LW: It’s easy to imagine that, in 2021, low-code platforms are only available as cloud-hosted, multitenant SaaS offerings, and you’re at the mercy of the vendor’s infrastructure choices. It’s still very possible, though, to use Enterprise-scoped low-code platforms that can be deployed and secured according to corporate preferences, which could be on-premises data centers, cloud-hosted Infrastructure as a Service (IaaS), or a hybrid of both. You can find options that give you the control you need.
As for security, maturity matters. If a low-code platform assumes that applications are simple one-and-done efforts, they’re likely also leaving security to individual application builders, who have to figure out what they should restrict. When that happens, your application is only as secure as its developer. Mature low-code platforms, in contrast, build security into the platform so application builders can rely on it without having to think through security issues with each new low-code application they build. And they default to zero privileges and add them on an as-needed basis. They consider not just who’ll build low-code applications, but who’ll deliver and manage them, too; building an application is only about 10% of the total amount of effort needed to deliver and support it.
You can evaluate a platform and pretty quickly assess its design DNA; whether it’s built for an individual citizen developer, an IT department, outside consultants, etc. When its target audience includes IT, you’ll see security, rights management, and data access requirements being addressed from the outset. Our solution, for example, is in use by financial institutions that operate on the sensitive customer data, and in regions of the globe with strict privacy laws. Its continued growth might be the best testament toward our low-code platform’s commitment to security.