Enterprises, on average, use about 1000 cloud apps, even though CIO think it’s only 30-40. As one can tell, the enterprise software landscape is complex. Organizations work with a wide range of applications that don’t speak to each other, look/work very unlike each other, often unable to even exist in the same tech environment.
This is especially true in the financial services industry, where banks and financial institutions are inching towards end-to-end digitization. COVID-19 has only hurried this digital transformation, forcing businesses to catch up or fall behind. In trying to balance the complexity and the hurry, organizations often lose out on building robust software.
While handling the minutiae, they forget the first principles.
In this article, we explore how low code can help financial software builders focus on first principles to create robust, integrable and sustainable applications for their customers.
Software first principles
If you are building an enterprise application today, it must be:
- Built on a modern microservices-based architecture
- Cloud-native, containerized and deployable across multi-cloud environments
- Device agnostic and omnichannel-ready
- Easily integrable with Open APIs
- Focussed on code security
How low code helps you focus on first principles
“I think [low-code platforms are] probably the most important technology tool that CIOs need to look at. We do not have enough staff and our staff who are strong at AppDev really need to focus on the customer-facing pieces that are going to move the needle”, says Issac Sacolick of StarCIO. The fundamental benefit of a low code framework is that it abstracts and automates the programming process to accelerate software development. In doing so, it helps you create applications that are consistent, integrable, sustainable and secure. Here’s how.
Low code opens doors to modern architecture
By 2022, 90% of all apps will feature microservices architectures that improve the ability to design, debug, update, and leverage third-party code.
Development teams across the globe understand the advantages of microservices-based architecture, and are adopting it rapidly. But, among traditional development teams, this can be a tedious process. Modernizing monolithic legacy software or building new microservices-based products involves not just changes to development processes, but also setting up DevOps teams, changes to organizational culture etc.
Low code systems can help leap past these obstacles. A robust low code platform can help professional developers build microservices-based applications at scale.
Low code enables reusability with components and prefabs
Developer time is wasted in repeatable processes. Be it basic UI templates or complex forms, tables and interactive charts, low code frameworks can help automate parts of development. In fact, you can also generate from your own data model, and navigate through data and their relationships right from the low code platform. This can come especially handy when ISVs need to rapidly customize their applications for each of their customers.
A low code platform can help accelerate development with out-of-the-box widgets, templates, prefabs and more.
Low code is prime for building cloud-native apps
A robust low code platform can take you beyond just ‘cloud-ready’ development. With zero DevOps, auto-generated APIs, auto-scaling, app-sizing, proactive monitoring etc. Cloud-native low code application development is now possible without a bastion of cloud experts on your team. It can also enable one-click deployment across multi-cloud or hybrid-cloud environments.
A low code platform can automate many of the development and operational aspects of building cloud-native apps.
Low code accelerates the development of omnichannel apps
Omni-channel customers spend an average of 4% more each time in the store and 10% more online than single-channel customers.
Financial software builders face pressure to build apps that offer a consistent and seamless omnichannel experience. Customers want to access information, make transactions, raise requests and speak to agents across their online banking, mobile banking and in-person channels. They want to have a continuous and engaged experience across them all.
To achieve this, traditional app development teams have a multi-functional team of mobile developers, web developers and core application developers replicating the application for each channel. Low code tools eliminate the need for this, and create responsive applications by default. They also have built-in components and widgets that facilitate seamless engagement across channels.
By automating the adaptability and responsiveness of your app, low code platforms accelerate superior omnichannel experiences, without corresponding investments.
Low code platforms build integrable apps
Low code abstracts a set of complex processes to accelerate development. APIs are an important part of that. They enable applications to access and consume vast amounts of data from multiple sources. They also integrate across upstream and downstream layers to connect information and application components. For instance, API helps banks or financial institutions to enable their services or share transaction data to a third party like Google Pay. It provides the flexibility of communication between two parties, increases workflow efficiency, enables real-time data sharing, and improves customer experience.
A low code platform can help financial software builders make apps with composable APIs from underlying services and entities.
Low code helps build secure applications from the start
The auto-generation of code in low code tools brings with it security measures built-in at all application layers. With a good low code platform, you can configure compliance levels, customize authentication and authorization, and even enable platform-driven automatic upgrades free from security vulnerabilities.
For instance, code generated by WaveMaker, our low code platform, is open standards-based. The platform enables secure coding practices making apps hardened for penetration testing and enterprise-grade security. Given that it’s also ‘Veracode™ Verified’, WaveMaker drastically reduces the time developers spend in rounding off security for their apps. This verification covers third-party open-source libraries you use to generate code and all vulnerability checks listed in the CVE library. In all, it significantly de-risks application teams from compliance and security issues, without compromising on speed of delivery.
A low code platform enables organizations to incorporate security at every stage of application development.
Choosing the right low-code platform for building
If you’re an independent software vendor developing software for the financial services industry, a robust low code platform can accelerate your product development, and enable rapid customizations at scale. To gain maximum leverage from your low code platform, make sure they empower you to focus on first principles.
- Ensure that your platform is attuned to building cloud-ready apps. Look for a platform that can automate containerization, enable DevOps and ease cloud deployments.
- Check the API capabilities of the low code platform. Make sure it can enable integrations that are closer to business functions, giving standardized access to org data and services.
- Try the reusable components.
- Understand the limitations of the reusable components and prefabs included in the platform.
- Check if compliant third-party components can be integrated.
- Ensure you can create customized components and make them reusable within your organization.
- Verify security standards. Test the credibility of the product by checking for industry-standard certifications. Look for the protocols that govern authentication, authorization, protection against the 10 OWASP vulnerabilities etc.
For all these and more, consider WaveMaker.
