By Pragati Verma, Contributing Editor, Straight Talk

Low code platforms are not a new phenomenon. After promising to democratize software development for about 30 years, they seem to be finally gaining traction across industries. While Gartner expects most large organizations to adopt multiple low-code tools in some form this year, IDC forecasts that growth rate for low code developers will be about 3.2 times the compounded annual growth for the general population of developers worldwide from 2021 to 2025.

Rise of Citizen Coders

The essence of low code platforms is that they accelerate software development and enable business users, with minimal or no coding training, to create enterprise applications with pre-written code components. Instead of writing code, they point and click or use pull-down menu interfaces to build apps visually by dragging and dropping components. For example, a marketing professional could set up an application using a low-code tool to automatically qualify leads and trigger email communications, or an HR executive can digitize and automate simple performance appraisal workflows.

This is leading to the “rise of something called the citizen developer”, say Chris Weston and Marc Dowd, IDC’s Principals for European Client Advisory. In a blogpost, they write, ” This is an employee who creates applications for use by themselves or others but whose job is not as a full-time developer in the IT team. At IDC, we have forecast that the number of low- or no-code developers will rise significantly in the next few years, and a good proportion of those will be citizen developers.”

Why Low Code

According to Weston and Dowd, low code is the way to overcome developer scarcity. “We have a genuine skills gap in many organizations. Hiring full-time developers is expensive if you can find them, and we lose a lot of know-how if they leave us, regardless of how well we manage our knowledge bases and source code. In addition, software is often developed based on dubiously interpreted requirements, which leads to costly reworking to align it with the real requirements, even in an agile world. So, getting the real end users involved in the actual production of software can be a definite bonus in many ways,” they say.

Gartner believes that several companies turned to low code development when the pandemic hit and accelerated digital transformation. “While low-code application development is not new, a confluence of digital disruptions, hyperautomation and the rise of composable business has led to an influx of tools and rising demand,” said Fabrizio Biscotti, research vice president at Gartner in a press release. The research firm expects surge in remote development to continue to boost low-code adoption and forecasts the global market to grow to $13.8 billion in 2021, an increase of 22.6 percent from 2020.

According to Gartner’s research, digital business acceleration has sparked the emergence of “citizen developers outside of IT” that in turn has influenced the rise of low code IT. They estimate that about 41 percent of employees outside of IT – or business technologists – customize or build data or technology solutions and expect half of all new low-code clients to come from business buyers that are outside the IT organization by 2025. “The economic consequences of the COVID-19 pandemic have validated the low-code value proposition. Low-code capabilities that support remote work function, such as digital forms and workflow automation, will be offered with more elastic pricing since they will be required to keep the lights running,” said Biscotti.

The pandemic may eventually pass, but Gartner expects the growth to continue. As the concept of Software as a service grows popular, it expects that low code application platforms that SaaS vendors offer will increase too. Additionally, its analysts believe that business technologists want to create and execute their own ideas to drive more automation across their business applications and workflows and predict that this business-driven hyperautomation will be one of the top three drivers for low-code adoption through 2022. “Globally, most large organizations will have adopted multiple low-code tools in some form by year-end 2021. In the longer term, as companies embrace the tenets of a composable enterprise, they will turn to low-code technologies that support application innovation and integration,” said Biscotti.

Security Concerns

As they allow more people in the enterprise to develop applications, could low-code platforms create new vulnerabilities? Forrester principal analysts Sandy Carielli and John Bratincevic believe that security pros will now need to enable and support this “brand new class of developers”. In a blogpost, they write, “Low-code developers fall into two buckets: professional developers who leverage low-code to improve speed and responsiveness and citizen developers who sit outside of IT and development. Citizen developers not only have never taken a secure development class but likely have not taken any development classes at all — therefore, common application security concepts will be even more foreign.” They go on to provide three tips to security pros:

  • Application developers may no longer just work on the development team. Spend some time understanding your organization’s low-code strategy, who is developing what sorts of low-code applications, and where they sit.
  • It’s time to expand your network again — get to know the citizen developers in your organization and start building the security team’s credibility with these new stakeholders.
  • Security training will look different — the abstraction of low-code means that citizen developers are less likely to introduce an SQL injection than they are to misconfigure permissions or leak data. Focus on the security principles most aligned with how low-code developers build applications.

According to IDC’s Dowd and Weston, the use and abuse of data is also a key consideration. “You must ensure that the data that is used by these new applications is up to date, relevant, and is not a potential security or privacy risk if exposed through one of these tools,” they caution.

Pragati Verma is a writer and editor exploring new and emerging technologies. She has been a business journalist and managed technology sections at India’s The Economic Times and The Financial Express.