Categories
Blog

Accelerate your Digital Experience Platform Journey with Low-Code

Forrester finds that, in 2020, over 27% of organizations improved their customer experience (CX) index scores, a big number compared to the few who were making progress in the years before.

“To emerge successfully from this global crisis, brands must build experiences that help them engage with their customers at an emotional level,” wrote Forrester SVP, Sharyn Leaver.

So, how do enterprises engage customers at an emotional level when the predominant
channel of interaction is now digital?

By delivering insights-driven, personalized, contextual, end-to-end digital customer experiences anytime, anywhere, across channels and devices.

To achieve this, at accelerated time-to-value and scale, enterprises need a springboard: A Digital Experience Platform.

Gartner defines a Digital Experience Platform (DXP), as an integrated set of technologies, based on a common platform, that provides a broad range of audiences with consistent, secure, and personalized access to information and applications across many digital touchpoints.

At WaveMaker, we visualize it in three layers:

  • Foundational Business Engine
  • Digital Engagement Hub, which brings together APIs from the business engine
  • Customer Experience Suite, which is the UX layer, made up of apps
Digital Experience Platform

Most enterprises have the business engine and the digital engagement hub, even if some of them might be legacy software. However, the digital customer experience layer needs to respond to rapidly evolving needs, offering opportunities for experimentation and rapid implementation. It is here that low-code can help. Here’s how.

Transforming applications to a customer-oriented approach

In most industries, IT is designed around the organizational structure, not customer needs. For instance, the technology architecture of a retail organization is driven by the supply chain — divided into inventory, point of sale, customer relationship management, e-commerce, etc. So, if a customer wants to check on the company’s website whether a product is available in their nearby store, it would be next to impossible because the e-commerce engine doesn’t speak to the inventory management system.

A digital experience platform can enable enterprises to address such use cases without elaborate investments in product development. When the business engine is built on customer-oriented architecture, deploying applications as microservices, loosely coupled, and API-driven with functional encapsulation, the low-code customer experience suite empowers you to drag and drop any combination of features and functionalities to create a new app. It effortlessly abstracts the various business engines to create apps with little manual programming.

Leveraging data for personalized digital experience

No customer wants to search and scroll endlessly on their shopping app to find the product they want. Nor do they want to manually drag and drop features into their interface to personalize it themselves. They want personalized experiences that are meaningful, engaging, and, most importantly, efficient.

A digital experience platform can leverage advanced analytics to deliver that. The low-code customer experience suite can form the abstraction over the analytics engine to bring together user, interaction, and business data to create a 360-degree view of the customer. It can enable dynamic user experiences, ensuring continuity of customer relationships, displaying cross-sell/up-sell opportunities contextually.

Delivering omnichannel engagement

In the era of ‘hand-off’ between devices, customers demand a smooth omnichannel experience from enterprises. For instance, an e-commerce customer today wants to add items to their cart from any device, anywhere, anytime, and purchase them all together when they’re ready.

Digital experience platforms are built to enable this seamlessly. By integrating various digital business engines, the low-code customer experience suite allows you to build omnichannel customer journeys — effortlessly moving from one channel to another, ensuring continuity of engagement across devices.

Enabling dynamic content delivery

Traditional applications are optimized for short-term transactions, while digital experience platforms are built to create long-term customer value. For instance, an e-commerce application is typically built around capabilities like search and checkout, focussing on the efficiency of shopping. But customers today are seeking more engagement. Perhaps why social commerce — blending of social media like Instagram and shopping — is gaining popularity, as it stresses the ‘experience’ of shopping.

The digital customer experience suite enables enterprises, especially in industries like banking, media, retail, or fashion to design websites, portals, apps, etc. to deliver personalized, contextual, relevant, and timely content to improve stickiness and loyalty.

Ensuring end-to-end digital service

Today, saying “you need to come to the store to get this done” is a sure-shot way of losing a customer, especially given that the cost of switching to a new provider is the lowest it has ever been. However, traditional shelf-ware is heavily restrictive in the functionalities they can offer.

Digital experience platforms enable you to deliver end-to-end digital service. With the customer engagement suite, enterprises can:

  • Build and deploy new applications quickly for customers
  • Enable dashboards with predictive analytics for employees
  • Create chatbots to automate answers to common concerns
  • Automate data collection in the form of feedback through email, SMS, or app notifications
  • Streamline product and business innovation based on customer behavior and preferences

In 2018, PwC found 32% of customers say they would stop doing business with a brand after one bad experience, even if they had loved it before. On the other hand, customers are willing to pay a 7-16% price premium for a good experience. This becomes even more telling in the post-pandemic era.

Today, just offering a digital avenue isn’t enough. The digital channel(s) is the storefront, relationship manager, customer service, marketing, sales, product catalog — all rolled into one. The true success of a digital channel is in dynamically adapting to customer needs. A digital experience platform helps you achieve that.

With a robust low-code customer experience suite built with WaveMaker, you can accelerate your digital experience platform journey significantly. Its ability to provide features such as a composable architecture, scalability, cloud-native capabilities, customizability, repeatability and security strengths enable your application teams to create differentiated experiences at a fraction of the time and cost.

To see how low-code can accelerate your digital platform journey, try a demo of WaveMaker today.