By Vikram Srivats, Vice President, WaveMaker
So far, the low-code bastion has been mostly custom applications (built by “citizen” developers) – which are, sort of, spectrally opposite to core software platforms built by professional coders.
The tide is now turning.
Software platforms, specifically in the banking world, are embracing – even infusing – low-code capabilities – either through build or buy (license, OEM) routes.
But first, the backdrop: It is no secret that banks – and all financial intermediaries in general – are rushing to digitally innovate their business and transform their technology. And we know that these interventions target both top and bottom-line impact, while purporting to deliver speed, agility and simplicity in operations. Add in a host of headwinds – pandemic induced credit losses, muted revenues in a low-interest environment, rise in challenger banks that are digital-only, and fintechs that threaten to drive new non-interest business models on a modern tech platform – and you have a real test of banks’ resilience over the next 4-5 years.
To make good on the digital innovation and technology transformation theme, banks must buy or build banking software (core and channel facing systems) based on 4 foundational pillars:
- API marketplaces – increasingly becoming the core of digital banks to expand the reach of their intellectual property, democratize access and cast a wide net.
- Cloud-native or Cloud-ready – designed or ported to the public Cloud; service mesh ready for hybrid or multi-Cloud environments.
- Component-based and customizable – address varied customer needs in an agile, low-cost and even self-serve manner.
- Enable ecosystems – for banks to stay relevant in the long run, embrace a world of co-opetition and lay the foundation for service offerings and business models that can drive new value.
With this backdrop, market-leading digital banking systems – cores and application portfolios – are increasingly turning to low-code capabilities (and third-party low-code platforms) as a significant intervention.
Here are 4 value plays that low-code drives for banking systems providers:
- Accelerate – using a homegrown or a third-party low-code platform, providers significantly accelerate the development of serious, Cloud-native modules, components and applications.
- Modernize – Leveraging an available API backplane, a low-code studio can generate consumer-grade, responsive front ends (UI/UX), enabling rapid modernization.
- Optimize – A low-code enabled (OEM version) or infused banking system allows banks themselves to configure, compose, extend or customize certain parts of a digital banking core or application portfolio – reducing/optimizing professional services effort from the provider and evolving the provider-client engagement to the next level.
- Proliferate – A custom low-code platform with industry-specific componentry can be offered as a layer in front of a banking API portfolio – to open up the ecosystem for the provider’s client and dramatically ease the process for third parties to use democratized assets to build a plethora of applications – very quickly.
In short, Low-Code + Banking Software = Results (digital innovation and tech transformation).
Temenos, a Swiss banking system provider, bought Kony (a digital banking SaaS company and a low-code platform vendor) for $600m in 2019. EdgeVerve, a wholly owned subsidiary of Infosys, a $14b IT consulting and services provider, has built-in low-code capability in its Finacle Digital Engagement Suite per leading analysts that profile digital banking systems. In mid-2020, new age composable banking platform provider, Mambu, partnered with Argentina-headquartered Veritran, an enterprise low-code platform provider, for the Latin America market.
Per Forrester, EdgeVerve and Temenos feature as Leaders in their Wave reports on digital banking platforms (processing and engagement) across 2019 and 2020. Mambu is a Challenger per Gartner’s Magic Quadrant for Retail Core Banking. Low-code capability infusion seems to be clearly correlated with leadership in the banking software domain. We should expect other leading players – TCS, Oracle, Finastra and FIS – to follow suit.
And future banking platforms with leaner digital cores will only serve to further drive the embedded adoption and proliferation of low-code capabilities – whether homegrown or licensed as OEM from third party low-code platform providers.
A recent McKinsey report on the banking industry points out that the COVID-19 pandemic will cause $3.7 trillion of revenues – more than half of the total financial intermediation industry revenues – to be foregone and never come back. In that same scenario, return on equity would fall from 8.9% in 2019 to 1.5% in 2021, with North America bottoming out at -1.1%.
It is not all doom and gloom though.
The report points out that there is a hopeful picture – if banks do the hard work on productivity and capital management, their ROE can return to pre-pandemic levels by 2024.
What has all this got to do with low-code development?
(Hint: low-code => high productivity)
2024 awaits the resilient and transformed banking industry.
To futher explore banking solutions by WaveMaker, please visit:
Or, start a conversation with our expert consultants for solutions to your unique requirements.
Originally published in Finextra
“One in four retail branches to close in Europe,” predicted a study mid-last year. This comes as no surprise, given the number of challengers that core banking systems of traditional banks face today. For instance, neobanks — mobile-centric retail banks, often without physical branches — have tripled in number in the last three years. Over 30 neobanks went live in the middle of a global pandemic, including niche ones like Daylight, a US bank for LGBT+ members. This isn’t euro-centric either; there is a significant boom in digital banking across Asia and Africa too.
As the pandemic forces customers to do as much interaction as possible online, “70% of account openings, deposits, consumer loans, and credit card applications will happen remotely over the next three years.” Enabling digital experiences of existing offerings is only one part of the story. To truly emerge successful in the 21st century, banks and financial institutions also need to devise innovative new offerings for the digital world.
More importantly, this needs to be rapid, agile, adaptable, and scalable. It is here that low code software development will play a crucial role.
What low code can do for banking and financial services
#1 Build new apps swiftly
Low code accelerates the app development journey significantly, often by over 50%, while also reducing costs proportionately. This can be game-changing for banks and financial institutions that wish to offer innovative services to their customers.
Whether you need an app that lets users buy cryptocurrency or simply complete their Know Your Customer (KYC) compliance remotely, a financial services and banking low code platform can help you develop and deploy it within weeks, if not days! In fact, that’s what a Fortune 100 insurance company did with WaveMaker. They used the WaveMaker platform to swiftly develop innovative applications, with 80% less coding than traditional development would have needed, and without any additional investment in skilled resources.
