0% found this document useful (0 votes)
32 views19 pages

Low - Code - Position Paper-Group Six 6

This position paper discusses the significance of low-code technology in application development, emphasizing its ability to enhance efficiency and innovation while allowing non-technical users to participate in digital transformation. It highlights the advantages of low-code, such as faster development cycles and cost-effectiveness, alongside challenges like security concerns and limited flexibility. The paper also explores the application of low-code in education in Uganda and its role in accelerating digital transformation in developing countries.

Uploaded by

kakooza Azizi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
32 views19 pages

Low - Code - Position Paper-Group Six 6

This position paper discusses the significance of low-code technology in application development, emphasizing its ability to enhance efficiency and innovation while allowing non-technical users to participate in digital transformation. It highlights the advantages of low-code, such as faster development cycles and cost-effectiveness, alongside challenges like security concerns and limited flexibility. The paper also explores the application of low-code in education in Uganda and its role in accelerating digital transformation in developing countries.

Uploaded by

kakooza Azizi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

MAKERERE UNIVERSITY

COLLEGE OF COMPUTING AND INFORMATION SCIENCES

LOW-CODE EMERGING
TECHNOLOGY POSITION PAPER.

Presented By:

STUDENTS NAME: REGISTRATION NUMBER

Namazzi Lornalex Zaake 2024/HD05/21996U

Kakooza Azizi 2024/HD05/21975U

Amai Job Clovis 2024/HD05/21975U

Boniface Masaba 2024/HD05/21986U

OCTOBER 24, 2024


Table of Contents
ABSTRACT ............................................................................................................................... 2
BACKGROUND......................................................................................................................... 2
INTRODUCTION ...................................................................................................................... 3
WHAT IS NO CODE?............................................................................................................. 4
HOW LOW-CODE WORKS................................................................................................... 4
LOW-CODE VENDORS AND SOFTWARE. ....................................................................... 6
THE DIFFERENCE BETWEEN LOW-CODE AND NO-CODE........................................... 7
PRINCIPLES OF LOW-CODE DEVELOPMENT................................................................... 7
APPLICATION OF LOW-CODE TECHNOLOGY IN EDUCATION UGANDA. ..................... 8
IMPEDIMENTS OF ADOPTING LOW-CODE TECHNOLOGY IN UGANDA. ...................... 8
ROLE OF LOW-CODE IN DIGITAL TRANSFORMATION IN DEVELOPING COUNTRIES.
............................................................................................................................................... 9
WHY CONSIDER LOW CODE DEVELOPMENT? ................................................................ 9
COMMON USE CASES OF LOW CODE TECHNOLOGIES. ................................................11
THE DRAW-BACKS OF LOW CODE DEVELOPMENT. .....................................................12
SECURITY ISSUES OF LOW-CODE TECHNOLOGY..........................................................13
HOW TO REDUCE LOW CODE SECURITY ISSUES. ......................................................14
WHEN LOW CODE IS NOT THE RIGHT OPTION? ............................................................15
CONCLUSION. .........................................................................................................................16
REFERENCES. .........................................................................................................................17

1
ABSTRACT

This position paper explores low-code technology as an emerging trend in application


development, examining its potential to enhance business processes, efficiency, and innovation in
social and economic landscapes. Low-code platforms allow users to build applications with
minimal coding, empowering even non-technical users to contribute to digital transformation
efforts. The paper outlines the advantages of low-code, including faster development cycles, wider
developer participation, and cost-effectiveness. It also addresses key challenges, such as limited
flexibility, security concerns, and technical dependency, which can hinder its widespread adoption.
Through case studies and examples, particularly in education, the paper illustrates low-code's
impact.

BACKGROUND
According to Sanchis et al. (2019), the term "low-code" was first introduced by Forrester Research
in 2014, highlighting the appeal of low-code platforms for rapid, iterative, and test-driven
application development. Low-code platforms provide a structured environment for application
creation by reducing the need for manual coding through built-in, preconfigured components.
These platforms leverage visual interfaces to empower users, including those without technical
expertise, to design and deploy business applications with ease. The overarching goal is to enable
businesses to develop applications with enhanced speed and agility, bypassing the complexity of
traditional software engineering.

