Digital Transformation Spotlight: Low-code and No-code Tools

EXECUTIVE SUMMARY

The way we work has steadily changed and many Government of Canada organizations are looking for ways to ease the burden of complex operations and an increasing demand to do more in less time - and at a lower cost.?

Low code and no code platforms and tools enable rapid delivery of applications, with little or no hand-coding required.?Not only do the platform and tools save time and potential cost savings, they also reduce many manual process, therefore reducing the risk of errors while improving the quality of the end product.?Another advantage is that the platform and tools enable traditional and non-technical developers to create apps with pre-written codes and templates, so that instead of a window in which to type code, the functionality of the application is built visually.?The application building role is available to more people in the organization than professional developers, giving the business the ability to take greater control over their custom application and enabling transformation across departments.?With a low-code development platform, the Government of Canada organization can automate time-consuming manual coding processes and speed up their app delivery.?

The platforms and tools can be described as different types of Legos, where basic no code and low code solutions are similar to large Lego blocks that make building simple and intuitive but with limited potential.?More in-depth platforms and tools offer the mix and match capabilities of smaller sized Lego sets, which also make building simple and intuitive but with increased functionality and precision.

The #healthcare sector has adopted the technology during the #covid19 pandemic to rapidly deliver appointment reservation systems, vaccination status applications, and the distribution of grants.?Wildfires are growing rapidly across the country, putting increasing stress on fire-fighters nations wide and risking the health and safety of the population, but low-code solutions have been added to reduce emergency dispatchers manually entering geolocation data enabling responders to increase response times and accuracy of location.?Low code solutions have been added to the pharmaceutical supply chain so that internet of things (IoT) data is used to track the origin and temperature of medicine throughout the supply chain.?By using low code solutions, the teams involved didn’t have to spend time developing custom components and code. Instead they focused on business requirements, transparency and oversight, and the timely delivery to providers.??

Gartner research stated that by 2024, low-code application development will be responsible for more than 65% of application development activity.? 451 Research has estimated that nearly 60% of all custom apps are now built outside the IT department, and of those, 30% are built by employees with either limited or no technical development skills.??This document will outline recommendations and an action plan to assess how the Government of Canada organization can leverage the potential of this technology.

OVERVIEW

Low-code and no-code often get used interchangeably, but there’s a shade of difference between the two categories.?Fundamentally, low-code platforms and tools simplify and streamline the work of professional developers, enabling them to deliver enterprise apps in a fraction of the time of hand-coding, often with higher quality. Meanwhile, no-code platforms and tools give non-technical business people the ability to assemble simple business applications with minimal involvement from IT.?For consistency in this document, low-code will be referenced as the primary technology capability being discussed.

Forrester defines low code as “products and/or cloud services for application development that employ visual, declarative techniques instead of programming.” Gartner characterizes it as platforms that provide “rapid application development (RAD) features for development, deployment and execution – in the cloud.”??In essence, these tools make application development accessible to business users and non-programmers. Anyone, regardless of technical ability, can build applications to automate workflows – with drag-and-drop functionality, intuitive process flow capabilities, and visual guidance. This empowers employees beyond the walls of IT to take ownership, streamline common development tasks, increase productivity, and ultimately, free up development resources.

No-code development tools abstract the codebase entirely by providing a visual “what you see is what you get” (#WYSIWYG) interface to building an application; from the data model to business logic to workflows to the user interface (UI).?This complete abstraction of application behavior to avoid code means that any custom feature, and or function needed for an application, is limited to what is already surfaced in the tool. The no-code approach only allows for a certain level of customization through the WYSIWYG tool. Adding new capabilities will usually require the vendor, or its professional services staff, to create and release new features for use within the tool.

Low-code development is rapid application development or high-productivity development, with an option to use code or scripting.?These tools can use a variety of approaches that both automate and abstract application development activities, such as drag-and-drop editors, code generation, component assembly and model-driven and metadata-driven development.

