The recent push of AI into today’s ERP systems has seen a resurgence in the old debate about the risk in employing low-code and no-code solutions. With the rise of citizen developers, enterprises saw a quick fix for the tech skills gap. But as the years have seen more disparate and unsupervised apps created by citizen devs using low code, there has been greater cause for concern on the governance, risk, and compliance (GRC) front.
With artificial intelligence in the mix, organizations find a new worry with more citizen developers able to generate code on the fly, thus meaning more apps can come through on open source and application marketplaces. That AI manipulation, alongside the general nature of low-and no-code development, can allow for digital transformation by easier means. So where can today’s enterprises find a comfortable middle-ground between citizen empowerment and enterprise security?
In a search for answers, this summer saw ERP Today visit the London offices of Mendix, a low-code platform and SAP partner headquartered in Boston, USA. Simon Black, the company’s director of evangelist programs, was on-hand to show a demo of how Mendix works via a deck featuring fictitious companies, his own laptop adorned with the logos of said imaginary brands.
For Black, the key to stopping app development from getting out of hand for very much existent businesses is offering “a single platform that encompasses the full-life cycle software development, through to an adoption methodology that helps [developers] build their first applications and scale their adoption and use.”
“Because if you try to run before you walk, you’re going to make a mess, right?” as he reminds ERP Today.
The full-life cycle as he discusses relies on an end-to-end journey using two cycles. First is a portfolio cycle to understand what type of use cases are out there in an organization, and what value they bring.
Secondly, the app cycle involves looking at how the wider organization is working with the IT side when it comes to development.
“This ensures they’re building together and throughout they need to have a governance and security model across it to make sure at each of these stages that [devs] are working on the right things.”
Black notes many security officers want to ensure risk is mitigated as much as possible in terms of security and the users and operations working with and around applications. On a micro level, this is helped by pipeline tools which, among other things, mitigate the risk of deployment and manage how apps are composed.
Sonaca and security
One Mendix customer who can talk to governance on the citizen developer front is aerospace company Sonaca. Yassine Bouyaqba, IT applications manager at Sonaca, tells ERP Today that its architects had to “define a smart landscape that enables collaboration within the group while being compliant with authorities, customers and internal IS policies.”
The freedom offered by low code means Sonaca can create their own app templates, and reusable components enable its devs to create new low-code applications with “the reassurance that our design, security, and quality standards are being met at the onset of every new project.”
Depending on the supported business process and data sensitivity, Sonaca deploys Mendix on their private cloud or on-premise environments, explains Bouyaqba. Having multi-cloud options, he says, is “critical for Sonaca’s ability to scale the impact of a low-code platform at a global level.”
“Today in Belgium, half of Sonaca’s Mendix applications are deployed in Azure, and half are on-premise. The team is already scaling out their work to the US, where they will need to deploy on-premise as they are dealing with regulated data.”
Touching on Black’s purview of the app cycle, Bouyaqba confirms using Mendix “enables meaningful communication with business stakeholders throughout the software development lifecycle”.
“This is critical given the nature of Sonaca’s work and industry, and it allows us to deliver on the objective of keeping the core clean while delivering bespoke digital solutions that our employees need to do their work more effectively,” Bouyaqba adds.
Clean core and low code
The notion of a clean core ties back to keeping an up-to-date system on the latest release of SAP’s cloud ERP, something which both relies on and also helps ensure robust governance. Back in the Mendix offices, chief growth officer Nick Ford says the company’s “world is very much about that clean core.”
“To keep the core clean has become incredibly important. We’ve had a long relationship with SAP [and] most of the companies that run Mendix have a SAP instance”.
Ford notes that keeping a clean core is easier said than done, and as such what companies really want is to try and get started on their journeys of change with SAP using low-code to plug the skills gap during transformation.
“What we’re trying to encourage is to get started with a platform to build those systems of differentiation and innovation.”
Again, the innovation inherent to low code remains a tantalizing proposition to enterprises – but it doesn’t necessarily have to come at huge risk to an organization as long as the right safeguards and foundation are in place.
“Low-code can greatly accelerate an organization’s ability to digitize, but without the right foundation in place, you will be limited in your ability to scale,” as Sonaca’s Bouyaqba succinctly puts it.