Low - Code - Position Paper-Group Six 6
Low - Code - Position Paper-Group Six 6
LOW-CODE EMERGING
TECHNOLOGY POSITION PAPER.
Presented By:
1
ABSTRACT
BACKGROUND
According to Sanchis et al. (2019), the term "low-code" was first introduced by Forrester Research
in 2014, highlighting the appeal of low-code platforms for rapid, iterative, and test-driven
application development. Low-code platforms provide a structured environment for application
creation by reducing the need for manual coding through built-in, preconfigured components.
These platforms leverage visual interfaces to empower users, including those without technical
expertise, to design and deploy business applications with ease. The overarching goal is to enable
businesses to develop applications with enhanced speed and agility, bypassing the complexity of
traditional software engineering.
2
INTRODUCTION
Bigelow (2023) states that Low-code platforms have evolved significantly, building on the shifts
and behaviors shaped by the COVID-19 pandemic in 2020. The pandemic placed considerable
pressure on development budgets, staffing, and team workflows, as remote work made it
challenging for businesses to create apps, portals, web forms, and automated workflows. Low-
code addresses this gap by enabling app creation for specific business needs, allowing greater
involvement from both IT and business teams. Although low-code and no-code platforms
accounted for under 25% of all application development in 2020, Gartner (2021) predicts that by
2025, they will make up 75%, with revenue growing from just over $9 billion to nearly $30 billion
(Gartner, 2021).
Low-code is set to benefit further from automation capabilities driven by technologies such as
hyper automation and AI. Hyper automation aims to automate every feasible business process,
relying heavily on the accessibility and dependability of low-code solutions. Likewise, AI can
support identifying business needs and setting functional requirements for low-code projects,
including defining project objectives and guiding the development approach. As low-code
platforms continue to advance with increased speed and automation, the emphasis on maintaining
coding standards and managing defects will intensify. This will drive enhanced testing
functionality and expand test automation throughout the CI/CD pipeline (Bigelow, 2023)
Forrester Consulting (2019), in their study, found that prudent enterprises value the flexibility of
low-code at (83%), speed (63%), and automation (67%) qualities that low-code provides. These
qualities are significant as businesses seek ways to fast track their digital transformations while
reducing cost, risks, and wastefulness in their organizations.
Similarly, IDC projects that Appian customers will achieve a five-year Return On Investment
(ROI) of 509%. Furthermore, IDC interviewed organizations and customers using Appian’s low-
code platform and automation and found that these organizations;
Have sped up and improved their development lifecycle for new products and applications by 62%
and new features by 72% on average, respectively. They achieved an additional revenue at an
annual average of $14.8 million per organization and organizations had experienced an average
productivity gain of 123%. (Appian, n.d.).
For example, when examining app development costs, custom app development can be
approximately USD 300,000 per year, while low-code app development may cost around USD
5,000 annually, and code-free app development generally costs under USD 1,000 per year.
(AppMySite, 2024)
WHAT IS LOW-CODE?
Jamil (2022), defines Low-code as is a rapid application development (RAD) method that enables
automated code generation through visual building blocks like drag-and-drop and pull-down menu
interfaces.
3
In a nutshell, Low-code is a balanced middle ground between manual coding and no-code as its
users can still add code over auto-generated code.
To reduce dependency on traditional code writing requirements, Low code method enables users
to design and develop software applications using intuitive graphical tools.
WHAT IS NO CODE?
No-code is also a RAD approach and is often treated as a subset of the modular plug-and-play,
low-code development approach. While in low-code there is some hand holding done by
developers in the form of scripting or manual coding, no-code has a completely hands-off
approach, with 100% dependence on visual tools.
In other words, No-code is a RAD method that has a similar approach and user experience as the
low code method, but goes the extra mile of allowing non-technical business users to develop
software applications without having to write even a single line of code.
The Illustration below shows the General Architecture of the Low Code Platform
(da Cruz et al., 2021, Figure 1, The general architecture of low-code platforms)
4
The traditional approach of application development requires one to have technical knowledge in
application development on aspects like: development languages, development environments such
as integrated development environments and compilers, testing and deployment tools, and the
various policies and practices used to approach coding, testing and deployment.
Figure 2: Screenshot of Flutter flow, a platform for building low code applications.
Meanwhile, Low Code technology abstracts and encapsulates much of the programming
knowledge otherwise needed to create software. Rather than write individual lines of code, users
select from a menu of reusable functional components through a drag-and-drop visual interface.
