The risks of developing in "no-code" tools

The demand for app development is growing so much that tools with low code usage or none (such as Amazon Honeycode) are multiplying. The promise of these tools to build a software solution by simply plugging in drag-and-drop visual elements sounds great, but what's behind this apparent flexibility?

We look at the potential threats to security, flexibility and compliance that using these tools can present to your business. Here's who should use these solutions, why they are not a replacement for code development, and how you might be able to use their potential in a way that is safe for your teams and the security of your sensitive data.

What is a no-code tool?

Low-code/no-code development platforms are types of visual software development environments that allow professional and empirical developers to drag and drop application components, link them, and create mobile or web applications based on it.

What risks do they pose to my company?

There are many ways in which empirical developers can expose a company to cyber risks. A common problem when employing these types of tools is that developers are generally weak on the shortest path. If they find an existing or open-source component as per their need, they will use it without thinking about it (and without detailing it) when developing an application.

The problem is that they choose these no-code/low-code applications without carefully checking the components they use as they are already configured and can be up and running in minutes. Another potential risk is the management, maintenance, and scaling of these applications, as well as the potential increase in infrastructure and storage costs associated with the increased development activity that these platforms enable.

Amazon Honey Code case

Amazon Honey Code is a recent app template-oriented platform that works by dragging and dropping visual elements for software development. Its simple interface and low learning curve are appealing to professional and empirical developers around the world.

However, development industry leaders agree that in no way is this tool a substitute for using code and it will never become one. According to Jason Wong, research vice president at Gartner: "The tool is very lightweight and will not replace custom solutions that companies build."

In conclusion

This type of low/no code tools represent a risk if implemented on a large scale or for robust corporate projects. Our recommendation is that they should only be implemented by expert developers to automate simple tasks or to complement a simple requirement, as well as for programming students or MVPs (minimum viable products) development enthusiasts to test simple functionalities. Under no circumstances should these types of tools be considered for the development of finished products or solutions that handle corporate databases.

If you have an idea in mind about digital transformation or web/software development for your company and you are concerned about its correct development and adequate security, we invite you to know our portfolio of solutions here. Our agile teams and technology experts will guide you through the best way to realize the idea in an effective, safe and responsible way.