The Myth of Low-Code 1: Security
The most common fears that discourage organizations from adopting low-code are inflexibility, vendor lock-in, security, scalability, and career impact. In this article, I will talk about each fear that discourage organizations from adopting low-code, and why they should not be feared.
In the state of application development survey 2018, fifteen percent of responders who were not currently using or planning to use low-code blamed fear of insecurity as a reason.
These days are good days for cybersecurity job vacancies, because the industry is asking more demand than the university offer. We can see gap here. The smarter with Gartner website, stated that the solution of this cybersecurity shortage is to “automate the boring parts,” such as manual log reviews, so skilled team members can use their time on value-adding activities.
How automation should aid security? Automation in the software development production line can deliver the following kinds of security benefits:
- Clear assignment and segregation of duties for those involved in the DevOps process
- Production of secure code patterns that protect applications from common web and mobile application vulnerabilities and automatic update of such patterns when new threats emerge
- Proactive alerts to potential security issues so insecure code doesn’t get deployed
- Integration with static code analysis tools to allow automatic code vulnerability scans during testing
- Proven, easy-to-reuse templates for identity management and support for leading single sign-on protocols and identity providers
- Enforcement of HTTPS/SSL encryption for native mobile applications and web applications
- Secure application deployment
- Complete logging and auditing of both development and runtime environments
IT pros seems not trust low-code easily. How can “fast and easy” be as good as code? Developers fear low-code because it’s not a code. How can amateur developers be trusted to create and deploy secure apps? If you thought low-code was aimed purely at non-professional developers, that’s another myth that needs busting.
Low-code platforms for AD&D target professional development groups with rich tooling and promises of high scale. Low-code platforms for business developers target nontraditional developers with simple tooling and more modest scale. OutSystems significantly speeds up application delivery because of the security automation capabilities built into the platform.