They arrange and organize the available functional components to form the intended software
flow, similar to creating a flowchart to approach a business problem or task. Users can easily add,
move or delete functional components to build the final process. At that point, the low-code tool
incorporates the underlying code and support tasks, such as testing and deployment. As visualised
in the figure 2, when a user is interacting with the low-code platform, the user drags and drops a
component to the canvas of the platform which has an embedded IDE (Integrated Development
Environment). These components represent work flows, logic and user interface elements. When
a drag and drop is made, the platform engine auto generates a code for that component and the
5
code can be viewed and edited by the user/ developer. This makes Low-code more flexible and
scalable as compared to no-code development.
Bigelow (2023), outlines a number of top Low-code platforms and vendors that deal with Low-
code services. These include the following:
● AppGyver
● Appian low-code platform
● AWS Honeycode
● Google AppSheet
● Landen 2.0
● Looker 7 business intelligence
● Mendix low-code platform
● Microsoft PowerApps
● OutSystems application platform
● Rintagi
● Salesforce Lightning
● ServiceNow
● Sisense business intelligence
● Skyve platform
● VisionX
● Wix Editor X
● Yellowfin 9 business intelligence
● Zoho Creator
● Dreamweaver: A web design application that combines code flexibility and visual editing,
ideal for creating unique websites for those who know a little bit about coding.
● CMS page builders (WordPress, Joomla, etc.): These drag-and-drop builders are perfect
for e-commerce and marketing websites, and they allow you to create websites on CMS
systems without knowing any code.
● Microsoft PowerApps: A Microsoft ecosystem business app developer that makes
enterprise-grade apps and process automation possible with less coding, perfect for apps
that focus on workflow and data management
● Flutter Flow: An application for developing cross-platform web and mobile apps using
Flutter that integrates with Firebase and permits code export; ideal for startups and MVPs
seeking rapid, cross-platform deployment.
6
THE DIFFERENCE BETWEEN LOW-CODE AND NO-CODE
Scalability Highly scalable, suitable for Limited scalability; best for smaller,
long-term and large-scale standalone applications
applications
Familiarise yourself with the low-code platform. While low-code platforms simplify
development, they don't do everything for you (as the customer). It's crucial for stakeholders’
developers, business analysts, and project owners to actively participate in evaluating, selecting,
and using the platform. Time spent learning its features and capabilities will pay off when
stakeholders can identify future applications and increase the initiative's value.
7
it increases development time, effort, and costs, potentially negating the speed and simplicity
promised by low-code platforms.
Generalize custom components. When customization is necessary, design the new features with
broader, high-level goals in mind. Create reusable components that can be applied in other projects,
optimising their value.
Don’t forget the team. The team working with the low-code platform must fully understand the
project's requirements and business objectives. While these projects may be less complex than
traditional software development, product owners and key stakeholders must remain available to
provide guidance and review the builds in a fast-paced low-code environment.
Keep business in control. Low-code enables rapid iteration and experimentation with features,
but maintaining a project plan and roadmap is essential for keeping development on track. Frequent
testing and reviews are important, and business stakeholders should be involved in any decisions
regarding changes to requirements and features.
8
knowledge closely followed by concerns about lock-in, flexibility, scalability, and security. Which
are shown in the radar chart below.
(Sanchis et al., 2019, Figure 2 Main reasons for not using or considering low-code development
platforms)
9
several advantages that make it an appealing choice for businesses looking to enhance productivity
and reduce time to market. This section explores the benefits of this emerging technology;
Increased efficiency
Low-code tools allow businesses to quickly develop solutions tailored to specific departments. For
instance, the HR department could use low-code to build a tool that models or forecasts salaries
and benefits, enabling better payroll decision-making. Individuals and organisations seeking to
improve efficiency in work related processes should consider integrating low-code applications
development in their strategic plans. (Bigelow, 2023)
10
the finance department, but low-code provides a cost-effective solution for such specialised needs.
(Bigelow, 2023)
Web portals. Portals provide customers with convenient access to interact with a business, locate
services or products, request quotes, check availability, schedule services, place orders, and make
payments. Low-code platforms allow rapid creation of portals with standardized user interfaces,
eliminating the need for manual HTML and backend coding.
Line-of-business systems. Core systems that support daily business activities, like a mortgage
lending company's system to manage loan documents, appraisals, credit checks, and financial
assessments, are crucial. While these systems are often purchased or developed in-house through
traditional coding, low-code offers a flexible alternative to create, scale, and deploy adaptable LOB
systems, whether on single or multi-cloud platforms.
Digitized business processes. Paper- or spreadsheet-based workflows are time-intensive and prone
to errors. Low-code can digitize these processes, enabling applications that collect information,
route requests for approval, deliver responses, and integrate with standard systems like ERP. For
example, low-code can streamline a capital request process by automating data collection and
approvals.