Organizations are continuously adapting hyper automation by streamlining business processes to


utilize Artificial Intelligence (AI), Robotic Process Automation (RPA) alongside other
technologies to run business units without human intervention. There is also a growing demand
for IT modernisation.
In as much as there has been a growing demand for IT Modernisation and Hyper Automation;
enterprises have not been able to meet the demand due to the lack of software developers.
As a result of shortage of technical skills many projects are not successful compromising
competitiveness for Businesses. Secondly, it has been a well-known practice that there were only
two options for enterprises to undertake software development; The first route is to buy ready-
made applications from Software vendors (external vendors) or build/customize applications from
scratch using skilled software developers. Fortunately, the IT industry is experiencing a rise and
growing sophistication in Low-Code/ No-Code (LCNC) software development alternatives as
solutions to the identified limited human resource challenge in software development.

2
INTRODUCTION
Bigelow (2023) states that Low-code platforms have evolved significantly, building on the shifts
and behaviors shaped by the COVID-19 pandemic in 2020. The pandemic placed considerable
pressure on development budgets, staffing, and team workflows, as remote work made it
challenging for businesses to create apps, portals, web forms, and automated workflows. Low-
code addresses this gap by enabling app creation for specific business needs, allowing greater
involvement from both IT and business teams. Although low-code and no-code platforms
accounted for under 25% of all application development in 2020, Gartner (2021) predicts that by
2025, they will make up 75%, with revenue growing from just over $9 billion to nearly $30 billion
(Gartner, 2021).
Low-code is set to benefit further from automation capabilities driven by technologies such as
hyper automation and AI. Hyper automation aims to automate every feasible business process,
relying heavily on the accessibility and dependability of low-code solutions. Likewise, AI can
support identifying business needs and setting functional requirements for low-code projects,
including defining project objectives and guiding the development approach. As low-code
platforms continue to advance with increased speed and automation, the emphasis on maintaining
coding standards and managing defects will intensify. This will drive enhanced testing
functionality and expand test automation throughout the CI/CD pipeline (Bigelow, 2023)
Forrester Consulting (2019), in their study, found that prudent enterprises value the flexibility of
low-code at (83%), speed (63%), and automation (67%) qualities that low-code provides. These
qualities are significant as businesses seek ways to fast track their digital transformations while
reducing cost, risks, and wastefulness in their organizations.
Similarly, IDC projects that Appian customers will achieve a five-year Return On Investment
(ROI) of 509%. Furthermore, IDC interviewed organizations and customers using Appian’s low-
code platform and automation and found that these organizations;
Have sped up and improved their development lifecycle for new products and applications by 62%
and new features by 72% on average, respectively. They achieved an additional revenue at an
annual average of $14.8 million per organization and organizations had experienced an average
productivity gain of 123%. (Appian, n.d.).

For example, when examining app development costs, custom app development can be
approximately USD 300,000 per year, while low-code app development may cost around USD
5,000 annually, and code-free app development generally costs under USD 1,000 per year.
(AppMySite, 2024)

WHAT IS LOW-CODE?

Jamil (2022), defines Low-code as is a rapid application development (RAD) method that enables
automated code generation through visual building blocks like drag-and-drop and pull-down menu
interfaces.

3
In a nutshell, Low-code is a balanced middle ground between manual coding and no-code as its
users can still add code over auto-generated code.

To reduce dependency on traditional code writing requirements, Low code method enables users
to design and develop software applications using intuitive graphical tools.

WHAT IS NO CODE?
No-code is also a RAD approach and is often treated as a subset of the modular plug-and-play,
low-code development approach. While in low-code there is some hand holding done by
developers in the form of scripting or manual coding, no-code has a completely hands-off
approach, with 100% dependence on visual tools.
In other words, No-code is a RAD method that has a similar approach and user experience as the
low code method, but goes the extra mile of allowing non-technical business users to develop
software applications without having to write even a single line of code.

HOW LOW-CODE WORKS


Traditional application development methods have for a long time been done by writing code using
meticulous and painstaking effort. Skilled developers write lines of code that represent a set of
instructions or data.