Categories
Blog

Applying a ‘security mindset’ while using low-code

Authored by Gopi Mishra, Principal Architect – Development, WaveMaker, Inc

Enterprises are increasingly using ‘Direct-to-Consumer’ digital initiatives. They are parallelly digitizing their internal processes with increased velocity. These changes bring with them a tide of security threats. From insider threats to exposed marketplaces, there is always a security hazard lurking around the corner–one that can assume mammoth proportions if security doesn’t become an ingrained part of application development. In fact, according to a report by cyber security firm ‘Checkpoint‘, cyberattacks on organizations worldwide jumped by 29% during the first half of 2021 as compared to the same period in the previous year.

So if an enterprise is adopting the web, mobile, and cloud, and directly selling to the consumer, it would be paramount that the IT team prioritizes the security of its product, and most importantly ingrain the best practices of weaving security into the development process.

Who better to don the mantle of defense than the ‘developer’? After all, when it comes to the security of an application, ‘developers’ are the first line of defense!

Defense-In-Depth

A ‘Defense-In-Depth’ approach to security for applications is a layered approach to security. What it essentially means, is that developers should take necessary action to mitigate security risks at every layer, be it the front-end (client), middle-tier, database services, or even the network layer. To do that, developers need to collaborate with various stakeholders: customers, DevOps teams, IT-networking, and the security teams handling the necessary infrastructure.

A developer has to have the same approach while developing secure applications using a low-code platform. WaveMaker comes fortified with SAST tested auto-generated code that is VeracodeTM verified. While developers working with WaveMaker can rest assured of the inherent security of the platform, there are a few best practices that a one can follow while using WaveMaker low-code to develop secure applications.

Embed security using WaveMaker

Developers need to think about security primarily in three areas: Data, Business Logic, and Coding. Data in itself could be static or could be in transmission. Depending on its state, the developer needs to keep an eye out for the following checkpoints:

secure applications using Low code

Data at Rest:

  • Ensure that no personally identifiable information is stored at the client-side (in-cache of web application or in device storage of a mobile application)
  • For mobile applications, store relevant and critical information in secure elements
  • Avoid storing information such as service credentials and connection strings in an accessible file. If stored, ensure that there is a proper authentication and authorization mechanism in place to access these files
  • If possible, use rooted/jailbreaking detection for mobile apps.
    Cordova provides plugins for the same. This can be added to the application by importing the plugin to the application. Plugins can be imported as described here.
secure applications using Low code

Data in Motion:

Secure data in motion from being intercepted

  • Use HTTPS for all calls between the client and the server-side
  • Use TLSv1.2
  • Ensure that the data between client and server-side is encrypted
  • Use updated security certificates that have the latest and secure cipher algorithms
  • Ensure validity of certificates. In case, certificate pinning is used on mobile applications ensure that certificates are renewed before expiry and app uploaded to app/play store to avoid apps breaking in production
  • Protect API calls with authentication
  • Do not include PII data as a part of a GET call
secure applications using Low code

Business Logic:

  • Use multi-factor authentication
  • Have a password policy and validation
  • Include input validation as a part of data length, type, and white-listed characters
  • Do not include passwords as a part of the ‘Remember Me’ functionality
  • Do not provide the reason for the failure of authentication in event of a validation failure
secure applications using Low code

Coding Best practices :

  • Do not log sensitive information like passwords
  • Include all loggings as a part of the ‘isDebugEnabled’ flag so that they can be disabled in the production
  • If ‘Request’ and ‘Response’ are logged or can be logged in debug mode then create filters for sensitive data
  • Use the latest versions of third-party plugins that are imported into the application
  • Use the latest SDKs/APIs that are tested against vulnerabilities
  • Flush out session data during logout
  • Error stack trace should not have sensitive information. It is always advisable to add custom messages as error messages rather than simply passing or printing the error stack trace which may have application class/file names or sensitive data.
  • WaveMaker is VeracodeTM certified and the auto-generated code is protected against OWASP Top 10 security risks. However, while designing an application the developer should keep these risks in mind and design the application to safeguard it against them (For a greater list of guidelines, follow this OWASP cheat sheet]
  • When using WaveMaker low-code platform, ensure that VeracodeTM-like scans are performed for both JavaScript and Java code

Security is an inarguable conclusion

While security best practices can help developers immensely, what is more important, is that they develop a ‘security mindset’. Security must be a priority and not an afterthought. While developing applications using ‘Agile Practices’, security should be a criterion in the ‘Definition of Done’ of user stories. Bigger pieces should be taken up as enabler stories. Regular penetration tests should be performed early in the development stage and should be a part of every sprint release. A security loophole caught early in the game will alleviate future pain points, bring down costs and reduce technical debt.

Being secure is not an option, it is an inarguable conclusion. Developers with a finer sense of security will hold this as their mantra.

Author’s Bio

Gopi is a software architect with over 15 years of experience in the financial tech and IT domain including 9 years he spent on mastering mobile architecture design. He presently leads a team of low-code developers and mentors them about best practices in software development. In his free time, he loves to read non-fiction, watch history channels or binge-watch movies.
Write to Gopi Mishra at info@wavemaker.com

secure applications using Low code