processing of data in the cloud.
Moving to the cloud might help improve visibility. That creates the cloud-based platforms safer than traditional alternatives.
2. No data oversight
The first question companies need to answer when moving to low-code platforms is whether their data will be safe.
Depending on the platform, companies may prefer to restrict how it is often used or the type of knowledge being shared. Many of the top-tier, enterprise-grade platforms offer tons of opportunities for businesses to use controls. The security of the underlying data is the most vital concern, says Jerry Gamblin, principal security engineer at Kenna Security, more important than the code. “If you’ve got software calculating the worth of pi, that’s not getting to be an enormous deal for the corporate,” he says. “But if you put sensitive and important customer data in it, that’s where you have the problem to worry about. So, think about the data first.”
Another problem with some low-code platforms is that end users are sometimes in a situation where they have to make decisions about configurations, permissions and access controls. There are inherent risks in how customer data is siloed and partitioned in these platforms. Furthermore, not all low-code platforms are equal when it comes to more fine-grained controls. Google Docs and other collaboration platforms, for instance, typically have an access mechanism that conducts viewing, editing and sharing data. However, more advanced controls that leave auditing of logins and re-shares, auto-expiring time-based access and more granular access controls is beyond base level capability.
No data oversight
3. No auditing of vendor systems
In several cases, the code and security controls that low-code platform vendors put in place might be invisible to organizations. To find out how secure those vendors are, they have to use the tools they have already got in place — third-party security audits, security and compliance certifications, service level agreements, and cybersecurity insurance. It makes a difference if one end user decides to use a specific platform or if a company decides to adopt it company-wide.
Some low-code vendors try to form things more transparent. “In our case, we generate .NET code,” says Mike Hughes, director of product marketing at OutSystems, a low-code development platform. “You can point software that checks security issues at that code, so you can know for sure that the code you’re running is secure. A lot of our customers do this, but if it’s just a recorder — then what is going on on inside, who knows.” Therefore moving to low-code development platforms which don’t have this kind of transparency will take away some control from security teams.
4. Business logic problems that expose data
Low-code development platforms typically include allowance and access controls by default, often inherited from the underlying data they carry for their customers. That can help to make it simpler for both non-developers and experienced developers to make secure apps quickly.
As the platforms get more effective, people can do more and more things with them — therefore the more they will undermine enterprise security. A logic problem that, for instance, permits one user to ascertain data belonging to a different one, or that posts sensitive information to a public location, could cause serious problems for a company.
Most companies have pretty much thought out security testing programs now, and sometimes outsourcing to do the testing. But the low-code apps, often do not get trapped within the same security testing that different applications would be subject to.
Business logic problems that expose data
5. Lack of Flexibility and Customization
This is also one of the biggest complaints you will find about low-code platforms. Some of these opinions come from people who have had a bad experience with one platform and assume that other ones are the same.
In fact, customization options vary widely from platform to platform. Some will limit your customization options, while different platforms provide access to the underlying code. Some will let you create applications that fit your business perfectly, while others won’t. Before adopting any platform, make sure you know your customization limits clearly.
6. Vendor lock-in
Vendor lock-in is one among the most serious fears surrounding low-code platforms. Many companies assume that they will be tied to whichever vendor they work with. In fact, this issue varies from vendor to vendor. For example, some create applications using open code and frameworks. They generate clean, standard code that works anywhere. While easier to maintain these applications within the platform, they will even be maintained outside platforms. Other vendors lock you into their platform in some different ways. Some generate convoluted code that seems impossible to maintain outside of the platform. Others won’t allow you to edit your applications when you stop using the tool.
It is important to understand each vendor’s policies before you license a tool. You have to know surely whether or not you can maintain applications outside of the platform. Also, ask about the generated code beforehand so you can see how easily it is often changed.
7. Limited Integration Options
Few enterprise applications exist in total isolation: most will have to combine with different systems to be able to consume data and expose it to those systems. Growingly, we see low-code development platforms promise that they will enable you to build the parts of APIs you’d need to integrate successfully.
That’s likely going to be alright if your low-code app is only integrating with a handful of other systems. However, the complexity of managing APIs when you have to integrate dozens of systems shouldn’t be underestimated. And it’s probably worth understanding what documentation you’ll get from your low-code platform. Will it enable you to manage your APIs in the long term?
Enable you to manage your APIs
8. Requires Developers
Beyond Simple Use Cases
Another challenge to pay attention for is low-code platforms that actually expect developers further than any but the most basic of use cases.
One reviewer of a low-code app development platform Filemaker wrote, “Filemaker usually requires the help of a consultant or developer if intending to reach its potential.” Another user explained their experience with enterprise low-code platforms, “They are okay for simple things … but then the customer will have more detailed requirements … and then you have to program those new requirements with traditional programming, which is even harder because what you customize yourself has to fit in with the platform.”
In those cases, the user claimed that the developers spent as much time coding in and around the platform as if they had built the solution totally from scratch. This means low-code automation that requires such work is usually a net loss to the business.
9. Rigid templates limit what you can build
When building out the different features of an application, low-code development platforms provide various templates and components that can be configured to meet a set of use cases. However, as soon as you run into that inevitable edge case required by your app, suddenly you don’t have the building blocks out-of-the-box to implement that specific piece of business logic required. Not only can your focus quickly alter from the original ‘what do I want to build’ to ‘what can I build’ in these cases, but you’ll also be forced to resort to complex and often costly workarounds. Finally, after investing heavily in making your application work within the constraints of your low-code automation provider, all you’re left with is a piece of software more rigid and costly than a bespoke solution ever would have been.
10. Extensive Training Required
As one of the top benefits of enterprise low-code platforms is increased efficiency and agility in the business, the more training required to use the platform, the less compelling the case is for buying them.
Increased efficiency and agility
It is necessary to evaluate how long it takes a business user, and if needed, a developer, to speed to use the platform for their expected business goal.
Keep in mind that employee turnover and a lack of a desire amongst employees to be specialized in a specific, limited platform will make platforms with a long training and onboarding stage even more expensive to operate over time. If there are a cadre of consultants and developers who are selling implementations of the platform, it absolutely is not as easy as advertised to use.
It is important to understand what an enterprise low-code platform can actually accomplish and the resources it requires. Assess whether, once this is considered, it is beneficial to have in the tech stack, and, if so, for what specific business goals.
We hope you enjoy this article. If you are finding a reliable provider to help you build an enterprise application with a low-code platform, please do not hesitate to contact Kyanon Digital via email. Our experts will help you make the appropriate choice.