Low-code development offers a way to add custom features or functions for an application with new code. The code supported can be a proprietary language or standards-based languages. JavaScript is one of the most popular and common languages supported by low-code development tools. This approach allows customers and partners to have a higher degree of customization than no-code tools. However, the added custom code must be carefully managed to prevent accumulation of technical debt and change management issues.

A #citizendeveloper is a user who creates new business applications for consumption by others using development and runtime environments sanctioned by corporate IT. In the past, end-user application development has typically been limited to single-user or workgroup solutions built with tools like Microsoft Excel and Access, however low-code and no-code platforms offer richer development and deployment capabilities that allows people with no formal programming background to deliver applications providing immediate business value.

Low-code platforms that are model driven execution platforms require applications to be run on their platform, which is typically located in either the vendor’s cloud or a Government of Canada organization’s cloud, or in the organization’s data center. Similar to common cloud adoption benefits, a key advantage is that the vendor manages the platform which reduces the need for IT to manage commodity infrastructure resources. ?

TARGET BENEFITS

The value proposition of low-code relies on the production, deployment, and maintenance of applications.?To understand the business benefits of low-code, the starting point is all about speed and quality. ?Low-code moves application development to a higher level of abstraction, requiring less code to be written, which in turn provides the following advantages:

·???????High speed to value ratio

·???????Shortened development and deployment cycles

·???????Reduced maintenance burden

·???????Enhanced customer experience

·???????Integration of legacy systems

·???????Improved productivity and business agility

·???????Built in governance and standardization

·???????Innovation and experimentation led by rapid prototyping

There is no guarantee that the Government of Canada organization will build a high-quality application simply because it’s using low-code. Where low-code really helps is in the following:

·???????Streamlining the work of developers to remove commodity tasks, or error prone tasks that may introduce security vulnerabilities, while focusing on value add processes.

·???????Grooming the application backlog as requirements can be delivered faster.

·???????Automating workflows that aid data driven decision making.

·???????Extending and/or updating existing applications by replacing out-of-date front-ends, while leaving the existing business logic in place.?

USE CASES

Although each industry sector has a defined set of common services and commodity IT resource needs, the Healthcare sector must meet its own set of industry regulations and standards which make it difficult to find an existing and mature offering to satisfy specialized mission critical needs.?Low code options provide the Government of Canada organization the ability to focus solely on the specialized business processes that must be supported while reducing the need to spend time on commodity and routine IT tasks.

In addition, common use cases that are relevant to the Government of Canada organization include:

·???????Applications consisting of a niche or specialized business process, including interfaces to document and content management systems and reminder or alert notifications.

·???????Forms, or data gathering and database applications that interface to large scale and distributed data storage.

·???????Communication and task management applications that allow for chats, emails, video conferencing, and calendar management.

·???????Data-science and visualization applications that potentially contain some machine learning or artificial intelligence to process and present large amounts of data.

·???????Mobile or modern front-end to integrate with legacy applications.

Identifying if low code is the right tool will depend upon the type of application that is required.?Many applications are for the internal use of employees and are generally tactical. A tactical application focuses on delivering short-term value within the context of the day-to-day operations of the Government of Canada organization, such as Human Resources (HR) app (e.g. timesheet apps, time-off request apps); IT-related applications (e.g. password reset apps); Data processing apps (e.g. event registration); or a reporting or dashboard app that collates and presents useful information to managers and other personnel.?Apps that are for the Government of Canada organization’s external users are generally more strategic, because they help achieve enterprise business goals. Some examples of external strategic apps include:?an ecommerce app (e.g. purchase a product); customer service apps (e.g. contact chat); or a survey or other feedback app that solicits the opinions of citizens or clients.

CHALLENGES

While low-code presents many advantages, there are known challenges that must be included in planning an adoption of the technology:

·???????The nature of low-code is to allow for non-coders, who are ideally business domain experts, to create apps, however, low-code environments are largely proprietary and require at least a modest amount of training. This applies even to highly skilled developers.

·???????A cultural resistance may occur from traditional developers, partly due to skepticism, and incorrect perception that existing developers are being replaced.

