The rapid growth of low-code adoption comes after businesses moved to digital modernisation, which includes improving user experiences, automating processes, and upgrading key systems. Due to its low cost, it has been proven ideal for it. But is it actually safe for enterprises?

A recent report by Forrester stated that low-code platforms will account for 75% of application development in 2021, up from 44% in 2020. IT professionals and DevOps industry-wide have voiced their concerns on low-code adoption as they feel it comes with its own problems. Then why are enterprises obsessed with low-code?

The obsession with low-code is led by its drag-and-drop interface, which saves a lot of time. In low-code, every single process is shown visually with the help of a graphical interface that makes everything easier to understand. It makes life easier for the developers to create their applications.

However, the problems start rolling in when IT departments discover that an individual or department has used an unapproved low-code. This leads to resources being wasted and gives birth to security risks. In order to understand the problem before it becomes chaotic, companies look for warnings like helpdesks receiving requests for unfamiliar software.

Key issues haunting low-code

Vendor lock-in is one of the biggest fears in low-code development platforms. A vendor lock-in, commonly known as proprietary lock-in or customer lock-in, makes a customer depend on one vendor for all its products and services. This restricts companies to one vendor, and a new one cannot be used without expensive switching costs.

While most eminent vendors claim that their products come without vendor lock-in, it is not always true. This means your software will not work without you paying for licences. Most vendors these days generate convoluted code, which makes it impossible to maintain an application outside of their platform. Meanwhile, the other vendors do not allow you to make changes once you stop using their application.

While creating custom software, the most common limitations faced by developers are hardware and native language capabilities. Low-code development platforms are usually more constrained than other forms of coding. The enterprise may not get the right functionality they desire. Similarly, in other low-code solutions, the user interface is limited. But, customisation options differ between platforms.

“Developers are only limited by the hardware and the capabilities of the native language when creating custom software. The amount of functions you can implement in a low-code development tool is limited. It is a quick way to create apps, but you do not have a lot of options if you want to try something new,” said Akarsh Singh, CEO and co-founder, TSAARO.

Gartner’s Magic Quadrant mentioned that low-code vendors should give a scripting or fourth-generation language (4GL) programming environment since many hpaPaaS solutions promote pro-code extensions using JavaScript or 3GL languages.

When an app is developed to meet specific criteria using low-code, there is no continued development or enhancement being made. Therefore, the scope for customisation, flexibility and integration options are extremely limited.

Why IT professionals and DevOps hate low-code

Enterprises that use low-code development do not have access to the vendor system and cannot check the application code. If the business faces any issue in the software, it will not be able to identify the root cause. Low-code platforms do not have transparency when compared to other forms of development. IT professionals and DevOps work on this issue by doing security checks through black-box method testing, third-party security audits, legal certifications and agreements, and buying cybersecurity insurance.

The amount of control you have over any technology depends on how much you use it, and handing off most of the work to the tools will give them control over your process. Over time, integrating low-code becomes an unhealthy relationship with its stack and gets locked in. There are a few steps to minimise the lock-in that comes with using low-code tools. The code can be written to be more portable, isolating the business logic and then fixing it with glue code that connects it with the local low-code API. 

Although low-code solutions include security protocols, they cannot match the level of protection provided by standalone development methods. You do not have full control over data security or access to source code. As a result, you won’t be able to list all of the potential flaws. Low-code tools, despite their name, nonetheless require strong technical knowledge, Akarsh said.

The expansion of an IT system to accommodate more apps and require more resources overall is known as application sprawl. Application sprawl is a term used to describe systems that are inefficient owing to poor architecture. If a project is not too large or complicated, it may be viable to deliver software to production for some clients using solely low-code platforms. The dangers and expenses of such a strategy, on the other hand, should be weighed in the long run. However, solutions executed in this manner will most likely appear in production sooner and have more drawbacks (in terms of scalability and security).

Low-code can drive you into a corner

When a low code is used by enterprises to deliver speedy results, the developers are not completely in control of the code that goes into the platform as it is an aggregation of various tools and workflows that go into one platform. When a low-code system is used by the company, it is to be kept in mind that the application could require continuous development owing to the changes in technical requirements of the enterprise and the lesser time and resources taken to produce results through low-code.

Like many businesses, low-code platforms offer low prices to lure in potential clients and then increase it whenever they want. This is a part of the major issue (lock-in); once the system is built using their platforms, they manipulate the prices. Unless and until a long-term contract is signed, it is impossible to know how much it will cost you five years down the line. Although, if a business’s production needs their back-end, you can be sure of paying a gargantuan price.

Data management cannot be taken lightly by companies. There are several checkpoints like data accessibility, how data is being used, and what level of control it requires. However, the level of control is limited in low-code. Low-code platforms analyse consumer behaviour and preferences and have in-built quirks for access control which helps enterprises build apps in accordance with their targeted audience. Today, app development has become more non-technical with less code inclusion.

IT professionals and DevOps feel that companies that use a low-code development approach should be aware of the security risks and adopt DevSecOps as a preventive measure. Including security checkpoints is mandatory for the application’s life cycle, and DevSecOps guarantees the framework security from the get-go.