The Illustration below shows the General Architecture of the Low Code Platform

(da Cruz et al., 2021, Figure 1, The general architecture of low-code platforms)

4
The traditional approach of application development requires one to have technical knowledge in
application development on aspects like: development languages, development environments such
as integrated development environments and compilers, testing and deployment tools, and the
various policies and practices used to approach coding, testing and deployment.

Figure 2: Screenshot of Flutter flow, a platform for building low code applications.

Meanwhile, Low Code technology abstracts and encapsulates much of the programming
knowledge otherwise needed to create software. Rather than write individual lines of code, users
select from a menu of reusable functional components through a drag-and-drop visual interface.
They arrange and organize the available functional components to form the intended software
flow, similar to creating a flowchart to approach a business problem or task. Users can easily add,
move or delete functional components to build the final process. At that point, the low-code tool
incorporates the underlying code and support tasks, such as testing and deployment. As visualised
in the figure 2, when a user is interacting with the low-code platform, the user drags and drops a
component to the canvas of the platform which has an embedded IDE (Integrated Development
Environment). These components represent work flows, logic and user interface elements. When
a drag and drop is made, the platform engine auto generates a code for that component and the

5
code can be viewed and edited by the user/ developer. This makes Low-code more flexible and
scalable as compared to no-code development.

LOW-CODE VENDORS AND SOFTWARE.

Bigelow (2023), outlines a number of top Low-code platforms and vendors that deal with Low-
code services. These include the following:

● AppGyver
● Appian low-code platform
● AWS Honeycode
● Google AppSheet
● Landen 2.0
● Looker 7 business intelligence
● Mendix low-code platform
● Microsoft PowerApps
● OutSystems application platform
● Rintagi
● Salesforce Lightning
● ServiceNow
● Sisense business intelligence
● Skyve platform
● VisionX
● Wix Editor X
● Yellowfin 9 business intelligence
● Zoho Creator
● Dreamweaver: A web design application that combines code flexibility and visual editing,
ideal for creating unique websites for those who know a little bit about coding.
● CMS page builders (WordPress, Joomla, etc.): These drag-and-drop builders are perfect
for e-commerce and marketing websites, and they allow you to create websites on CMS
systems without knowing any code.
● Microsoft PowerApps: A Microsoft ecosystem business app developer that makes
enterprise-grade apps and process automation possible with less coding, perfect for apps
that focus on workflow and data management
● Flutter Flow: An application for developing cross-platform web and mobile apps using
Flutter that integrates with Firebase and permits code export; ideal for startups and MVPs
seeking rapid, cross-platform deployment.

6
THE DIFFERENCE BETWEEN LOW-CODE AND NO-CODE

Aspect Low code No code

Skill Requirement Requires some coding No coding knowledge needed;


knowledge; suited for developers designed for non-technical users
or tech-savvy users

Flexibility High flexibility; allows for Limited flexibility; relies on pre-


custom code and complex built components
integrations

Customization Supports custom logic and Restricted to platform features,


advanced features limiting customization

Use Cases Complex, enterprise-level Simple applications like forms,


applications with specific process automation, and tools
requirements

User Base Developers, IT professionals, Business users, project managers,


power users citizen developers

Scalability Highly scalable, suitable for Limited scalability; best for smaller,
long-term and large-scale standalone applications
applications

Performance Optimized for high performance Generally adequate for low-demand,


and complex workflows simpler applications

PRINCIPLES OF LOW-CODE DEVELOPMENT.


Low-code development offers significant automation, but it is not fully automatic. Achieving the
best results still requires adherence to solid business and technology principles. For organisations
to achieve their objectives through leveraging this technology, it is highly advisable to follow the
following principles.

Familiarise yourself with the low-code platform. While low-code platforms simplify
development, they don't do everything for you (as the customer). It's crucial for stakeholders’
developers, business analysts, and project owners to actively participate in evaluating, selecting,
and using the platform. Time spent learning its features and capabilities will pay off when
stakeholders can identify future applications and increase the initiative's value.

Minimise customization. The strength of low-code lies in its ready-made, drag-and-drop


components, which are versatile enough for many use cases. However, they may not always fit the
specific needs of a programming task. While modifying or creating new components is possible,

7
it increases development time, effort, and costs, potentially negating the speed and simplicity
promised by low-code platforms.

