Does a low or no code platform fit into your institution’s enterprise architecture strategy?

Low code and no code platforms are currently all the rage. Rarely does a day go by without reading an article explaining how these platforms will change the software development practices of an organization. They provide a way to create applications through graphical user interfaces and configuration rather than the traditional practice of software developers writing lines of code. 

Other benefits include speeding up application development, allowing non-developers to build applications, and supporting secure coding practices. This can be a big boon for organizations and allow work to be offloaded from IT organizations that are already strained under massive workloads.  In fact, I have worked with customers already seeing benefits in the use of these platforms, allowing them to more rapidly build solutions that support their digital strategies. 

IT plays a role in governance

Providing non-developers with this functionality does not eliminate IT’s role in governing these applications being built with low code/no code platforms. Standards and governance around these applications are paramount. The selection of a low or no code platform needs to have the proper architectural reviews by IT during the procurement process.  IT is uniquely qualified to understand the application and determine how it fits into the overall enterprise architecture of an organization.  This will include reviews of the technology, the way it integrates to other applications, and the ability to tailor an application to the UX standards that an organization has or will be establishing.  

Once a low or no code platform is procured and implemented into an organization’s overall enterprise architecture strategy, each application idea must still be vetted to ensure it will fit into the overall architecture. 

Time to assess and make considerations

What standards need to be introduced to ensure compliance with the enterprise architectural strategy? What will the data sources be for the application? 

Without governance and standards, there is a possibility that a rogue application can wreak havoc for an organization. The application must fit into the data architecture to ensure that it gets data from the appropriate source and not just the easiest source of data.  It also must be styled according to the UX standards of the organization to ensure a consistent look and feel across the applications offered on campus.  Finally, if the application stores data, can it be made available to other applications such as reporting and analytics solutions?  This is not an exhaustive list but is meant to be an example of some of the considerations before an application is developed. This governance is very similar to applications built by a hardcore developer.  Just because a non-developer can build an application doesn’t mean it shouldn’t go through the same governance as an IT built application.

The foundations of building an app

Finally, as you build applications, the same development processes of a hand-coded application should be followed.  Automated test cases should be written, and proper reviews of the application need to be conducted.  Proper security reviews need to be done to ensure that the application follows all security guidelines. Just because you are using a low or no code platform does not mean that development is secure. It is recommended to follow traditional security guidelines including, but not limited to, static code analysis, dynamic code analysis, and penetration testing.

Compliance reigns supreme

Overall, low or no code platforms have a place within your organization but need to be handled with care.  Just because it allows applications to be built more easily does not mean they do not need standards and governance.  These applications should be built following your software development lifecycle to ensure compliance with security standards and overall IT strategies.


Share This Post:
06 Apr 2021

Does a low or no code platform fit into your institution’s enterprise architecture strategy?

Low code and no code platforms are currently all the rage. Rarely does a day go by without reading an article explaining how these platforms will change the software development practices of an organization. They provide a way to create applications through graphical user interfaces and configuration rather than the traditional practice of software developers writing lines of code. 

Other benefits include speeding up application development, allowing non-developers to build applications, and supporting secure coding practices. This can be a big boon for organizations and allow work to be offloaded from IT organizations that are already strained under massive workloads.  In fact, I have worked with customers already seeing benefits in the use of these platforms, allowing them to more rapidly build solutions that support their digital strategies. 

IT plays a role in governance

Providing non-developers with this functionality does not eliminate IT’s role in governing these applications being built with low code/no code platforms. Standards and governance around these applications are paramount. The selection of a low or no code platform needs to have the proper architectural reviews by IT during the procurement process.  IT is uniquely qualified to understand the application and determine how it fits into the overall enterprise architecture of an organization.  This will include reviews of the technology, the way it integrates to other applications, and the ability to tailor an application to the UX standards that an organization has or will be establishing.  

Once a low or no code platform is procured and implemented into an organization’s overall enterprise architecture strategy, each application idea must still be vetted to ensure it will fit into the overall architecture. 

Time to assess and make considerations

What standards need to be introduced to ensure compliance with the enterprise architectural strategy? What will the data sources be for the application? 

Without governance and standards, there is a possibility that a rogue application can wreak havoc for an organization. The application must fit into the data architecture to ensure that it gets data from the appropriate source and not just the easiest source of data.  It also must be styled according to the UX standards of the organization to ensure a consistent look and feel across the applications offered on campus.  Finally, if the application stores data, can it be made available to other applications such as reporting and analytics solutions?  This is not an exhaustive list but is meant to be an example of some of the considerations before an application is developed. This governance is very similar to applications built by a hardcore developer.  Just because a non-developer can build an application doesn’t mean it shouldn’t go through the same governance as an IT built application.

The foundations of building an app

Finally, as you build applications, the same development processes of a hand-coded application should be followed.  Automated test cases should be written, and proper reviews of the application need to be conducted.  Proper security reviews need to be done to ensure that the application follows all security guidelines. Just because you are using a low or no code platform does not mean that development is secure. It is recommended to follow traditional security guidelines including, but not limited to, static code analysis, dynamic code analysis, and penetration testing.

Compliance reigns supreme

Overall, low or no code platforms have a place within your organization but need to be handled with care.  Just because it allows applications to be built more easily does not mean they do not need standards and governance.  These applications should be built following your software development lifecycle to ensure compliance with security standards and overall IT strategies.


Share This Post: