What are low-code and no-code solutions and what are their limits?

The low-code and the no-code market continue to grow and more and more companies are interested in it to overcome the shortage of technical skills associated with an ever-increasing demand for business applications. In a recent study, MarketsandMarkets predicts that the low-code/no-code market will reach $45.5 billion worldwide in 2025, compared to $27 billion in 2022 and just over $4 billion in 2017. That’s an annual growth of nearly 130%. According to Gartner, by 2024, 65% of applications created will be in no-code or low-code.

The rise of no-code technologies can be explained by the flexibility they provide to business teams, who are now able to create applications without any technical knowledge thanks to very visual parameterization interfaces. However, the integration of these solutions must be done in compliance with the IT strategy of organizations by integrating security and governance requirements.

Low-code vs No-code

To understand the genesis of “low-code” platforms, we have to go back to 1982 when James Martin, an information technology consultant, published his 15th book on the software industry, Application Development without Programmers. In the preface, he states: “The number of programmers available per computer is decreasing so rapidly that most computers of the future will have to be put to work at

The emergence of Low-Code Development Platforms (LCDP) will really take place in 2011 with the creation of platforms bringing together many programming concepts and automatic code generation to accelerate the design of applications by developers by reducing code writing to its minimum.

Low-code solutions are therefore aimed at developers who need to reduce the amount of code they write. The targeted users are therefore rather technical and the low-code solution will allow them to get rid of certain repetitive tasks that can be done in a semi-automated way in order to program more quickly.

The no-code solutions on the other hand allow any user, including business users, to create an application, without any line of code and especially, without having ad hoc skills in terms of development. The interfaces are very visual and allow you to make settings with a few clicks or simple drag and drop.

Of course, developers can also use no-code solutions to respond more quickly to business needs. Their work can thus be simplified thanks to the agility of no-code solutions and they can concentrate on more complex tasks or those with a strong impact on the IS and the business.

The arrival of these solutions has democratized access to certain technologies and has led to the emergence of a new approach to software development, “citizen development”, which allows users (most often business users) to create applications or programs without any knowledge of software development.

The simplified access to no-code applications by the business has accelerated their implementation, often outside the control of the IT department. The use of applications that have not been approved by IT, otherwise known as “Shadow IT”, is becoming more and more widespread in organizations and has even accelerated with the COVID crisis where many employees used their personal hardware and applications to share company data. Business users, not measuring the possible harmful consequences, only see it as a quick way to meet an operational need for the benefit of the company. Yet the risks are numerous and very real: data breaches, data leaks, non-compliance, confidentiality or rights management issues, creation of data silos, generation of protocol conflicts between applications, security breaches…

For the IT teams responsible for the security of the systems and the proper functioning of the IS, it is essential to have a global view of all the tools installed, the data flow as well as the accesses granted to the users in order to protect the organization from possible cyber-attacks.

The increase in the number of applications used in the company also induces more risks because each new application provider leads to new protocols, secure accesses to set up, rights to grant…

However, no-code and low-code solutions can also put the IT department back in control by offering them secure, turnkey solutions that are integrated into the IT system in line with the organization’s strategy. Business users can retain the agility granted by no-code solutions while keeping the IT department in the loop, which will give them the necessary level of visibility to guard against any risks to the organization.

The limits of “citizen development” and shadow IT

The simplified access to no-code applications by the business has accelerated their implementation, often outside the control of the IT department. The use of applications that have not been approved by IT, otherwise known as “Shadow IT”, is becoming more and more widespread in organizations and has even accelerated with the COVID crisis where many employees used their personal hardware and applications to share company data. Business users, not measuring the possible harmful consequences, only see it as a quick way to meet an operational need for the benefit of the company. Yet the risks are numerous and very real: data breaches, data leaks, non-compliance, confidentiality or rights management issues, creation of data silos, generation of protocol conflicts between applications, security breaches…

For the IT teams responsible for the security of the systems and the proper functioning of the IS, it is essential to have a global view of all the tools installed, the data flow as well as the accesses granted to the users in order to protect the organization from possible cyber-attacks.

The increase in the number of applications used in the company also induces more risks because each new application provider leads to new protocols, secure accesses to set up, rights to grant…

However, no-code and low-code solutions can also put the IT department back in control by offering them secure, turnkey solutions that are integrated into the IT system in line with the organization’s strategy. Business users can retain the agility granted by no-code solutions while keeping the IT department in the loop, which will give them the necessary level of visibility to guard against any risks to the organization.

Why adopt a low-code or no-code solution?

Today, a large number of companies are adopting Low/No-code solutions because of the shortage of developers and the challenges related to the skills that coding requires.

Indeed the needs are globally important, but during the last years, we can observe a lack of candidates with technical skills which leads companies to recruit developers abroad. Low/No-Code solutions allow companies with important and specific needs to be able to create business applications without the need to recruit developers and therefore to make substantial savings. This type of software frees organizations from the specific development and software maintenance procedures that are provided by the no-code editor.

Low-code/no-code applications also allow IT teams to respond in a very reactive way to the needs of even specific business users. The agility of these solutions generally allows to set up advanced applications in a few weeks. Most vendors offer solutions with native connectors and in compliance with security standards, in the cloud or on-premise mode, to guarantee the integrity of the information system. They are therefore a perfect response to the challenges of IT management in terms of security and governance.

One thing to keep in mind: some foreign editors offer solutions hosted in the United States, which are then subject to American legislation (Cloud Act and Patriot Act). These two federal laws authorize the judicial forces to consult and analyze your private data located on American servers without any limit and without obligation to inform you. American publishers are therefore obliged to comply with these laws with much less constraints than under European legislation. We have actually seen this in the way Facebook allowed Cambridge Analytica to access the data of 87 million users in 2015. If you are a French company looking for a secure solution, it will be wiser to turn to European publishers who are obliged to comply with EU regulations.