Low-code/no-code (LC/NC) development platforms and LC/NC development facilities within business applications are becoming increasingly common. This means that enterprise developers are able to build applications quickly and easily using drag-and-drop functionality in visual development environments, often with the help of AI, instead of writing code line by line.

However, it also means that business analysts, office administrators, small business owners, and others within the business – so called “citizen developers” who are not professional software developers – can also build and test applications with little on no knowledge of software design, programming languages, software testing, and security.

This growth of LC/NC software development is being driven by the worldwide lack of software developers and the drive by the business to cut costs and speed up software development projects to meet business needs quickly.

The benefits are obvious: LC/NC platforms speed up the development and delivery of applications, which helps organizations to keep up with business needs, and employee and customer expectations and demands. LC/NC capabilities also mean that professional software developers can spend more time on more challenging activities, while people within the business who understand the business and the business needs are able to create applications that help them to do their jobs without having to rely on IT professionals.

However, there are several challenges related to LC/NC platforms that organizations need to be aware of and plan accordingly to avoid problems further down the line. One of the biggest challenges is that there is no visibility or oversight of the data being used, generated, or shared by the applications that employees are building, which can have serious consequences in terms of security and privacy compliance.

Another big challenge is that although there is a growing number of LC/NC solutions available, the market is relatively immature and there is a wide range of different solutions being sold under the “LC/NC” label.

“This makes finding the right tool for a specific use very difficult and, of course, only further increases the danger of Shadow IT,” says Alexei Balaganski, Lead analyst at KuppingerCole.

It is therefore important for organizations to find the right tool and ensure that they are able to maintain visibility and oversight of all the development happening within the organization, by both professional and citizen developers, to ensure that LC/NC solutions deliver all the benefits without the potential downsides.

Having an uncontrolled zoo of low-code tools in an organization is just as dangerous as letting your employees use unsanctioned cloud services

— Alexei Balaganski, Lead analyst at KuppingerCole

Because we understand how important resiliency is and because we are committed to helping your business succeed, KuppingerCole has a great deal of content in a variety of formats available. 


For the most lively content relating to this topic, listen to Alexei Balaganski’s latest analyst chat [REPEAT LINK FROM ABOVE] or an earlier discussion in which he focuses on the citizen developer and discusses the potential risks of letting business users create their own applications without proper governance and security, in an episode entitled: Meet the Citizen Developer. Alexei also touches on the topic briefly in his discussion on Post-SolarWinds Software Security Strategies.

Another analyst chat, with senior analyst Paul Fisher, also touches on the topic of the citizen developer in the wider discussion about The 2021 Trends in DevOps and Security.


If you would prefer to read more on the topic, have a look at Alexei’s blog post in which he argues that Low-Code Should Not Be Low-Effort for Vendors and at Principal Analyst Martin Kuppinger’s blog post entitled: Where Workflows, Service Management, Digital Identities, and Work From Home Meet, in which he discusses the citizen developer in the context of IT Service Management. And to find out about Microsoft’s focus on low-code tools, look at Senior Analyst Warwick Ashford’s blog post on The New Normal Post Covid-19.


LC/NC tools and platforms are of increasing relevance in the context of API Management, IT Service Management, and Business Intelligence platforms. For more detail on how these tools are being integrated in these areas, have a look at the Leadership Compass reports on API Management and Security and IT Service Management, and the Market Compass on Next-Generation Business Intelligence Platforms.


Few companies can afford the luxury of keeping all their data in a single type of data store. There are multiple reasons for this, including the fact that large businesses typically run a lot of different types of applications, ranging from large-scale enterprise business apps to tiny low-code projects.

All those apps rely on various types of general-purpose and specialized databases from different vendors running in different IT environments. This has security implications. To find out more about this topic and how to reduce risk, have a look at this Whitepaper on Why Your Organization Needs Data-centric Security.

Tech Investment

As already mentioned, choosing the right LC/NC tools is important, but can be challenging. For organizations considering investing in technology that include this functionality, have a look at the technology solutions we have evaluated: