CLOUD
Architecture Summit

Enterprise-Grade Integration Across Cloud and On-Premise

REGISTER

Online Conference

As we enter 2020, low code platforms will continue to expand the ability to empower non-developers to assemble a variety of ready-to-launch applications. 

Evidence continues to show that no code / low code platforms are proving how well they can help scale limited (and often expensive) developer resources. That said, this success in low code / no code is prompting CIOs to ask other questions:  

How can we add rigor to the low-code apps process? 

 

Are there ways to impose more accountability and governance on who builds, launches and manages low-code apps?

Such questions are arising just as the tsunami of no code / low code apps is about to hit enterprise IT, Betty Blocks CEO Chris Obdam told IDN.

“I’ve seen many reports on the growth. One analyst report suggests by 2023, the number of no-code ‘citizen developers’ will exceed the number of professional developers times four,” Obdam said. “That trend, we see that happening right now as well.”   

The trend is backed by solid results for many adopters, Obdam added. He recently told Computer Business Review, “For enterprises, it’s really interesting to have a look at low code, and especially no code, because you can radically change your approach towards innovation and make sure that the business end of an organization is involved with solving the problems they have.”

That said, for all the benefits from no-code / low-code platforms, missing support for governance and compliance is an issue, he said. 

“A lot of the big enterprises we are working with are looking for a way to enable the business user [non-technical developers] to build applications in a professional way. That means they are not only looking at low-code tooling but also governance,” he added. 

“Everybody talks about AI/ML, but the most important capability is not always the most sexy thing,” Obdam said. For no-code / low-code platforms, “the most important thing is governance,” he added and explained why.   

“With low code, you are enabling a wider set a wider audience of developers. And the main concern of IT management is governance and controlling all of this. This takes procedures and processes to put in place and an organizational change,” Obdam told IDN.  “So, with no code, you are no longer any more solely build applications; you are facilitating an organization to build apps themselves.”

This perspective leads to the need to bring governance and policy enforcement to any no code / low code platform and practice, Obdam added.

“At an enterprise level, it is about compliance, security and governance – and none of that is very sexy. But if you want no code and low code to take over the software development space, these are the most important ‘next steps’ we need to take,” he said.

To address these IT concerns over no code / low code, Betty Blocks offers a governance framework and feature set that provides six key elements:

1. Maintain the citizen development policy and guidelines.
2. Aggregate and provide resources.
3. Organize activities, trainings, and otherwise facilitate a community for citizen developers.
4. Assume responsibility for managing the platforms and systems that citizen developers use to build, independently and in coordination with the organization’s existing IT portfolio.
5. Catalog, maintain, and publish a list of relevant data services and APIs.
6. Report on the status of the program to internal and external stakeholders.

“Without governance, a no-code platform will just create more problems such as Shadow IT,” according to Betty Blocks’ blog.

The blog further lays out these key takeaways on how best to envision a citizen development governance strategy that best meets the needs and structure of their business. Among them:

• Organizations can counter the risks of citizen development like lack of control, unsupported software, and vulnerability to security threats with an implementation strategy, governance policy and sanctioned platform.
• A governance strategy should address the who, what, where, when and how of an organization’s citizen development program.
• Establishing a centralized citizen development command center within the IT department provides resources, structure and accountability through monitoring. 
• Citizen developers will need tools, resources and support to be successful, including software or development platforms, coordination with IT departments and tech support. 
• Training is fundamental in terms of both gatekeeping citizen development platforms and teaching fundamentals of data security, as well as continuous development and skills building.
• Security is paramount and all citizen development activity needs to be strictly monitored to ensure compliance.

Implementation of governance and compliance comes via Betty Block’s Centralized Citizen Developer Command Center. Betty Blocks describes the for a Centralized Citizen Developer Command Center on their website as follows: 

There needs to be centralized accountability for a citizen development program, where all activity will be monitored and managed. This office (in many cases, housed within the IT department) will own the governance strategy, and be responsible for monitoring and ensuring that all citizen development activities follow the regulations of other parts of the organization, and integrations with other systems in use.

Obdam described the benefits this way:

“Citizen Development Control Center lets an IT leader or IT person 100% control accessibility of certain features. This ensures citizen developers securely build their apps and also results in security-audited apps. So our Control Center is in place so you can apply privileges on what the citizen dev can and cannot do.” 

Betty Blocks’ approach to providing all this control is based on the ideas that citizen developers are pre-provisioned features, data access and so on. Every organization within an enterprise can set up their own ‘block store’ to reflect their need for policy compliance and security.

“With Control Center, we let IT provide the citizen developer a controlled set of blocks. This is the way to ensure they build an app in a secure way,” he added. 

Beyond setting how citizen developers create their work product, Betty Blocks also is looking to apply control and governance to the full process for ‘citizen-developed’ no code / low code apps from develop-test-launch-govern. 

“We also provide our clients with a process where they can manage the whole process of making [their new app] available. Within the Control Center, depending on the role you have, you are not able to make anything publicly available. Everything is always in a control set up from the Control Center.” 

As an example. “One of our clients regards every app a PoC [proof of concept] that will automatically be thrown away in 3 months unless they get an approval. So they are making an open but struct policy. Anyone can build an app, but if you don’t get an OK, it will be thrown away,” he said. 

Betty Blocks is also working to extend the power of low code governance to legacy apps. To achieve this, the company is working with at least one major enterprise software firm. The idea is to provide no code compliance end-to-end when new no-code apps need to integrate with mission-critical or legacy apps. 

This full process governance, especially in context a combination of no-code / low-code + legacy assets is still a work in progress, Obdam conceded. 

“No code is no worry. As an IT department, you should be worry-free about the governance part of it too. We are not there yet with process, but it is definitely the vision we are definitely  working on,” he said.