: Digitalization Driver Low-Code/No-Code: Opportunities and Risks

A shortage of skilled workers and limited availability of IT resources, rapid changes in environmental conditions for the industry: only those who can adapt their processes to a high degree and quickly or have adaptable production systems can survive in the face of current developments. One of the central keys to surviving in this new world is consistent digitalization. What sounds simple in theory turns out to be difficult for many companies in practice. The reason: the long history of ERP systems - and in some cases MES solutions - has resulted in highly functional but monolithic system environments.

Over many decades, almost every desired function has been integrated with their databases, resulting in unwieldy and complex systems that can be maintained and expanded almost exclusively by their manufacturers. Just like a digital reboot, this costs too much time and money.

However, this dilemma is not hopeless. For example, a new class of applications is now offering hope that existing solutions can be easily adapted or even expanded without the need for special coding skills:  Low-Code/No-Code platforms (Low Code Application Platform - LCAP). They enable users with the relevant domain knowledge of their industry or specific technologies to make adaptations without special training and with little effort. These users, also known as "citizen developers", can therefore close or reduce the gap between supply and demand for IT resources. Analysts therefore expect the proportion of such applications to grow rapidly.

At its core, the low/no-code approach follows the idea of making the standardized and possibly fine-grained access to the functionality of the business applications available as services - through additional abstraction with the help of LCAP or by the provider itself. There is now a whole range of platforms - most of which are cloud-based. At the same time, the modernization of ERP and MES platforms promotes the emergence of native tools without having to use an external platform. In almost all cases, the provided and reusable services form the basis. These include, for example, integrated workflow management systems or the simple compilation of process-oriented interfaces. The goals of almost all activities are to adapt and redesign processes or system-internal workflows or to recombine services in such a way that new functions are created.

A low/no-code application standardizes and simplifies the use of a wide variety of applications with different data structures and access mechanisms. The handling of the tools is often graphical or visual. One example of this are workflow design tools that access the provided and configured APIs (Application Programming Interface) in the background and enable the user to design the processes in the foreground (e.g. with Business Process Model and Notation, BPMN). They abstract both the selection of functions and their parameterization, which can be very easily assigned to the individual process steps thanks to model-driven development. The basic paradigm is: configuring instead of programming.

Adding functions to ERP and MES solutions without programming knowledge, modeling processes quickly and easily - child's play with low/no-code applications? Yes, but - is the answer. Because despite all the simplicity, it is still software development. Software has a life cycle from creation, publication and further development through to the deconstruction of solution components that are no longer necessary. Consequently, there are limits to the design. Companies need to be aware of this, as well as the risk of developing shadow IT. It therefore makes sense to establish application lifecycle management (ALM) in the short or long term. With its help and appropriate governance, this risk can at least be assessed, evaluated and reduced. After all, regardless of the application domain, the entire IT system must not be allowed to fail. An important lever for this is also to regulate access to the low/no-code tools.

Last but not least, companies must bear in mind that the use of platforms (LCAP) entails certain risks. As they want to make work as easy as possible for users, they have to provide many tools, e.g. for configuring the services, designing graphical interfaces and much more. Conversely, this means that some of the platforms themselves consist of complex source code. Software can in turn contain unsafe code per se and also influence the "core software" via abstraction by the LCAP. This makes effective test routines (SAST - Static Application Security Testing, DAST - Dynamic Application Security Testing) and close cooperation with the platform provider all the more important. Provision and operation as SaaS via cloud services require appropriate security controls and mechanisms.

One thing is certain: The digital transformation can be driven forward decisively by the coexistence of classic applications (ERP, MES, PLM, ...) and supplementary low/no-code applications. They can be used to meet the growing demand for application development, automation and integration despite a lack of IT resources.

Nevertheless, companies are well advised to keep an eye on the risks as well as the opportunities from the outset and to establish effective security strategies.