The most common problem with no and low code solutions is that they cannot produce the desired results long term. Businesses have different visions and missions. But, one thing is certain; they all want to grow, scale and expand. Will the low or no-code solution scale with you? How about software complexities? Who owns these codes? Does one need to be paying every month or year for it? There are several factors to consider when choosing a low code or no-code solution over custom software development. Some of them are:
Most low-code solutions have one default area where connections to data sources, SAAS and Cloud services, etc., are. This default environment makes them prone to defects, design flaws, and security vulnerabilities? On the other hand, no-code and low-code apps do not have their own identities. They make use of their owner's identity. By owners, I mean the owners of these solutions. While this may be an opportunity for someone to provide identity service to low and no-code solutions, unfortunately, almost all no and low code apps use their user credentials, so there is no need for an identity service. This means that when a user gains access to a low-code or no-code app, it also gains access to its underlying credentials. This is a perfect way to break authorization boundaries and access some pages or resources only admins should have access to with or without a user credential. The vulnerability allows attackers to modify their privileges too.
No code and low code solutions largely revolve around drag and drop features and automation, moving data from point A to B, and connecting third-party tools and processes. This creates room for the movement of data to places not authorized or moved to unauthorized services (i.e., shadow IT).
Software built on top of low-code and no-code solutions have 0 control over its authentication because it was built on top of another software critical business data. Toggling a tab right or left does not mean you are in control because connections to data sources are defined by no-code and low-code owners. Besides, not all people behind low-code and no-code solutions are experts in their field. Some are citizen developers and simple tasks may switch them back to using HTTP rather than HTTPS, create weak encryption ciphers, etc. So, what next option do we have?