Mobile apps. Low-code supports the development of diverse mobile apps that facilitate customer
interactions and data access. For instance, an insurance company can use low-code to build a
mobile app that enables customers to file claims and upload supporting photos directly from their
phones. Modern low-code platforms even support development for both Android and iOS devices
in a single project.
11
traditional monolithic architectures. Low-code can quickly develop microservices, transforming
legacy code into agile, high-performance applications.
IoT-based apps. The Internet of Things (IoT) creates volumes of data from connected devices and
sensors, posing a challenge for businesses aiming to use or monetize this data. Low-code facilitates
the development of IoT applications, integrating data from devices and processing it in backend
systems for internal or external use. For example, a low-code app in horticulture could use sensor
data—such as moisture and temperature—to manage lighting and irrigation systems automatically
based on crop growth cycles and environmental conditions.
Bigelow (2023), emphasises that Low-code is not a shortcut for bypassing skilled staff or a robust
infrastructure; creating dependable applications still requires a solid understanding of enterprise
software development and business practices. If enterprises assign complex programming tasks to
individuals without programming expertise, they may end up spending more on fixing poorly
implemented code than if they had invested in high-quality code from the beginning.
Low-code also presents a challenge of unoptimized, inefficient code. When code is simplified into
generic, reusable components, it often leads to underlying code that is more extensive and complex
than necessary for the task. This abstraction can prevent optimizations that would otherwise reduce
software size and enhance performance. Well-crafted, custom code can resolve these issues with
greater efficiency and precision (Bigelow,2023).
Low-code leads to complexity beneath the surface. The simplicity of low-code is appealing as long
as the application performs as intended. But when issues arise, such as poor performance or
security concerns, the organization needs someone who understands the platform's inner workings
to diagnose issues, maintain security, and uphold coding standards in line with compliance
policies. (Bigelow,2023).
12
SECURITY ISSUES OF LOW-CODE TECHNOLOGY.
As more companies, enterprises, institutions and organisations continue to adopt and employ Low-
code system development approaches than ever before due to mainly ease of system deployment,
quicker and simplicity in development. It should however be imperative to note that there are a
number of possible significant security issues that result in data bleaches, serious cyber and
malicious attacks to the organisations that use these technologies to run their businesses. So, by
employing Low code applications, organisations therefore should be aware of the following
potential security issues of the technology;
Quality of code
According to (Shackleford, 2022), among the top low-code/no-code security risks is the quality of
the code itself. Both approaches include some code generated entirely within the context of a third-
party platform. These code snippets can vary widely in quality depending on the tools and services
employed. Plus, there may be little to no oversight or scrutiny on whether the code conforms to
known security best practices.
Monitoring
Low-code approaches mostly rely on developers using tools like the Integrated Development
Environments at a minimum which can be monitored by security teams. Performing full static
analysis (which is a technique that analyses source code to find security vulnerabilities) or dynamic
testing of code may not be possible, however, at least for the code generated by the platform.
Looking at no-code there may be little or no monitoring of code development and deployment.
This can lead to new forms of shadow IT that could be difficult to detect, resulting in an overall
lack of visibility for security teams. (Shackleford, 2022).
13
unauthorised access, or exploitation of the system, as the organisation may have limited control
over the security measures at the platform level.
This is partly due to the fact that most data providers don't offer comprehensive security controls,
like encryption/ data masking, to their customers. It is therefore imperative to limit public exposure
of low-code apps wherever possible. Encapsulate apps in a security brokering system, such as a
content delivery network (CDN) or cloud access security broker for example, Cisco Cloudlock,
Microsoft Defender for Cloud Apps, McAfee Skyhigh Security CASB among others that offer
data monitoring and protection controls in transit. Therefore, security and operations teams should
enable and enforced monitoring of data exposure and leakage possibilities for the low-code
platforms.
14
Conduct Application Security Testing and Request SBOMs
One significant risk in low-code/no-code development is the security of the code itself, as well as
the various components, back-end packages, and functions used in the process. In traditional
development, organisations focus on security by performing static and dynamic application
security testing (SAST and DAST) on the code and packaged applications. However, such tools
are not always readily available for low-code/no-code platforms.
To mitigate this, organisations should request SAST and DAST reports for the back-end
components and code used in their applications, although this may not always be feasible. Another
emerging practice is to ask for a software bill of materials (SBOM), which provides a list of all
code and packages in the provider's environment, along with evidence of ongoing threat
monitoring and vulnerability management. Like security testing, this request may not always be
successful, but it is becoming a valuable tool for managing risks. After such information is availed,
organisation development teams can recommend changes in the code implementation to enforce
more stringent security controls in the code.