Low code achieves this with:
- Framework-driven approach: Component-based UI, prefabs, and repeatable templates ensure consistency, even at scale.
- Seamless integration: APIs, connectors and CI/CD integrations enable new and existing applications to work together effectively.
- Democratizing development: Low code eliminates the need for specialists, be it in design, development or DevOps; and saves businesses from outsourcing innovation/differentiated offerings.
#2 Modernize existing apps or refresh UI
One of the biggest costs associated with application development tends to be technical debt.
With rapid advancement in technology, banks and financial institutions are expected to deliver a sleek and enjoyable experience for the end user, forcing them to regularly modernize their applications. They must do this without compromise on the complex and highly secure backend technology that powers it.
A low code platform can help banks achieve this, while also minimizing technical debt in the long term. It does so with:
- Cloud-native technology: Session-less architecture, decoupled front-end and back-end layers, and configuration-driven models make it easier to modernize legacy systems in small parts, without disrupting the business.
- Performance and scalability focus: Auto-containerization, microservices architecture, and optimization for code assets boost application performance, bringing legacy apps to modern standards.
- Adaptable integrations: SOAP and Java-based connectors offer custom integrations, that facilitate applications being modernized to function effectively with existing practices.
- Reusable UI: Once designed, low code allows users to reuse UI elements such as layouts, widgets, navigation, styles, etc., enabling consistent experience and performance across the board.
#3 Offer limitless personalizations
Studies show that “80% of consumers are more likely to make a purchase when brands offer personalized experiences.” The risk of not personalizing is high too: Gartner found that brands risk losing 38% of customers to poor personalization efforts.
Enabling unique, personalized digital experiences for customers will differentiate leaders from the laggards. Same goes for the various B2B customers of independent software vendors (ISVs) in the banking industry for core banking sofware.
Low code can make such personalization for the financial services industry not only possible, but also scalable and effective. For instance, a 65-year old, California-based credit scoring and financial data analysis company personalized the lending experience for over 1,500+ banks with WaveMaker. Low code powers this with:
- Powerful customization capabilities: Low code vs. traditional development isn’t an either/or equation. A open standards-based low code platform not only enables customizations, it also allows the application to accommodate developer-written code for complex functions.
- End-user personalization: ISVs building financial platforms can offer their end-users (Banks) personalized user experiences based on markets, geographies, languages, accessibility needs, etc. with low code development.
#4 White label low code for custom solutions
Not all banks and financial institutions have the luxury of large in-house technology teams to build their applications. Several specialized ISVs who develop apps exclusively for the banking and financial services industry, are in need of efficient ways to build and reuse application components.
It is here that white-labeling of low code platforms like WaveMaker can help. Low code platforms can be customized for different user personas and can help by:
- Empowering citizen developers: With drag-and-drop functions to build complex enterprise applications, business users can also contribute, without knowing to code.
- Building differentiated applications: Templates, prefabs and reusable components ensure that the basic functionality exists, for developers to only work on personalization and feature extensions.
As we speak today, the financial services industry is going through a sea change. From being a supporting function, IT today shapes business models, operations and even service delivery entirely. And as PWC recommends, simplifying legacy systems, taking SaaS beyond cloud based core banking, adopting robotics/AI, and preparing enterprise architecture to connect to anything — from enterprise databases and big data to IoT — will become top priority for global players in the financial services industry.
Low code can offer the speed, flexibility, and customizability needed to create personalized banking experiences for customers.
In 2020, Forrester had predicted that 50% of developers will use a low-code product. And then the pandemic happened. Instead of derailing the prediction — like the pandemic did for most trends of last year — it accelerated it. So much so that Forrester predicts that the “accelerated adoption of low-code platforms will change how teams organize.”
Today, low-code is no longer one of the many tools that help development, but a strategic initiative that fundamentally shapes the way software delivery will happen. Enterprises already understand this. For independent software vendors (ISVs) though, this can be a different ball game.
Why were ISVs resistant to low code
As a ‘software company’, most ISVs pride themselves on having excellent developers, building products that are robust, customizable, secure and scalable. For long, low-code development was seen as a means for citizen developers or business users to build prototypes, which then the ‘real developers’ built by hand. With reason.
Most low-code development platforms available today can not handle complex business logic or application requirements.
What low code can do for ISVs in 2021
If there is one change that 2020 has brought to the world, it’s the widespread acceptance of remote work. For employees to work remotely, enterprise software needs to work remotely as well. This shift to the cloud, and perhaps a SaaS model, requires ISVs to rapidly modernize their software. Low-code can enable that.
#1 Fuel rapid application modernization
Low code can make software development faster by 10 times, as compared to traditional methods. Features like reusable elements, drag-and-drop and process modelling let individual developers or small teams release in days or weeks! Pair it with an agile-DevOps process, and it can modernize legacy applications to support enterprise needs of the future, without any disruption to current paying customers.
With low code:
- Existing teams need no reskilling. Developers and even business teams can be onboarded quickly and can use the product effectively.
- Existing processes are not disrupted. A low code platform like WaveMaker integrates with existing processes to enable modernization.
#2 Enable scale without compromise on customization
ISVs often maintain multiple implementations of their products for each customer. Even when on cloud, modernizing applications across these implementations — and their customizations — can be a complex endeavor.
Low-code platforms like WaveMaker leverage component-based models and micro-services with session-less architecture to build large, customizable applications at scale. With simple API integrations, ISVs can also ensure their applications work seamlessly with a wide range of other software that the client uses.
With low code:
- ISVs get complete ownership of code that the platform generates. Any edits / customizations needed can be handled effortlessly.
- Development teams get to choose and maintain their coding infrastructure.