Generalize custom components. When customization is necessary, design the new features with
broader, high-level goals in mind. Create reusable components that can be applied in other projects,
optimising their value.

Don’t forget the team. The team working with the low-code platform must fully understand the
project's requirements and business objectives. While these projects may be less complex than
traditional software development, product owners and key stakeholders must remain available to
provide guidance and review the builds in a fast-paced low-code environment.

Keep business in control. Low-code enables rapid iteration and experimentation with features,
but maintaining a project plan and roadmap is essential for keeping development on track. Frequent
testing and reviews are important, and business stakeholders should be involved in any decisions
regarding changes to requirements and features.

APPLICATION OF LOW-CODE TECHNOLOGY IN EDUCATION UGANDA.


Low-code has highly improved the education sectors across the world with the schools and
educators using the technology to make learning services accessible to students through websites
and e-learning portals. Forexample in Uganda, Fundi Bots leverages low-code platforms like
Scratch and MIT App Inventor to make robotics and STEM education accessible to Ugandan
students, enabling practical, interactive learning experiences that build digital literacy from a
young age. Over the past decade, Fundi Bots’ low-code-driven approach has reached over 34,862
students and 673 teachers across 284 schools. This use of low-code not only aligns with Uganda’s
curriculum but also expands students' real-world problem-solving skills, setting a foundation for
future technology-driven careers in the country.

IMPEDIMENTS OF ADOPTING LOW-CODE TECHNOLOGY IN UGANDA.


To date, the take-up of low code development is still minimal within the public sector. This is
partly because the sector is inclined to developing applications that are across the board for use by
various government departments instead of encouraging smaller teams to build their own
technological solutions. Secondly, the security requirement is a deterring factor since applications
developed using low code platforms are typically hosted on the cloud. The concern here is for
storage of sensitive data and the lack of control over it which raises the fear that the sensitive data
could fall in wrong hands.
Sanchis et al. (2019), a survey conducted by (Tisi et al., 2019) shows that the main reasons why
organisations are not using a low-code platform, or are not thinking to use one are the lack of

8
knowledge closely followed by concerns about lock-in, flexibility, scalability, and security. Which
are shown in the radar chart below.

(Sanchis et al., 2019, Figure 2 Main reasons for not using or considering low-code development
platforms)

ROLE OF LOW-CODE IN DIGITAL TRANSFORMATION IN DEVELOPING


COUNTRIES.
Low-code development is accelerating digital transformation globally by enabling rapid, flexible
application development and broadening access to non-technical users, known as "citizen
developers." According to KPMG (2023), 81% of companies worldwide view low-code as
strategically important, with significant adoption in Africa (34%) and the Asia Pacific (32%),
where agility and rapid deployment are crucial for competitive success. Moreover, low-code
facilitates process automation, with 64% of ASPAC companies using it for departmental
workflows, significantly higher than 45% in Europe, emphasising its role in streamlining business
operations and adapting to evolving market demands (KPMG, 2023). This platform's compatibility
with emerging technologies, such as AI, also enhances efficiency and customer experience by
integrating advanced automation and decision-making capabilities, driving digital transformation
across industries (Yan, 2021)

WHY CONSIDER LOW CODE DEVELOPMENT?


Low-code development has gained popularity as a solution for building applications quickly and
efficiently with minimal hand-coding. By simplifying the development process by allowing
developers and non-developers alike to create applications through visual interfaces. It provides

9
several advantages that make it an appealing choice for businesses looking to enhance productivity
and reduce time to market. This section explores the benefits of this emerging technology;

1. Faster development process:


Lehmann (2018), in the pathfinder report indicates that Low-code and no-code platforms can
reduce the time needed to build custom applications between 50% -90% vs. traditional application
development that relies on coding language.
Writing individual lines of code and mastering complex syntax can be time-consuming. Low-code
platforms enable users to build complicated workflows and solutions using pre-packaged functions
and components through a visual interface, which not only speeds up development but also
simplifies future updates and iterations. Organisations that need quick delivery of business
solutions should consider exploring low-code development to forge solutions easier and quicker.