·???????Most traditional development environments involve a one-off purchase of the IDE, however, low-code licenses are considerably more complex, often involving per-deployed-app costs. Those costs are sometimes opaque and need to be fully worked through for the ROI analysis.

·???????The proprietary nature of low-code gives a certain level of “lock-in,” preventing the Government of Canada organization from changing vendor or leaving low-code altogether.

·???????Low-code’s ease of app development can cause problems for the Government of Canada organization as clients may be tempted to develop on their own if IT is not fast enough, thereby creating a shadow IT mentality. If allowed to grow, this will create maintenance and capability duplication issues.

TARGET CAPABILITIES

·???????User interface capabilities:?the development tooling can include support ranging from fixed application user interfaces, communication mechanisms such as email and messaging, simple web and mobile forms, to multi-experience including #artificialintelligence (AI)-driven chatbots, augmented reality and wearables. Low-code platform types vary in?their creation of end-user interfaces, ranging from none in integration platforms as a service (iPaaS) and limited in many business process automation (BPA) tools, to?multi-experience?development?platforms?(MXDPs) that specialize in user experience (UX) capabilities.

·???????Data capabilities: development technologies will usually include data modelling,?database or data access technology?or master data management features. Other types of data, such as documents and other content, may also be provided. Prebuilt data schemas may be provided for domain or SaaS?compatibility. Many low-code?platforms only embed a database for their cloud-based offerings, while others require the use of existing data sources.

o??Process and workflow capabilities: various types of “processes” may be supported through orchestration or workflow tooling, these may include: business process automation of workflows, processing data and information flows across different users for business transactions, managing the flow of communications in a call center as workforce workflow management, managing the extension of business processes into controlled “knowledge work” as a part of case?management, or the flow of control across an robotic process automation (#rpa) bot or integration transaction.

·???????Business logic capabilities: beyond simple scripting of business rules, development tools may explicitly support specific types of business rules and rulesets and their execution, or as decision-based organizations for business logic. Decision automation is often extended to include #ai and analytics services generating business rules or predictive models.

·???????Integration capabilities: information sources required in applications may exist in external components that need to be accessed via APIs.?

·???????Services: Low-code development technologies may include various prebuilt services specific to a business or application domain.?These services may be blackbox, or include customizable definitions and models. They may also be provided as cloud services that abstract low-level services such as AI/machine learning for specific use cases. Catalogs of services or components may be available as an application or app store.

KEY CONSIDERATIONS

RISKS

Security: Applications must still adhere to Government of Canada security standards and ensure that identity and privileged access control management functionality policies are followed for applications.?Where necessary, connections using HTTPS must be used to encrypt data transmission and not use plain text for passwords.

Data Leakage: Low-code apps usually revolve around streamlining a business process or automating a task. Many times this is coupled with moving data from A to B or connecting operation C to operation D (if this then that). This also means that data can easily find its way outside of the organizational boundary. Typical examples include moving data to unauthorized services (i.e. shadow IT) and storing business critical data in the wrong place, for example on personal drives.

Oversharing: To enable fast expansion within the enterprise, low-code platforms make sharing of apps, components and data extremely easy. Misconfiguration may result in oversharing which can easily result in breaking the enterprise permission model.

Business Continuity, Resiliency and Ownership Failures: The ease of creating a new applications, their relatively low-maintenance costs and the fact that they often are managed by a SaaS services may contribute to lack of oversight and sprawl.

App impersonation: Because low-code apps are usually developed by the organization, users tend to trust them blindly. However, low-code platforms allow users to upload and deploy an application from an external source, including the platform marketplace. An attacker or a malicious insider could use this blind trust to impersonate a viable app and launch a consent phishing campaign within the organization.

Unmanaged Custom Code: Low-code applications often enable extensibility through custom code. These pieces of code are embedded into the application, and in some cases are not held up to the same level of security vigilance as with other traditional coded applications.