- There is no runtime dependency.
#3 Save costs
The biggest advantage of low code development is that it doesn’t require ‘specialists’ for every function. A lean team of professionals can use low code to build or modernize an entire application. With powerful abstractions over technical programming, low code platforms can empower development teams, making it easier for non-specialists, junior programmers and even citizen developers to build software.
Low code reduces expenses both for the ISV and their end customers. It also frees ISVs from the expense of regular maintenance, while reducing development costs multi-fold.
With low code:
- Dev teams can generate and maintain open standards based code, without needing specialists for each function.
- The consistency of code generated ensures longer usability and easier maintainability.
WaveMaker for ISVs
Unlike most low code platforms, WaveMaker is built to handle extreme customization, enterprise-grade security and scale, all of which are essential for ISVs.
- Open-standards based code uses popular frameworks like Angular, Spring, Hibernate, Cordova, etc. to help modernize apps without full scale development.
- WaveMaker’s Java-based platform ensures rapid development, easy integration, responsive design and scalable architecture.
- It combines micro-services with session-less architecture and auto-generated REST API to build customizable cloud-native apps.
- It keeps data secure with RBAC and protection against Top 10 OWASP vulnerabilities.
In the journey of digital transformation, the path to modernization could be a challenging one. When faced with technology modernization, dealing with legacy systems such as 5250-based, green screen applications, tightly coupled business logic, monolithic code base structures and limited knowledge of the application architecture, what choice do you have? You take a look at what’s trending in the market. You observe that there is an increase in the spending on low code technology (to the tune of $21.2 billion by 2022). Consequently, you decide to get on the bandwagon.
You choose a low code platform and begin the process of modernizing your applications. Fast forward a few months and you realize that the easy to use, drag-and-drop feature is great to build a prototype but the platform falls short in etching out the intricacies of a serious enterprise application. You also realize that when you want to scale up and build more applications and increase the number of users there is an additional cost. Added to that you have runtime dependency and added cost of deployment on infra of your choice. These among many other challenges edge you towards a reality check and it makes you wonder whether, in the urgency to modernize and be competitive, was the low code platform a right choice?
Every enterprise is keen to ride the low code wave, and in line with the modernization narrative, they should. The challenge arises when low code is adopted without learning about the ‘nuts and bolts’ of the platform and understanding how it fits their requirements. This is when a reality check occurs, when there is a glaring gap between expectations and reality. More often than not, the reality of technology modernization and digital transformation is different from what is expected. It’s a fact that while companies have reportedly spent $1.2 trillion on digital transformation in 2019, analysis indicates that just 1% of these efforts would actually achieve or exceed expectations.
Expectation Vs. Reality. Bridging the Gap When Adopting Low Code
Assume nothing. Know what to expect to mitigate reality checks
Before adopting low code, it is important to take into account the expectations and requirements of different stakeholders. CIOs, CTOs, Application and IT Leaders expect that an investment in a low code platform must speed up time to market of application development and delivery, reduce operational costs, address the skills gap, bridge silos between users, developers and IT teams, ensure scalability, and promote growth. IT teams expect low code platforms to take the pressure off by enabling business-users build their own applications with minimal IT support, thereby giving them the bandwidth to innovate. Developers are a league of their own, and assume that they “tell” the platform what the application should be. Professional development teams expect low code platforms to automate time-consuming and mundane tasks of code generation, so that they can focus on developing application features that will provide differentiation and improve user / customer experience.
Taking into consideration these different expectations, let’s take a look at some of the assumptions that create the gap between expectations and reality, and what can be done to reduce it.
Assumption 1: The platform is built for enterprise-grade application development
- Expectation – You assume or expect that all low code platforms are designed for professional developers. That the low code platform has the technology stack and architecture to help development teams build complex, enterprise-grade applications.
- Reality – Not all low code platforms support professional application development. Most platforms are designed for citizen developers or business users who typically build prototype or shadow IT apps using template-driven UI.
- What could be done to reduce the gap – Take into consideration the technology stack offered and the platform architecture to understand if it can support serious, enterprise-grade application development.
Assumption 2: Low code will replace coding
- Expectation – With the promise of a WYSIWYG development environment and visual drag-and-drop application development, you expect that by using a low code platform it will replace manual coding.
- Reality – Complex, enterprise grade applications usually have intricate business logic. Building a rich application often requires developers to go native and there is a certain degree of manual coding needed to give attention to details of the application.
- What could be done to reduce the gap – Low code application is not about replacing manual coding it is about optimizing the time of developers. When adopting a low code platform, you need to maintain a balance between low code and high code. In this way you can shorten the time frame of time-intensive tasks such as testing and allow developers to focus on other intricacies of application development.
Assumption 3: The platform generates quality code and testing is not required
- Expectation – You assume that as the code is auto-generated and not manual there would be a lesser chance of errors. You may also expect that the low code platform generates quality code and has built in security and testing features therefore applications built would function successfully.
- Reality – Some applications built using low code fail to perform, owing to several reasons, from coding or business logic errors, integration issues, to security threats.
- What could be done to reduce the gap – While the promise of low code is to build applications that would be functional and secure, you need to have a testing strategy in place. You need to ensure the platform has features across the development lifecycle to test applications for functionality and security. This would reduce the level of risk associated with implementation failures and security threats.
Assumption 4: The platform is scalable and supports increasing growth
- Expectation – You assume that you can easily scale up to build unlimited number of apps and support an increasing number of users at no additional costs.
- Reality – When the time comes to build more applications, increase the number of users, or move to another development environment, you realize many low code platforms have an additional cost involved and do not have the capabilities for scaling up.