Wider participation in development:


Organisations with a shortage of skilled developers, low-code can be an ideal way to go. Low-
code platforms allow less experienced developers or even non-programmers to contribute to
software creation. These individuals often have a strong understanding of business objectives, and
any necessary custom coding can typically be completed with minimal input from professional
developers. Non-technical staff can easily contribute to the establishment of solutions. (Bigelow,
2023)

Increased efficiency
Low-code tools allow businesses to quickly develop solutions tailored to specific departments. For
instance, the HR department could use low-code to build a tool that models or forecasts salaries
and benefits, enabling better payroll decision-making. Individuals and organisations seeking to
improve efficiency in work related processes should consider integrating low-code applications
development in their strategic plans. (Bigelow, 2023)

Low-code fosters cost-effective innovation.


Low-code platforms make it possible for businesses to experiment with new ideas that would
otherwise be too expensive or time-consuming using traditional development methods. For
example, marketing teams could create a tool to analyse advertising campaign spending versus
customer response, helping to identify the most cost-efficient marketing strategies. (Bigelow,
2023)

Support for specialised projects.


Low-code development can quickly and affordably address the needs of niche applications with
small user bases. For instance, a company might not allocate resources for a tool used solely by

10
the finance department, but low-code provides a cost-effective solution for such specialised needs.
(Bigelow, 2023)

Enhanced performance, governance, and compliance management.


Low-code platforms often include features to track and manage software projects and their
components, making it easier for organisations to enforce governance and compliance guidelines.
They also offer tools for analytics, reporting, and performance monitoring, which assist teams in
planning updates, troubleshooting, and assessing project usage. (Bigelow, 2023)

COMMON USE CASES OF LOW CODE TECHNOLOGIES.


Once IT and business teams align business goals with clear IT requirements, low-code projects
can address a broad range of opportunities. Common low-code applications include:

Web portals. Portals provide customers with convenient access to interact with a business, locate
services or products, request quotes, check availability, schedule services, place orders, and make
payments. Low-code platforms allow rapid creation of portals with standardized user interfaces,
eliminating the need for manual HTML and backend coding.

Line-of-business systems. Core systems that support daily business activities, like a mortgage
lending company's system to manage loan documents, appraisals, credit checks, and financial
assessments, are crucial. While these systems are often purchased or developed in-house through
traditional coding, low-code offers a flexible alternative to create, scale, and deploy adaptable LOB
systems, whether on single or multi-cloud platforms.

Digitized business processes. Paper- or spreadsheet-based workflows are time-intensive and prone
to errors. Low-code can digitize these processes, enabling applications that collect information,
route requests for approval, deliver responses, and integrate with standard systems like ERP. For
example, low-code can streamline a capital request process by automating data collection and
approvals.

Mobile apps. Low-code supports the development of diverse mobile apps that facilitate customer
interactions and data access. For instance, an insurance company can use low-code to build a
mobile app that enables customers to file claims and upload supporting photos directly from their
phones. Modern low-code platforms even support development for both Android and iOS devices
in a single project.

Microservices applications. Microservices architecture enables scalable applications by


connecting independent, API-driven components. Each component can be developed, deployed,
and maintained separately, allowing for faster updates and fewer testing demands compared to

11
traditional monolithic architectures. Low-code can quickly develop microservices, transforming
legacy code into agile, high-performance applications.

IoT-based apps. The Internet of Things (IoT) creates volumes of data from connected devices and
sensors, posing a challenge for businesses aiming to use or monetize this data. Low-code facilitates
the development of IoT applications, integrating data from devices and processing it in backend
systems for internal or external use. For example, a low-code app in horticulture could use sensor
data—such as moisture and temperature—to manage lighting and irrigation systems automatically
based on crop growth cycles and environmental conditions.

THE DRAW-BACKS OF LOW CODE DEVELOPMENT.


While low-code tools and methods present a strong case for enterprise adoption and despite the
benefits and returns they have on sectors, they also come with notable drawbacks and challenges
this paper seeks to examine.

