Balancing risk and reward with low-code and no-code platforms [Q&A]
In recent years, enterprises have increasingly turned to low-code and no-code platforms in order to streamline their development processes.
With the introduction of AI, this sector is evolving even faster and Wing To, general manager of Intelligent DevOps at Digital.ai, believes this needs organizations to develop a cautious approach. We spoke to him to find out why.
BN: Why does the introduction of AI into development platforms present extra risk?
WT: Low-code, no-code platforms and AI-assisted code development have the potential to create an environment where certain steps that ensure quality and security are missed, leading to potential issues of code in production environments. Often low-code, no-code platforms can foster an absence of 'professional developers' with foundational knowledge of software and application development, resulting in a lack of necessary flags raised during the creation and implementation of code. This highlights the importance of leveraging professional developer processes, such as code reviews, security checks or testing procedures to mitigate risks.
Also, AI-assisted code is inherently open to vulnerability. According to research by NYU, 40 percent of code produced by AI-powered copilots include flaws that can be manipulated by an attacker. This level of security risk opens enterprises up to dire consequences in multiple areas, from financial to legal.
BN: What can we learn from more established coding practices in order to avoid pitfalls?
WT: Executives can draw valuable insights from the practices of the 'professional developers' they retain on staff. These developers can help team members gain a deeper understanding of how to harness diverse safeguard measures designed for professional coding when using 'citizen developers'. These measures should involve aspects like data governance, risk management, and auditability, among others.
By employing these mechanisms, organizations can prevent the emergence of chaotic and unregulated development environments. Furthermore, companies can adapt lessons from DevOps, encompassing change management best practices, release orchestration, security governance, and continuous testing, and apply them to the realm of low-code and no-code. This strategic approach helps organizations steer clear of potential pitfalls and enables them to fully capitalize on the advantages offered by citizen developers.
BN: Are there safeguards that need to be in place to keep development professional?
WT: Yes, companies, both big and small, must be aware of the potential risks of relying on low-code, no-code platforms and react with necessary safeguards. Companies should implement change management best practices, release orchestration, security governance, and continuous testing to ensure that software and application development remains professional.
BN: Can these processes help to empower 'citizen developers'?
WT: Low-code, no-code platforms empower 'citizen developers' by providing a forum where individuals with minimal understanding or skills in software and/or application development can function. Using visual user interfaces and intuitive drag-and-drop tools, coupled with the right release orchestration practices allow a wider range of individuals to be developers and innovate quickly, but with the required guardrails of software being utilized via consumers or employees.
BN: How can you ensure business value from investment in these platforms?
WT: To maintain business value when investing in low-code, no-code platforms, companies not only need to implement the necessary guardrails that counteract potential security risks and delivery bottlenecks to understand vale of release quality, but companies should also utilizing planning tools that help align citizen developers portfolio & funding to business initiatives to ensure proper utilization of opex and capex expenditures. If program alignment or delivery guardrails are not in place, the reward of low-code, no-code cannot be fully accessed.
Image credit: SWKStock / Shutterstock