- What could be done to reduce the gap – It is important to assess if the platform provides dev-time and run-time scalability and consider if the licensing model of the low code platform fits your scalability needs. While there are platforms where you need to pay to increase the number of users or applications you can develop, there are pricing models where you can choose to pay per developer. Therefore, identify your scalability needs first to make sure the licensing model is suitable.
Assumption 5: You are not locked in to the platform and can customize applications after migration
- Expectation – In a situation when you need to migrate to another platform, you assume that the low-code provider can provide the assurance you will be able to generate the code and recompile applications.
- Reality – While your application may run, do you know if you can make changes to the code or are you locked in to the platform? Is the code readable to customize applications? In situations of migration, generated code is usually algorithmically accurate, although the code is not readable by humans, making it difficult for developers to make any meaningful code modifications required.
- What could be done to reduce the gap – Given the significant impact of applications on operations, anyone using a low code platform must check and test the code generated. Make sure the code generated is syntax-agnostic and that the code is readable and customizable which are important factors in long-term maintenance of applications.
Assumption 6: There is no runtime dependency and you are free to deploy on infra of your choice without separate cost for deployment.
- Expectation – You expect end-to-end freedom in using the platform, from application development to deployment. You assume there is no runtime dependence and that you can deploy applications on infrastructure of choice, from containers, virtual machines to on-premise infrastructure.
- Reality – While application development is free, many low code platforms have a separate cost for deployment and use in-house runtime engines. The applications built on the platform are deployed on select clouds and in their environments, making it a challenge to gain ownership of code and rebuild applications.
- What could be done to reduce the gap – To minimize operational cost, ensure the low code platform has an open-source runtime engine, one that gives access to the runtime libraries used and allows developers to customize applications without being locked-in to the platform.
Assumption 7: Underestimating the complexity of managing APIs during integration
- Expectation – During the integration process, you expect the platform to provide developers with a visual approach to embed data elements directly into the application, connect to data sources, and even allow them to configure business logic and design data models inside the application.
- Reality – This would probably work fine if your application is integrating with only a few other systems. The challenge arises, when you have to integrate more than a dozen systems and manage APIs.
- What could be done to reduce the gap – When you have to integrate several systems, it is best not to underestimate the complexity in managing APIs. What you need to understand is the type of documentation that the low code provider offers and how it would enable managing APIs in the long run.
Modernization, as a part of digital transformation, is an intensive affair. Through 2021, Gartner predicts that digital transformation projects, by large and traditional enterprises, will take twice as long and at double the cost than anticipated. On the other hand, smaller and agile enterprises will be more successful in implanting modernization and digital transformation initiatives. Regardless of this factual prediction, enterprises, large and small alike, can still gain leverage by adopting emerging technology solutions, such as low code. Solutions that constantly evolve, adapt to the challenges of technology modernization and make the journey of digital transformation smooth sailing and successful.
Modern enterprise application needs have become intricate. They demand application development and deployment to be cloud-native, agile, scalable, and secure. The app ecosystem has become intertwined, and enterprise applications have become complex beasts, built on monolithic systems. The transformation continues. Modern application development is becoming more agile and scalable and deployment of applications on the cloud is increasing. Application architecture is transforming from monolithic to microservice-oriented architecture. Developers and IT Ops are collaborating giving rise to the culture of DevOps. With the increasing pressure on high performance, DevOps teams are urged to use more sophisticated technology and techniques.
Besides achieving agility and scalability, DevOps teams are also entrusted with achieving application security goals. App Security has become a high priority goal and a shared responsibility. It’s reflected in Gartner’s “Magic Quadrant for Application Security Testing, 2020” report, there’s a 50% increase in the number of end-user and client conversations about AST (Application Security Testing) tools and DevSecOps in 2020.
To embed application security across the development cycle requires various levels of automation testing and setting up of configurations at different stages of the application development and deployment process. What development teams are doing is that they are using container technology and microservices to “pull security” early into the DevOps process. In addition to application security, another trend highlighted in Gartner’s report is the increasing attention (of 65%) on container security.
While many enterprises are already running cloud-native, microservices-based, containerized applications in production, there are several challenges; from technology immaturity, a steep learning curve, to the lack of operational expertise and know-how. What’s taking precedence today in high-performance development teams is the left-shift application security earlier in the stages of development.
“Shift Left” App Security – The Guiding Force Behind High Performance Development Teams
App Security has become a business imperative. In the Forrester’s Report on “The Top Security Technology Trends To Watch, 2020”, integration of application security tools with CI/CD pipeline is a major priority in 2020. Application security has become the primary focus of high-performance DevOps teams and by “left-shift application security” parameters, security is a shared responsibility and is being implemented by developers. Moreover, with the rise of DevSecOps the silos of application and infrastructure security are being bridged.
AppSec – The Primary Focus of DevOps in a Containerized Environment
DevOps teams not only have to mitigate operational issues related to performance, integrity, availability of containers in production environments, they also need to ensure security is embedded early in the DevOps process. With greater urgency to automate application security testing (AST) in the DevOps process, the attention of DevOps teams needs to be directed towards the integration of the CI/CD toolchain with application security tools such as software composition analysis (SCA), static application security testing (SAST), and container security.
When embracing the DevOps culture and migrating applications to the cloud in a containerized environment, security must be embedded across the development lifecycle. To ensure compliance of performance and resiliency, the focus needs to shift to service-level and container-specific monitoring. DevOps teams need to monitor applications within containers and across containers at a service-level. “Pulling in” application security earlier into the development lifecycle would form the beginning of what is called DevSecOps.
DevSecOps – Breaking the Silo of Application and Infrastructure Security
The ‘mantra’ of DevSecOps is “shift left”, encouraging developers to move security from the right end of the development and delivery process to the left end (beginning). True to its abbreviation, DevSecOps – development, security, and operations – ensures the integration of security is automated across the lifecycle, from application design, testing, deployment, and delivery.