Bigelow (2023), emphasises that Low-code is not a shortcut for bypassing skilled staff or a robust
infrastructure; creating dependable applications still requires a solid understanding of enterprise
software development and business practices. If enterprises assign complex programming tasks to
individuals without programming expertise, they may end up spending more on fixing poorly
implemented code than if they had invested in high-quality code from the beginning.

Low-code also presents a challenge of unoptimized, inefficient code. When code is simplified into
generic, reusable components, it often leads to underlying code that is more extensive and complex
than necessary for the task. This abstraction can prevent optimizations that would otherwise reduce
software size and enhance performance. Well-crafted, custom code can resolve these issues with
greater efficiency and precision (Bigelow,2023).

Low-code leads to complexity beneath the surface. The simplicity of low-code is appealing as long
as the application performs as intended. But when issues arise, such as poor performance or
security concerns, the organization needs someone who understands the platform's inner workings
to diagnose issues, maintain security, and uphold coding standards in line with compliance
policies. (Bigelow,2023).

12
SECURITY ISSUES OF LOW-CODE TECHNOLOGY.
As more companies, enterprises, institutions and organisations continue to adopt and employ Low-
code system development approaches than ever before due to mainly ease of system deployment,
quicker and simplicity in development. It should however be imperative to note that there are a
number of possible significant security issues that result in data bleaches, serious cyber and
malicious attacks to the organisations that use these technologies to run their businesses. So, by
employing Low code applications, organisations therefore should be aware of the following
potential security issues of the technology;

Injection Handling Failures


Doerrfeld (2023), indicates that since many low-code/no-code platforms allow direct input from
users, they are often vulnerable to injection-style attacks which involves an attacker/hacker
inserting malicious code to disrupt the activity of an application or trigger nefarious actions to
occur, these are commonly the JavaScript injection. Take an example when a system might
interpret an injection as code to run and end up deleting database records.

Quality of code
According to (Shackleford, 2022), among the top low-code/no-code security risks is the quality of
the code itself. Both approaches include some code generated entirely within the context of a third-
party platform. These code snippets can vary widely in quality depending on the tools and services
employed. Plus, there may be little to no oversight or scrutiny on whether the code conforms to
known security best practices.

Monitoring
Low-code approaches mostly rely on developers using tools like the Integrated Development
Environments at a minimum which can be monitored by security teams. Performing full static
analysis (which is a technique that analyses source code to find security vulnerabilities) or dynamic
testing of code may not be possible, however, at least for the code generated by the platform.

Looking at no-code there may be little or no monitoring of code development and deployment.
This can lead to new forms of shadow IT that could be difficult to detect, resulting in an overall
lack of visibility for security teams. (Shackleford, 2022).

Third-party security issues


When organisations rely on third-party environments to build and host their low-code applications,
they introduce potential security risks due to the shared responsibility model. In this model, the
security of the underlying platform is managed by the third-party provider, while the organisation
is responsible for securing the application itself. However, if the provider's security controls are
insufficient or improperly implemented, vulnerabilities in their infrastructure could expose the
organisation’s network and applications to cyberattacks. This can lead to data breaches,

13
unauthorised access, or exploitation of the system, as the organisation may have limited control
over the security measures at the platform level.

HOW TO REDUCE LOW CODE SECURITY ISSUES.


Having discussed possible security issues of low code systems, in this subsection we explore the
different ways through which the potential security issues can be mitigated by employing the best
practices so that the organisations efficiently leverage the low-code technology to achieve their
objectives without running into security related disasters that could be as result of malicious attacks
launched out the vulnerability of the low-code system;

Use the right service provider for low-code


To effectively mitigate security issues with low-code, organisations should evaluate, assess and
select low-code service providers that provide stringent security controls. The service provider
should offer essential features such as data encryption, identity federation, and comprehensive
logging mechanisms. Providers that offer minimal security features are not advisable to contract
as this could leave the application and its environment vulnerable. Ensuring that the provider meets
specific security certifications and compliance standards can significantly reduce risks.