Enhance Visibility
A common concern for security teams is the lack of visibility into low-code/no-code applications
and environments. Ideally, organisations should avoid platforms that offer no logging or
monitoring capabilities. At a minimum, they should enable user access and platform audit logs
when available. Additionally, a brokered access strategy through Content Delivery Networks
(CDNs) that provide logging and monitoring for access to both the applications and platform
providers (typically SaaS) can improve overall visibility and security oversight.
Low - code may not be the right choice for Applications that demand high security, they are best
developed by experienced, security-focused developers who write and inspect every line of code.
15
Low-code tools, however, automatically generate much of the code, which may not meet the
stringent security standards required. Even low-code platforms that claim built-in compliance with
regulatory frameworks cannot offer the same assurance as custom-built applications with
compliance as a primary design consideration, (Tozzi, 2023).
If it is a high-performance application, choosing low code may not be a wise decision. Meeting
strict performance standards is often easier with custom coding, as manually written code is more
likely to be optimized for performance. Unlike code generated by low-code platforms, it may lack
these performance-specific optimizations compared to code crafted by a skilled developer (Tozzi,
2023). Forexample huge traffic financial management systems like IFMS.
When accessibility is a priority. Although low-code platforms offer some support for accessibility,
they may not fully accommodate specific needs, such as compatibility with screen readers, voice
commands, or other assistive technologies. As a solution, businesses might consider using low-
code for rapid prototyping but enhancing accessibility features manually to ensure full compliance.
(Tozzi, 2023).
CONCLUSION.
16
REFERENCES.
Bigelow, S. J. (2023, January 10). What is low-code? A guide to enterprise low-code app
development. Software Quality. https://www.techtarget.com/searchsoftwarequality/What-is-low-
code-A-guide-to-enterprise-low-code-app-development
Tisi, M., Mottu, J. M., Kolovos, D., De Lara, J., Guerra, E., Di Ruscio, D., Pierantonio, A., &
Wimmer, M. (2019). Lowcomote: Training the next generation of experts in scalable low-code
engineering platforms. Retrieved fromhttps://www.se.jku.at/lowcomote-training-the-next-
generation-of-experts-in-scalable-low-code-engineering-platforms/
da Cruz, M. A. A., de Paula, H. T. L., Caputo, B. P. G., Mafra, S. B., Lorenz, P., & Rodrigues, J.
J. P. C. (2021). OLP—A RESTful low-code platform. Future Internet, 13(10), 249.
https://doi.org/10.3390/fi13100249
Forrester Consulting. (2019). Large enterprises succeeding with low-code: How to recognize low-
code platforms built for the most demanding applications. A thought leadership paper
commissioned by Appian. https://www.appian.com
Tozzi, C. (2023, March 10). Review these 9 low-code use cases and industry examples.
TechTarget. Retrieved October 23, 2024, from
https://www.techtarget.com/searchsoftwarequality/tip/Review-these-9-low-code-use-cases-and-
industry-examples
Low-Code/No-Code: The future of Development | SAP. (n.d.). SAP.
https://www.sap.com/products/technology-platform/build/what-is-low-code-no-code.html
Doerrfeld, B. (2023, August 22). Top 10 Low-Code/No-Code risks and how to secure rapid
development. Cloud Wars. https://cloudwars.com/cybersecurity/top-10-low-code-no-code-risks-
and-how-to-secure-rapid-development/
Appian. (n.d.). IDC: The Business Value of Low-Code Development and Intelligent Process
Automation with Appian. https://appian.com/learn/resources/resource-center/whitepapers/idc-
business-value-of-low-code-development-and-intelligent-process-automation
17
Jamil Spain (23 May 2022), Low-code and no-code are two new software development solutions
how do they compare? IBM, Retrieved October 23, 2024,
fromhttps://www.ibm.com/think/topics/low-code-vs-no-code.
Gartner. (2021, February 16). Gartner says the majority of technology products and services will
be built by professionals outside of IT by 2024. https://www.gartner.com/en/newsroom/press-
releases/2021-06-10-gartner-says-the-majority-of-technology-products-and-services-will-be-
built-by-professionals-outside-of-it-by-2024
Sanchis, R., García-Perales, Ó., Fraile, F., & Poler, R. (2019). Low-Code as enabler of digital
transformation in manufacturing industry. Applied Sciences, 10(1), 12.
https://doi.org/10.3390/app10010012
18