With the essence of DevSecOps being “software, safer, sooner”, it enables seamless integration of application and infrastructure security with the DevOps process. By allowing developers to address application security issues earlier before the application goes into production, it makes security issues easier to fix without disrupting the development cycle. Breaking the security silo, DevSecOps makes security a shared responsibility of IT Ops, security, and development teams.
Integrating security and testing across the development lifecycle may seem like a daunting challenge. However, there are emerging technology and tools available to ensure security is pulled in early enough. Low code platforms give enterprises the leverage to embedded security when developing cloud-native applications, managing containers, and adopting microservices-based architecture. To implement the practice of DevSecOps, low code gives the opportunity to address and improve application security across the development lifecycle.
The Window of Opportunity – How Low Code Enables Enterprises to “Shift Left” Application Security
Low code platforms help enterprises by integrating application-level, security features such as authorization, authentication, auditability, certification, performance monitoring, and security architecture, across the application development lifecycle. By automating application-level security features, low code platforms ensure robust authorization and authentication systems that have built-in encryption and provide XSS and CSRF configurations to address security threats and vulnerabilities. To help developers configure security features when building applications, low code platforms provide fine-grained controls, built-in encryption options, comprehensive authentication and authorization processes, OWASP compliance support, and data protection.
While application development and deployment processes are transforming so is application architecture, which is moving from monolithic legacy systems to microservices-based architecture. With microservices, there are many hands-on the deck. Enterprise applications are made into smaller components and many developers are working on different functionalities at various stages of the development cycle. At this time, when application architecture is transforming, security goals remain unchanged. In fact, the demands for application security are heightened and they need to be imbibed in the development process. Low code platforms support microservices-based architecture and enable the “left-shift application security” of security parameters by allowing developers to configure security protocols, set privileges, and automate testing before the application goes into production. Moreover, as enterprises leverage next-generation app delivery tools such as container technology, low code platforms help to embrace containerization at scale without disruption in existing processes and without requiring the reskilling of existing resources.
Low code’s promise is that of “Zero Complexity” DevOps Automation. It ensures minimal disruption of existing development teams, enables on-premise and cloud deployments seamlessly, automates CI/CD processes, saves on security infrastructure costs, and enables DevOps teams to focus on core application needs.
If you think the “left-shift application security” principle of pulling security earlier into the DevOps process may slow down the speed of development, think again. It shouldn’t be a trade-off to choose between accelerating application development and managing application security threats and fixing failures. Achieving time-to-market delivery and security goals can be simultaneously achieved if you manage the DevOps process using emerging application development and deployment tools. The window of opportunity here is to streamline processes, using a sophisticated technology stack, and utilizing next-gen technology that low code offers to nurture AppSec innovation across the development cycle.
By Vikram Srivats, Vice President, WaveMaker
Ensuring a successful climb out to a digital paradigm without running the gauntlet of costly delays.
The Covid-19 crisis is shifting profit pools – according to McKinsey1, the gap in economic profit between the top corporate performers and everyone else has widened dramatically. And the numbers are staggering – the top quintile of companies grew its market-implied annual economic profit by $335 billion, while the bottom quintile companies lost $303 billion, over a period from December 2018 to May 2020. Clearly, this is becoming somewhat of a winners-take-all scenario.
With acceleration of trends (e-commerce, remote work, digital) driven by the pandemic, specifically for companies with middling performance, this is a call to action to build resilient, future-ready business and operating models. And many of them are doing exactly that. During a recent quarterly earnings call, Microsoft CEO Satya Nadella said, “We’ve seen two years’ worth of digital transformation in two months.”
By now, almost every corporation gets all this.
But how do they ensure a successful climb out to a digital paradigm without running the gauntlet of costly delays and embarrassing failures that plagued many earlier corporate digital plans in fairer weather?
Beyond an array of best practices (reducing silos, no-BS decision-making, talent redeployment, shifting operations and multiplying productivity), low-code based software development has the broad capability to mitigate potential risks associated with wholesale digital transformations in these uncertain times.
First, a quick primer on low-code/no-code. Simply put, it is a visual development approach to automating software development that involves little to no hand-coding, significantly speeding up applications coming to life. With growing demand for new applications, modernizing existing/legacy applications and new platform development – and not as many software developers to go around, low-code development has gained steam over the last few years. Gartner predicts that low-code application development platforms will be responsible for more than 65 percent of all app dev activity by 2024, while Forrester expects the low-code market to represent $21B in spending by 2022. Major technology players including Salesforce, Microsoft, Google, Oracle, Amazon, Pega and ServiceNow have joined the low-code/no-code bandwagon, with deployed platforms and tools as part of their larger product portfolios
What are the risks?
But what specific risks does low-code development help navigate and mitigate?
Here are 6 clear examples:
Complexity risk – With a visual, low-code paradigm, enterprises and software providers can take quick, bite-sized chunks out of the business complexity due to Covid-19. Low-code simplifies and democratizes collaborative application development to support new workflows, increased tracking, additional procedures, shifting ways of doing business and increased overall administration – to tackle needs of remote workforces, supply chains and customers.
Schedule risk – The stakes for hitting a schedule target have never been so high. Burdening your IT with demands for critical applications, and gathering a full stack team to hand-code applications that may take weeks to deploy no longer remains a sustainable approach. Companies can instead use low-code acceleration to minimize impact from the invariable bumps (scope creep as an example) in any project, besides pandemic induced inefficiencies (lumpy productivity of 100 percent remote teams).
