One organization using a low-code platform is British insurance company Liverpool Victoria. Rod Willmott, the company's Fast Track Innovation director, says his staff use the Mendix development platform to start projects that would otherwise never get on to the company's strategic agenda.
"This is important for applications when you don't know what the business outcome will be," he says. "In a world of slow, expensive development, these rapid platforms allow you to shorten the front end so you can get something on the table, tune it and get experience with it."
As an example, Willmott mentions a long mooted broker portal. Wilmott wasn't sure exactly what features it should have had, he says -- and he knew it would have "cost a fortune" using conventional development methods. Using Mendix, though, the company produced something that worked in just 15 days.
"We showed it off to brokers. They said, 'If it could have these extra features, it would be much better.' We were then able to go back and incorporate these suggestions," Wilmott says. Applications such as this are built by teams of six to 10 people, he adds, of whom only two are actual developers.
With Precautions, Low-code Development Can Be Sophisticated
An obvious question to ask is how far low-code platforms can be pushed. How sophisticated or complex can the applications developed on these platforms be?
Wilmott's experience with Mendix suggests they are surprisingly powerful. "We have done some relatively technical things quite easily, like producing an application for validating bank accounts," he says. "The logic behind the application is horrible. You would be mad to try and load that into code, but we wrote the app in Mendix in just a couple of days."
A potential problem with applications that can be built very rapidly is that they risk causing serious security or compliance problems -- especially customer-facing apps that use customer data. That's the view of Stephen Hendrick, a principal analyst at Enterprise Strategy Group.
"There should certainly be security and lifecycle concerns. If you're building something disposable or tactical, you may not choose to be as rigorous with security or lifecycle as you should be," he says. "There are potential compliance problems too, as you may not have adequate governance. If your applications are accessed by external users, then, really, you're creating a potential security vulnerability."
Liverpool Victoria's Rod Wilmott says his organization ensures that all customer-facing applications accessing customer data are subjected to security checks, such as external penetration testing, whether they've been built using Mendix or developed more conventionally in .NET or Java.
For him, the key benefit of low-code platforms is a way out of that Catch-22, allowing applications under development to be iterated to incorporate user feedback in record time.
Sign up for CIO Asia eNewsletters.