Limit and secure credentials


Low-code platforms like other digital platforms can be susceptible to credential misuse and
privilege abuse, especially if developer accounts have excessive permissions or access to critical
resources like databases. To mitigate these risks, security and identity management teams should
be involved in the design and development process to establish secure credential management
practices. Implementing strict monitoring of platform access and usage, including reviewing
connection logs for irregularities, can help detect potential abuse. Wherever possible, use accounts
with limited privileges and ensure that access to sensitive systems is restricted based on the
principle of least privilege.

Prevent data exposure and leakage


Low code apps can be a weak target for data exposure and data leakage due to improper data
handling methods and poor system logic that communicates with the data stores.

This is partly due to the fact that most data providers don't offer comprehensive security controls,
like encryption/ data masking, to their customers. It is therefore imperative to limit public exposure
of low-code apps wherever possible. Encapsulate apps in a security brokering system, such as a
content delivery network (CDN) or cloud access security broker for example, Cisco Cloudlock,
Microsoft Defender for Cloud Apps, McAfee Skyhigh Security CASB among others that offer
data monitoring and protection controls in transit. Therefore, security and operations teams should
enable and enforced monitoring of data exposure and leakage possibilities for the low-code
platforms.

14
Conduct Application Security Testing and Request SBOMs
One significant risk in low-code/no-code development is the security of the code itself, as well as
the various components, back-end packages, and functions used in the process. In traditional
development, organisations focus on security by performing static and dynamic application
security testing (SAST and DAST) on the code and packaged applications. However, such tools
are not always readily available for low-code/no-code platforms.

To mitigate this, organisations should request SAST and DAST reports for the back-end
components and code used in their applications, although this may not always be feasible. Another
emerging practice is to ask for a software bill of materials (SBOM), which provides a list of all
code and packages in the provider's environment, along with evidence of ongoing threat
monitoring and vulnerability management. Like security testing, this request may not always be
successful, but it is becoming a valuable tool for managing risks. After such information is availed,
organisation development teams can recommend changes in the code implementation to enforce
more stringent security controls in the code.

Enhance Visibility
A common concern for security teams is the lack of visibility into low-code/no-code applications
and environments. Ideally, organisations should avoid platforms that offer no logging or
monitoring capabilities. At a minimum, they should enable user access and platform audit logs
when available. Additionally, a brokered access strategy through Content Delivery Networks
(CDNs) that provide logging and monitoring for access to both the applications and platform
providers (typically SaaS) can improve overall visibility and security oversight.

Train Employees and users


Security awareness is critical for anyone developing with low-code/no-code tools. Since these
platforms often lack robust, built-in security features, it is essential for developers and users to
understand the potential risks involved. Providing security training helps ensure that those using
these tools can recognize and mitigate threats, reducing vulnerabilities even when platform
controls are limited.

WHEN LOW CODE IS NOT THE RIGHT OPTION?


For low-code users it is important for them to be aware that low-code may not always be the right
option to choose for some nature of projects. Tozzi (2023), stresses that nearly every business can
gain some advantage from low-code development, it isn’t always the optimal choice for every type
of business requirement. This paper also presents certain situations and priorities where low-code
may not be ideal as indicated in the following:

Low - code may not be the right choice for Applications that demand high security, they are best
developed by experienced, security-focused developers who write and inspect every line of code.

15
Low-code tools, however, automatically generate much of the code, which may not meet the
stringent security standards required. Even low-code platforms that claim built-in compliance with
regulatory frameworks cannot offer the same assurance as custom-built applications with
compliance as a primary design consideration, (Tozzi, 2023).
If it is a high-performance application, choosing low code may not be a wise decision. Meeting
strict performance standards is often easier with custom coding, as manually written code is more
likely to be optimized for performance. Unlike code generated by low-code platforms, it may lack
these performance-specific optimizations compared to code crafted by a skilled developer (Tozzi,
2023). Forexample huge traffic financial management systems like IFMS.

When accessibility is a priority. Although low-code platforms offer some support for accessibility,
they may not fully accommodate specific needs, such as compatibility with screen readers, voice
commands, or other assistive technologies. As a solution, businesses might consider using low-
code for rapid prototyping but enhancing accessibility features manually to ensure full compliance.
(Tozzi, 2023).

CONCLUSION.