Budget risk – The mantra of doing more with less – specifically, more applications with less budget – is what low-code development delivers at its core. According to Gartner2, worldwide IT spending will decline by 7.3 percent this year, compared with a rise of 1 percent it calculated for 2019. Against this backdrop, low-code is exactly what the doctor ordered for companies that are making do with fractional budgets and increased oversight on spending during these times when budget overruns may be considered heresy.
Technical risk – Enterprise architecture teams no longer have the luxury of doing a double take with technology choices if their initial choices do not scale, are not secure, or simply don’t offer a solid runway from the current to the proposed future. When it comes to building enterprise applications, creating extensible frameworks goes a long way in coping with changing business needs, adding new capabilities and re-using frameworks for future initiatives. Best-in-class low-code platforms are built around modern web architectural choices and enterprise best practices, are based on open standards, generate real code that can be exported and extended, offer enterprise-class security options, and seamlessly blend-in with testing and deployment practices. Corporations using such low-code platforms have the peace of mind that they will get it right – the first time.
Talent risk – While the pandemic has disrupted the livelihoods of millions of working professionals and increased talent pools, hiring the right tech and software development talent at the right time, at an affordable price and ensuring they are productive – remains a monumental challenge. Bridging skill gaps of existing talent to scale to modern web and mobile development is not trivial either. Low-code platforms do the heavy-lifting of software development, mitigating the need for learning coding skills in a language and eliminating the need for multiple specialist roles (UI, database, backend, deployment). Low-code powered teams are inherently lean, modern-skilled, agile, full-stack development teams.
Market risk – The ultimate test of organizations wanting to climb steeply during Covid-19 is how they weather unanticipated market risks at different altitudes. With order of magnitude productivity gains, low-code powered business and software development teams quickly and nimbly dodge external risks, prototyping and producing critical-to-business applications at a pace that is near-impossible with traditional development. What it brings to the table is a quick, flexible, scalable and cost-effective approach, to accelerate development of business-critical applications and to modernize existing applications and legacy systems.
In a way, enterprise grade low-code platforms were built for this moment – helping professional developers effortlessly switch to a low-code way of churning out applications in high-rate-of-climb digital projects. And helping them succeed without compromising logical granularity, pixel-perfect UI or enterprise scale and security standards.
Covid-19 may well be a temporary phase in our collective history books a few decades down the line, but this may go down as the era in which low-code development became mainstream – and a basic checkbox for corporations in a high digital attitude climb out to navigate a plethora of risks and join the winners circle.
Originally published in ITProPortal
Worldwide IT spending has been substantial in the last few decades. While these legacy systems are robust, the challenge is in maintaining them and making them relevant to evolving business environments. Especially in 2020, where the priority of investment in technology is more focused on cost optimization and operations. In such times, how do you modernize and extend the capabilities of existing legacy systems?
How do you transform IT infrastructure, cost effectively?
The technology modernization journey is one that demands agility, mobility, and scalability. Given these primary business drivers and with initiatives driven by growth and transformation, there is an increase in IT spending, especially on public cloud services. The revenues from worldwide public cloud services market according to IDC totalled $233.4 billion in 2019, and the IT spending on cloud infrastructure is forecasted by Gartner to grow by 19% in 2020. What makes investment in cloud services promising is that it offers cost optimization, operational resilience and business agility.
The public cloud services market includes Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS). Cloud application development and deployment services is a sub segment of this market, referred to as Application Platform-as-a-Service (aPaaS).
The Potential of Cloud Application Development Platforms
A promising proposition in the technology modernization journey
Let’s take a look at the core advantages of cloud application development platforms and how they offer cost optimization, collaboration, flexibility to utilize resources optimally, mobility, and accessibility to the latest technology and software.
- Reduce costs and optimize computing resources – By using cloud application platforms, you do not need to invest in physical infrastructure such as servers and data centres. With the access to on-demand services and resources, you not only save millions you also reduce the risk associated with dependency on traditional computing resources.
- Support collaboration and reduce time-to-market – Different stakeholders working on application development projects, from the developers, designers, testing experts, to the client, can collaborate using a cloud application platform. This real-time collaboration and sharing of content and components, reduces iterations, improves application development and shortens the time-to-market.
- Utilize resources on-demand and customize requirements – In a conventional IT investment plan, there are resources that would stay idle during off-peak periods. Cloud application platforms allow for utilization of resources optimally, on-demand. During peak times, you can customize your capacity and cloud requirements, thereby saving on investment in resources, such as servers and storage equipment, which could be under-utilized during low demand periods.
- Enable mobility and access to services on-the-go – Mobility is an important aspect of modernization. Users want access anywhere, everywhere, on all devices. Using cloud platforms, you provide your users with access to applications on several devices including their mobile phones and even using a web browser. As the platform is linked to databases and integrated with APIs, users can access services across devices at any time, giving them the mobility to function on-the-go.
- Gain access to the latest technology and get a competitive edge – Cloud application platforms also gives you access to the latest technology and trends. Something you would have found difficult to achieve in a conventional IT system setup. By leveraging the latest technology in the market, you can increase your potential to gain a competitive edge.
Time-Sensitive and Cost-Conscious Demands of Enterprise Application Development
The potential of cloud-based, low code platforms
In the high-speed journey of modernization, enterprise application development projects have become time-sensitive and cost-conscious. Cloud-based, low code platforms address both these demands. Not only do they help you to develop applications with speed, they also enable you to utilize resources optimally, reduce development cycles, improve time-to-market rates and lower costs.
A cloud-based, low code platform, could typically be considered as a Containerized Cloud, one which comprises many instances. An instance here can be compared to host computers which do more than just storing and managing data. In a work space instance, users can develop apps independently and they each get a container which isolates their workspace from the other users. In an app deployment instance, when apps are deployed in the cloud, a separate container is allocated for each app, thereby ensuring apps are deployed independent of each other. In a platform, multiple internal services are managed and run using separate Docker Containers and they can talk to each other with REST services. Platform containers orchestrate and direct the Docker engine to perform operations such as starting or stopping a user container.
