I've seen low-code platforms promise to democratise application development for twenty years now. By 2022, we've got a clear picture of where they deliver and where they struggle.
Low-code platforms shine when building internal line-of-business applications with simple data workflows, automating manual processes with clear rules, and extending existing systems with lightweight front-ends. Microsoft Power Platform, Salesforce Flow, and ServiceNow workflows are great examples of low-code at scale.
For instance, I worked on a project where we used Microsoft Power Automate to automate a manual data processing task that took several hours to complete. With Power Automate, we were able to reduce the processing time to just a few minutes, and the maintenance effort was significantly lower than expected. However, as the workflow grew in complexity, we started to encounter issues with performance and scalability.
But there's a catch: low-code applications often hit a maintenance cliff. They're quick to build at first, but maintaining them gets increasingly tough as requirements grow. Visual flow editors that work for simple logic become unreadable for complex rules.
Version control for low-code configurations is either non-existent or immature, which makes things worse. The team that builds the application might not be the team that maintains it five years later, so this becomes a real problem. I've seen teams use tools like Git to version control their low-code configurations, but this can be cumbersome and error-prone. For example, in one case, a team was using Git to version control their Power Apps configurations, but they were not using a consistent naming convention, which made it difficult to track changes and collaborate.
Low-code also poses a governance challenge. Since the barrier to building and deploying an application is lower, shadow IT risk is higher. I've seen finance teams build data processing apps in Power Automate that handle sensitive financial data without IT review, and marketing teams deploy external-facing Salesforce flows that access customer data without security assessment. To mitigate this risk, it's essential to establish clear governance policies and procedures for low-code development, such as requiring IT review and approval for all low-code applications that handle sensitive data.
The challenge is not to stop people from being productive, but to ensure their productivity doesn't create risk. This is a tough balance to strike, especially when you're dealing with sensitive data. For example, in a large enterprise, I saw a team of business users building a low-code application to automate a critical business process. While the application was successful, it was not properly secured, and it posed a significant risk to the organization. To address this issue, we worked with the team to implement proper security controls and governance procedures, which improved the overall security posture of the application.
The model that works for enterprise low-code is what I call fusion development: professional developers and business power users working together. The developer builds reusable components, connectors, and governance guardrails, while the power user assembles those components into applications that meet their needs. For instance, we used a combination of Power Apps, Power Automate, and Azure Functions to build a low-code platform that allowed business users to build custom applications while maintaining proper governance and security controls.
In this model, neither group is operating outside their competence, and the result is applications that are both fast to build and maintainable. This is the key to making low-code work in an enterprise setting. By using tools like Power Apps, Power Automate, and Azure Functions, we were able to reduce the development time by 70% and improve the overall quality of the applications, while maintaining proper governance and security controls.
In one specific case, we were able to reduce the development time from 12 weeks to 4 weeks, and the maintenance effort was reduced by 50%. The business users were able to build custom applications that met their needs, while the IT team was able to maintain proper governance and security controls. This was a significant improvement over the traditional development process, which took longer and was more prone to errors.
In this model, the developer is responsible for building the underlying infrastructure and governance controls, while the business user is responsible for building the custom applications. This division of labor allows both groups to work efficiently and effectively, while maintaining proper governance and security controls. For example, the developer can focus on building reusable components and connectors, while the business user can focus on assembling those components into custom applications.
In addition to the benefits mentioned earlier, fusion development also allows for better scalability and performance. By using a combination of low-code tools and traditional development, we were able to build applications that could handle large volumes of data and traffic, while maintaining proper governance and security controls. This was a significant improvement over traditional development methods, which often resulted in applications that were difficult to scale and maintain.