Balance the Need for Speed and Security With Low-Code Solution Guardrails
No-code and low-code tools don't just let everyday citizen developers bypass having to learn how to code a product into existence, they bypass the gatekeepers who have traditionally stood between tech products and the companies that use them.
What does this mean for IT? That it’s losing control. Depending on who you ask, this is either a good thing or a bad thing. Here’s a brief breakdown of these two perspectives, followed by three new guardrails companies can put in place as the traditional barriers to technology’s entry break down.
IT Prioritizes Governance, Security and Clean Data
IT departments are often seen as roadblocks between teams and their ability to innovate quickly. This isn’t out of malice (at least most of the time); it’s because they’ve been charged with standardizing and consolidating tools across departments, and maintaining a clear-cut budget.
They’re also the ones who take the fall when something backfires, which means they must carefully evaluate and sign off on the tools that keep the business running. And as guardians of corporate data, they must ensure that any data used to drive organization-wide or department-specific decisions is correctly formatted, that it isn't in violation of GDPR restrictions, and that it can be consumed by the technology stacks chosen by departmental decision makers.
When technology sneaks past the IT gatekeeper and into a company, teams open the door to a lack of governance. And a lack of governance inevitably opens the door to security issues. Gartner has identified the inability to govern citizen developers as one of the primary barriers to enterprise adoption of low-code solutions.
Related Article: The Risks and Rewards of the Citizen Developer Approach
Product Teams Prioritize Getting Products to Market Fast
Most product teams see IT’s tech procurement process as unnecessarily convoluted. The complex criteria used to vet technology creates barriers to using new software quickly, and therefore affects their ability to get to market faster. It can take six months to get started with a software, which is often the same amount of time it would have taken the team to complete the project using it.
Product teams want the ability to quickly adopt a working software without the hassle. They want to be able to ‘plug and play’ new technologies as soon as they discover them and do their own informal vetting. Of course, if something blows up, they don’t want to take responsibility for it.
Balance Speed and Avoid Risk With These Low-Code Guardrails
As low-code solutions become more ubiquitous and easier for individuals to adopt, is it even realistic for IT teams to protect the company from the downsides of hasty or covert tech decisions? Here are a few ways to put guardrails in place to balance the need for speed and autonomy, while avoiding technical risks:
1. Divide governance responsibilities among different gatekeepers
While the IT department has traditionally enforced guidelines around things like data security, corporate and cloud security, and application governance, this is not always the case anymore. Instead, different stakeholders are playing gatekeeper to different areas of concern, specific to their practices.
For instance, IT might put up guardrails based on known enterprise-wide security needs or requirements specifically around the use of emerging needs like low-code and no-code tools. Meanwhile, a user experience (UX) team or center of excellence (COE) might be responsible for introducing guardrails that ensure all applications meet corporate branding requirements, interaction and accessibility guidelines. And a development manager would potentially add another layer of guardrails to ensure that low-code / no-code tools adhere to some level of coding standard required for applications.
While IT is, or at least considers itself, the absolute gatekeeper when it comes to the types of applications that are allowed within the enterprise, their primary domain now is how applications access data, how secure they are and their use of the cloud. It now shares equal authority with these other groups — UX, COE, development and others — in overall governance of applications entering the enterprise.
Why Knowledge Management Is Critical to Business Resiliency
How Organizations are Future-Proofing Business by Harnessing Company and Employee Knowledge
The Compensation Cliffhanger: New Research on How HR Leaders Are Addressing this New Talent Minefield
For employees today, is it really "all about the Benjamins"?
Related Article: How Digital Workplace Governance Supports Agility
2. Data needs to be shared across the enterprise, which means putting a new type of use case-specific guardrails in place
Ten years ago, it would have been unheard of for a corporate user to have access to real datasets, which they could then use to create their own dashboards and reports. But businesses are moving a lot faster now and to keep up, accessibility of data is key. Anyone in an organization should now be able to create their own dashboards and reports, and share them with others. Business intelligence and dashboarding tools are what originally forced IT’s hand when it came to loosening governance around who within the enterprise could access datasets. Those tools paved the way for low-code and no-code tools, as well as others.
As a result, governance is now the domain of application owners, who work alongside corporate stakeholders to define the right guardrails. For example, if a marketing department is using a low-code tool to generate applications that will be used by field marketing, it’s important that corporate stakeholders outside of marketing ensure that whatever code is generated can be used within the tooling of the development teams. The involved stakeholders in this scenario might include a development manager who must complete the application once a working prototype is approved, a user experience manager who must ensure that the interaction model was well thought-through and a marketing manager who must ensure the application meets corporate branding guidelines. These stakeholders are all outside of the traditional IT organization.
3. Define the users of low-code and no-code tools
To circumvent IT’s hard-line security and governance restrictions, which can lead to months of due diligence and vetting, more teams outside of IT are adopting low-code or, in most cases, no-code tools. These groups need to be able to use data that they can easily access without having IT interfere or put-up barriers.
Common data sources are Microsoft Excel or existing Software-as-a-Service (SaaS) products like Google Analytics, Salesforce, Marketo, Microsoft CRM and others that usually only require an email and password to access data.
It is important to identify who the user of each type of tool is.
Knowing who is using which technologies is critical because it will inform different departments and stakeholders as to which gatekeepers they need. This will enable innovation and expedite adoption, while ensuring that the proper layers of oversight are in place.
As the pool of everyday developers grows alongside the emergence of low-code tools, expect to see more solutions that are perfectly suited for various enterprise needs. Empowering new gatekeepers to introduce new guardrails will ensure that product teams can innovate quickly, without technical or security backlash.
About the Author
Jason is the SVP of Developer Tools at Infragistics, where for 16 years he’s held roles at the intersection of tech evangelism and product management. He and his team spearhead the customer-driven, innovative features and functionality throughout all Infragistics’ testing, developer and user experience products.