Rather than relying on expensive, one-time, customized solutions, low code platforms offer the flexibility to customize, collaborate, integrate, and deploy according to your changing requirements. The important features of low code platforms include drag-and-drop visual development, ease of integration, multi-device support, extensive customization, granular security, app containerization using Docker technology, and instant one-click deployment to private and public clouds. It’s these features of low code platforms that make them a necessary investment to address the demands of modernization in this cloud-enabled environment.
If you are reading this, you are probably in the phase of considering a low code platform or you are already using a low code platform to address your application development needs.
The pace of change in technology adoption is leading to an increasing demand for cloud-ready, enterprise-grade applications. There is a sense of urgency to develop and deliver applications with speed. Application development cycles have reduced from weeks or months to days. While the promise of low code platforms is to accelerate application development with ease, not all platforms would be suited to your business requirements, scalability and application development strategies.
Despite the pressure, it’s time to pause and take stock of your existing systems and resources to identify how you can adopt technology meaningfully. Understand your business needs, your existing systems and processes, and the skillsets of available resources. To leverage the power low code has to offer, you should take the time to evaluate and choose a platform that suits your enterprise needs.
Over the years, as low code providers, we have come across some insightful questions from customers before they decided to partner with us. To understand the evaluation parameters when assessing a low code vendor, this Webinar by Deepak Anupalli, Co-Founder and Head of Product Engineering at WaveMaker will help.
Let’s take a look at six critical questions every enterprise must ask their low code vendors:
1. Is the platform purpose-built for developers? Is it easy to use and learn to build web UI or mobile applications?
- Keep in mind who will be using the low code platform. Identify the type and skillsets of your developers.
- Consider the capabilities the platform offers, because it should appeal to professional developers and empower them to do more.
- Get to know what type of technology stack the platform has and if you need to reskill your existing development team.
Ideally, the low code platform should give your developers the bandwidth to focus on innovation, and the complex and critical functions that would make the application rich.
2. Does the platform support a ‘real code-behind’ strategy? Is the code generated readable and modifiable? Does it allow for interoperability of code changes across IDEs? Customization is a key aspect when developing enterprise apps with real world applications.
- You need to know if the low code platform generates code that can be customized, modified and integrated across development environments.
- Also consider whether the technology stack and architecture of the low code platform supports compliance requirements and existing business components. This will ensure that the applications built are according to compliance and security requirements before they are released.
- You also must assess whether the platform supports an open standards-based technology stack, because then you can use the capabilities of mature software tools and proprietary code without having to reskill or disrupt the use of existing tools.
Like Deepak said, “You don’t have to reinvent the wheel. A low code platform that supports an open standards-based technology stack gives you the right level of maturity of software that has taken years to perfect. It also gives developers access to open standards libraries and open source frameworks like Angular, Spring or Hibernate. In this way you don’t have to reinvent the wheel in using a completely different type of software when you can get access to the same kind of capabilities by leveraging an open-standards based technology stack.”
3. Does the platform help to build scalable applications to cater to larger user base or growing use cases? No application can be scalable right away. Application scalability is deep rooted into the architecture and technology used by the platform. In terms of scaling applications, modern applications use microservices-based architecture instead of monolithic architecture.
- First, identify your scalability requirements. Are you going to increase the scope of application to include new use cases? Do you aim to increase your user base? Do you want to scale horizontally and want your applications to be deployed onto a cloud infrastructure?
- Also get to know the architecture that the platform supports. This will help you to understand whether you can scale applications to a growing use case, larger user base or based on your data or user scalability requirements.
4. Does the platform have architectural best practices in place that include enterprise-grade security? Enterprise grade security has become a critical requirement. And one of the primary reasons for delay in application delivery is getting clearance for security compliance and governance rules.
- Make sure the platform has security as a feature that is deep rooted into all the layers of the application, from the database layer, APIs, to the front-end UI components.
- Also ensure the platform integrates with the identity management system in onboarding users and uses existing permissions for role-based information access and existing security infrastructure to secure applications.
5. Does using the platform minimize risk and maximize digital transformation efforts? One of the key aspects when using a low code platform is leveraging existing assets. To succeed in your modernization efforts, you cannot just replace existing technology, you need to integrate them with existing systems and create modern workflows and processes.
- Make sure the platform has built-in integration features that allows for integration with REST APIs and SOAP web services and existing systems.
- Also make sure the platform can generate all data structures and methods, and enable developers to manage integration and configurations without the need for them to write custom code.
- The platform must also democratize application development to enhance existing skills across teams, thereby minimizing risk and dependency on skills.
6. Is the pricing or licensing model scalable and affordable? There is a lot of confusion and complexity in understanding of licensing models of different platforms, especially when you want to build more applications.
- Identify the right pricing model and strategy that fits your needs, one that is not short-sighted. The licensing and pricing model should be affordable and scalable for your application use cases.
- The platform cost should not be disproportionate to your scalability needs. Whether you are building a complex application, increasing your user base or expanding your business use case.
Nothing holds truer today than the statement by Marc Andreessen that “software is eating the world”. In the last decade, software development has rapidly evolved and there is an increase in cloud and mobile adoption. The increasing change in pace at which software is getting delivered is faster than what enterprises and users can keep up with. Given this fact, it can only mean that it’s time to pause, assess and improve the technology you have to deliver more with less.
When assessing a low code vendor, to understand the evaluation parameters and find examples of how low code can deliver value, you can get a first-hand perspective in this Webinar by Deepak Anupalli, Co-Founder and Head of Product Engineering at WaveMaker.