While the mission statement of the Zenity Low-Code Security Blog is to help organizations adopt low-code platforms securely and with confidence, we often find ourselves explaining basic low-code concepts and principles - mostly to those who are not familiar with the day-to-day low-code development process. Since our blog will cover many critical topics related to low-code security, we thought it would be beneficial for our readers to first get closely acquainted with low-code, and there’s no better way to do so than through real-world examples.
What's so special about Low-Code?
Low-code/no-code platforms continue to gain popularity, becoming the go-to technology enabling digital transformation. Low-code solves a whole range of business needs with the key commonality of providing quick, efficient and scalable solutions that can be built by the different business teams themselves. By bringing development closer to the business professional that feels the need most acutely, and even letting that business professionals develop themselves, low-code cuts communication costs and allows for fast and agile development.
If you are in a business role in your company, you’re probably very familiar with the frustration of having to wait for a professional developer or an IT expert to build some survey form to collect data, integrate several systems together in order to facilitate a business process, or even automate mundane tasks. These are exactly some of the most common use cases which drive organizations to adopt low-code.
Trying to create a comprehensive list of what people build with low-code would be as futile as trying to compile the same list for things built by professional developers or any other builder’s profession for that matter. We can however look at a few representative use cases to help us grasp what this technology can unlock for us. The purpose of this post is to do just that.
To provide some context and narrow down on a particular domain, we focus on corporate COVID-19 response, and how low-code came to the rescue.
Top low-code use cases
Use Case 1: Business process automation
With the COVID-19 crisis response, Japan announced a special cash payment program which allowed every citizen to apply for subsidies. Faced with a huge surge in citizens calling the city offices with inquiries about their application, City of Kobe officers realized they needed an efficient way to manage and track the status of these applications. They leveraged Power Platform, Microsoft’s low-code platform, to facilitate the entire process and create a self-service portal where citizens could quickly receive necessary information about the status of their application without calling city offices. The portal was soon in high demand, as stated by Microsoft:
“The development efforts started in April 2020 with each solution below taking less than two weeks to build. As of May 2020, they’ve been deployed to all citizens and accessed by thousands of users per day. The Power Apps portal solution hit peak usage of over 200K+ in a single day, and as of July 2020 has been averaging 35K+ page views per day.”
Of course, with a self-service portal that allows citizens to view their personal data, security of that data must be taken seriously. The City of Kobe had to make sure they configured their portals correctly to ensure that users can only access their own data.
* Power Platform image source.
Use Case 2: Integration and automation
When COVID-19 hit, vaccine maker Moderna quickly rose to the challenge, creating a vaccine to prevent infection and reduce severe illness. In order to operate as well as they did, Moderna opted for a cloud-first strategy for increased operational speed and agility. While using multiple SaaS services had great value for the business, it also introduced two key challenges: siloed data and user provisioning and deprovisioning. As Moderna put it:
“The cloud helps Moderna accelerate learning, automate processes, and improve quality at scale. But to harness its full power, the firm needed to integrate its best-in-class, on-demand applications and data from multiple SaaS vendors.”
To solve their siloed data problem, Moderna leveraged boomi, a low-code platform focused on integration, to integrate and synchronize data between multiple parts of the business including budgeting, vendor payments and human resources management.
Moderna also automated the flow of onboarding and offboarding new employees.
Of course, automation and integration go hand-in-hand with paying close attention to the way user identity and authorization are used in the process. In order to get an automation working, for example, it is tempting to use personal credentials or admin rights, but the implications could be detrimental to an organization. An organization that is aware of the risk will be particular about users using service credentials only.
Thanks to low-code, Moderna was able to accelerate employee onboarding, increase business efficiency, scale operations and make data accessible internally.
* Boomi image source.
Use Case 3: Rapid application development
During the pandemic, the need to reduce costs and deliver secure services with low-code technologies increased as agencies were, and still are, required to deliver new services rapidly for public safety. The U.S. Department of State (DoS) has leveraged the Now Platform by ServiceNow to distribute critical data to diplomats around the world. As principal deputy CIO of the U.S. State Department, Michael Mestrovich, stated in an interview with MeriTalk:
“These were big apps that tracked every country on the planet and what their Covid-19 requirements were. If you came from North America to Great Britain, would you need to quarantine? If you went from Great Britain to Germany, did you have to quarantine? If you did, what were the quarantine requirements? So, there’s a huge tracking mechanism that shows what phase these countries are in, what phase our posts are in, and the COVID requirements for each. All that was done through ServiceNow’s low-code platform.”
A crucial component to this critical information-providing application is ensuring that information can be edited only by authorized personnel. The Department of State had to make sure application permissions were in place to separate the users of the application from its content creators.
The careful use of low-code has since allowed the DoS to evolve and adapt their application to the ever-changing landscape of COVID-19 response.
* ServiceNow image source.
Low-code platforms are used in organizations to deliver faster, cheaper and more adaptive software. Business applications can be developed to target specific time-sensitive demands, and can scale up to tens of thousands of users in just a couple of weeks. This tremendous change to the software development lifecycle (SDLC) is at the heart of the low-code transformation, however, it is also its greatest risk. To leverage the full power of low-code without compromising on security, business teams must work together with security teams to understand, manage and address low-code’s intrinsic security risks.