LEGACY INTEGRATION

A project may use low-code to create a new front-end for a legacy application, but integration with the?legacy application may require extensive custom coding and a high degree of complexity to make connections and access to data that must be factored into the management of the application’s lifecycle.

SHADOW IT

Shadow IT refers to how business divisions often bypass the IT organization in order to get the software functionality they require, typically by using simple application creation tools that don’t require the help of a technical person. Such applications may lack IT’s awareness, leading to the risk of security vulnerabilities or exclusion from governance and oversight.

VENDOR LOCK-IN

Vendor lock-in is another major concern for IT as low-code platforms are selected to satisfy niche requirements. Low-code development tools are often?tightly integrated?with the cloud environments and API ecosystems from the vendor and may not offer the flexibility to extend functionality or scale and meet new requirements.

EVALUATION PROCESS

Evaluation criteria across all platform types can be considered in four areas):?business, technology, development and environment.?All of these should be considered, although often technology-fit, developer-fit and cost are often the highest priorities.

Business

Use case type

Application lifecycle

Vendor fit

Standards

Total Cost

Pricing model

Technology

User experience

Front-end vs Back-end

APIs and integration

Architecture, hosting, and availability

Deployment

Security

Development

Developer persona and degree of coding

DevOps methodologies

Governance

Support

Environment

Training

Marketplace

Testing

RECOMMENDATIONS

1.?????Assess multiple low-code platform options before committing to a single vendor

a.?????Create a scope document and review with the internal teams; compare products with similar capacity and prices.

b.?????Evaluate cost versus functionality. Remember to take note of existing legacy deployments and check for integration requirements.

c.?????Consider how mature the community support for the product is and its marketplace.

d.?????Learn about the solution by utilizing its free version to become familiar with the low-code platform.

2.?????Evaluate the Government of Canada organization’s problem statements and use cases

a.?????Analyze your use cases and the business requirement carefully to extract the best results from the solution.

b.?????Ensure that the internal team members from the business process management side and the IT side are trained on the chosen solution.

c.?????Train your employees, instead of only relying on vendors?or their partners, prior to app development.

d.?????Take some time to go through the online tutorials.

3.?????Understand the Government of Canada organization’s eco-system

a.?????Adopt a technology-agnostic approach to business requirements and then layer in the technical components.

b.?????Assess the Government of Canada organization’s maturity on the level of cloud readiness, API strategy, identity provisioning, process management/process engineering, cloud security and information security.

c.?????Strategize on how to fit the selected enterprise low-code solution into the Government of Canada organization’s existing architecture.

4.?????Regulate business processes before automation

a.?????Streamline the internal processes before automation. Using a workflow system or even a low-code/no-code platform can only do so much to support a complex and convoluted process.

b.?????Invest time in making improvements to the existing business processes before implementation. Do not just port?those?processes?over to the new platform as is.

c.?????Standardize and define the workflows and processes for the use cases of the low-code platform before buying any licenses.

?

5.?????Establish a Community of Practice

a.?????Identify the developer personas by knowing the common needs for front-end developers, back-end developers, process analysts, and data analysts

b.?????Socialize guardrails, best practices, and frameworks to help employees capture value in using the low-code tools and for rapid and secure experimentation with minimum intervention from the corporate IT department

c.?????Track community engagement through a set of metrics and uses community performance to reflect on the technology and business outcomes of the solutions

?

6.?????Governance

a.?????Empower employees with the ability to self-govern when low-code in general is not recommended and what type of low-code platform is recommended for a defined use case.

CONCLUSION

When used properly, no-code and low-code can be a force multiplier for government agencies, yet simply increasing access to new tools in the Government of Canada organization’s IT portfolio does not guarantee success.?The keys for successfully benefitting from low-code are a combination of multiple factors.?Firstly, the organization requires effective cooperation amongst lines of business, the application development team, and the rest of the IT organization. ?Secondly, low-code efforts must also account for the context of existing applications, both to integrate with them and, when appropriate, make modernizing them less risky.?Thirdly, being more agile with a low-code platform increases the need for planning, change management, and treating data as an asset.