Low-code technology represents a transformative approach to application development, especially


for regions like Uganda that face a shortage of skilled developers. By enabling rapid development,
greater accessibility, and supporting digital transformation, low-code can drive significant
advancements in various sectors, including education, where it has already shown positive impacts.
However, challenges such as security vulnerabilities, limited customization, and potential reliance
on third-party platforms must be managed strategically. With careful implementation and by
addressing these challenges, low-code can serve as a catalyst for innovation and efficiency,
facilitating digital transformation of counties.

16
REFERENCES.

Bigelow, S. J. (2023, January 10). What is low-code? A guide to enterprise low-code app
development. Software Quality. https://www.techtarget.com/searchsoftwarequality/What-is-low-
code-A-guide-to-enterprise-low-code-app-development

Tisi, M., Mottu, J. M., Kolovos, D., De Lara, J., Guerra, E., Di Ruscio, D., Pierantonio, A., &
Wimmer, M. (2019). Lowcomote: Training the next generation of experts in scalable low-code
engineering platforms. Retrieved fromhttps://www.se.jku.at/lowcomote-training-the-next-
generation-of-experts-in-scalable-low-code-engineering-platforms/

da Cruz, M. A. A., de Paula, H. T. L., Caputo, B. P. G., Mafra, S. B., Lorenz, P., & Rodrigues, J.
J. P. C. (2021). OLP—A RESTful low-code platform. Future Internet, 13(10), 249.
https://doi.org/10.3390/fi13100249

Forrester Consulting. (2019). Large enterprises succeeding with low-code: How to recognize low-
code platforms built for the most demanding applications. A thought leadership paper
commissioned by Appian. https://www.appian.com

Tozzi, C. (2023, March 10). Review these 9 low-code use cases and industry examples.
TechTarget. Retrieved October 23, 2024, from
https://www.techtarget.com/searchsoftwarequality/tip/Review-these-9-low-code-use-cases-and-
industry-examples
Low-Code/No-Code: The future of Development | SAP. (n.d.). SAP.
https://www.sap.com/products/technology-platform/build/what-is-low-code-no-code.html
Doerrfeld, B. (2023, August 22). Top 10 Low-Code/No-Code risks and how to secure rapid
development. Cloud Wars. https://cloudwars.com/cybersecurity/top-10-low-code-no-code-risks-
and-how-to-secure-rapid-development/

Shackleford, D. (2022, December 15). Low-code/no-code security risks climb as tools


gaintraction. Security. https://www.techtarget.com/searchsecurity/tip/Low-code-no-code-
security-risks-climb-as-tools-gain-traction
Lehmann, C. (2018). Intelligent process automation and the emergence of digital automation
platforms: The transformation of application development and its emerging role to enable new
competitive advantage. Pathfinder Report. 451 Research.

Appian. (n.d.). IDC: The Business Value of Low-Code Development and Intelligent Process
Automation with Appian. https://appian.com/learn/resources/resource-center/whitepapers/idc-
business-value-of-low-code-development-and-intelligent-process-automation

17
Jamil Spain (23 May 2022), Low-code and no-code are two new software development solutions
how do they compare? IBM, Retrieved October 23, 2024,
fromhttps://www.ibm.com/think/topics/low-code-vs-no-code.

AppMySite. (2024, February 13). Low-code & No-code development


platforms:Marketshare&size.AppMySite.https://www.appmysite.com/blog/low-code-no-code-
development-platforms-market-share-size/

Gartner. (2021, February 16). Gartner says the majority of technology products and services will
be built by professionals outside of IT by 2024. https://www.gartner.com/en/newsroom/press-
releases/2021-06-10-gartner-says-the-majority-of-technology-products-and-services-will-be-
built-by-professionals-outside-of-it-by-2024

Sanchis, R., García-Perales, Ó., Fraile, F., & Poler, R. (2019). Low-Code as enabler of digital
transformation in manufacturing industry. Applied Sciences, 10(1), 12.
https://doi.org/10.3390/app10010012

KPMG International. (2023). Low-code adoption as a driver of digital transformation. Retrieved


from https://hub.kpmg.de/shaping-digital-transformation-with-low-code-platforms
Yan, Z. (2021). The impacts of low/no-code development on digital transformation and software
development. University of Toronto.

18

You might also like