Skip to main content

State privacy laws are nearing compliance deadlines amid a nationwide IT shortage. Low-code can help

woman coding on a laptop
(Image credit: Shutterstock)

The labor market can’t keep up with the demand for software development, and trends are only getting worse. The US Department of Labor recently announced that more than 1.5 million IT and software developer positions will remain unfilled nationwide by year’s end. 

At the same time, deadlines for privacy compliance like the California Privacy Rights Act (CPRA) are looming, which can require system updates and create significant technical debt. These two factors combined are stretching the resources of companies big and small, public and private, alike. To cope, low-code has emerged as a way to make the infrastructure and application changes required for compliance with minimal IT resource investment.

Privacy and security needs are driving an IT crisis

The heavy dual lifts of security and compliance place major demands on internal developer teams. Meeting high user expectations and achieving compatibility across devices can be challenging enough. However, companies must also ensure that their technology is compliant with the varying regulatory structures based on where employees and customers are when accessing the systems. 

The European Union, for example, has much stricter data protection laws than the U.S. does. Suppose an EU citizen is taking a business trip out of the Schengen Zone to Moscow, or a Florida citizen is catching a flight to Los Angeles (now subject to the California Consumer Privacy Act). In that case, the app on their phone or program on their work laptop needs to suddenly comply with the local security and consumer protection parameters — ideally without interrupting the user experience in any significant way. 

This is far from the only app security quandary companies face. Most employers moved to fully remote work in 2020 due to Covid-19. How do you ensure network security, adequate authentication, and protection of client information when half of your workforce is telecommuting from their breakfast nook on a weakly protected home Wi-Fi network? 

Finally, in the wake of the passage of the CPRA and laws like it, organizations must scramble to erase previous customer data that violates new consumer protection and privacy laws. Companies are stuck with a Catch-22 — to honor consumer requests to erase data, they need to adequately verify the consumer’s identity. But to do that, they need to collect and process additional personal data.

This sort of technological agility is difficult even for a company that employs a robust in-house IT department to attain, let alone one with long-open roles for new software developers.

What is low-code?

Low-code is a new way to build software that uses simple visual composition instead of complex coding. Low-code’s popularity surged in 2020 when companies needed a way to adapt quickly to change. Low-code has two primary characteristics. First, it’s fast. It allows you to create apps by drawing a workflow diagram. So it’s quick to build, and quick to change, supercharging agile development processes. Second, it’s unified. It enables you to include any worker (people, bots, AI, business rules) or any resource (data and system) into a single workflow. Forrester says 75 percent of development shops will be using low-code platforms by year’s end, because low-code can be used to quickly automate virtually any enterprise business process, including data privacy and security processes. 

With low-code, professional developers spend less time on low-value coding tasks so they can focus their unique skills on higher-level issues. It’s a more efficient way to deploy comprehensive software without needing engineers to program every pixel.

A talent funnel gone dry.

Computer science and software engineers are graduating at a slower rate than there are new positions hitting the market, not to mention existing openings. Both Gartner and Forbes rate an IT talent shortage as one of the top five liabilities facing businesses in the next five years. And the U.S. is far from alone. 

Globally, the picture is even direr. The Nordic countries and Israel are already in the midst of a precipitous IT shortage. While these trends may not strike fear into the hearts of CEOs who don’t consider their organization a “tech” company, even “traditional” companies that don’t prioritize robust IT in their daily operations face catastrophic risks — just look at recent headlines. Some estimates have the IT shortage representing a revenue loss of over one trillion dollars for private enterprises across the world. Software developers are a finite resource, and companies worldwide are staring down the barrel of a profound personnel shortage. So, how do they solve a staffing problem when more people can’t be the answer?

Where low-code comes into play

Low-code turns the typical software development model on its ear. Where a company’s internal developer team might start with a specific set of deliverables for an app and try to tack on a bunch of app security armor and UX adjustments after it’s built, a low-code design starts with first principles of security and user-friendliness. The foundation for secure, compliant platforms for employees and customers is already built-in. Plus, low-code platforms are versatile enough to accomplish whatever the company needs them to do when put to use. 

How low-code design works

Low-code can supplement or even supplant a traditional IT department in a market where there aren’t enough software developers to go around. But the benefits go beyond resolving staffing shortages — low-code can be a far more efficient solution for safeguarding consumer data while relieving businesses from cumbersome cross-border interstate or international regulatory compliance. Here’s how:

Where security is concerned, companies that produce low-code platforms design the foundational software to meet the specifications of leading cybersecurity frameworks like those of the National Institute of Standards and Technology and Payment Card Industry Data Security Standard.

They then bake in access controls and authentication requirements, in addition to systems communication protection. Low-code producers have external tools to run static code and security analysis on every piece to provide fully compliant security features as table stakes. 

Lastly, the low-code platform is exposed to external audits. Rather, they hire hackers to expose any weaknesses and then develop contingencies in their software blocks. 

Low-code platforms also have flexibility built-in, which makes it easier to adapt to the changing requirements across different platforms and locales. A couple of common features include:

As new browsers and mobile devices come to market, low-code applications adapt to these new technologies without expensive rework.

Low-code tools also provide a secure infrastructure to deliver applications that are able to handle today’s and adapt to future security concerns.

These “out-of-the-box” benefits allow organizations to quickly build and update software with market-leading security features, minus the need to hire an expensive fleet of engineers.

Low-code in the present and future

A secure future for U.S. and International businesses will likely require the use of low-code platforms. Cybersecurity and data sovereignty concerns are only growing, and, no matter the incentives for new developers, companies cannot invest fast enough to meet the coming wave of software developer demand. 

Trends like remote work and the desire for secure, user-accessible applications won’t go away. That leaves businesses with a limited set of tools in the toolbox, one of which — low-code — saves significant resources by reusing best-in-class code instead of trying to string together an in-house solution on a budget. And, as so many organizations have learned the hard way, an under-developed solution often results in a massive data breach or an inadvertent violation of consumer protection laws. 

That’s the stick, here’s the carrot: Low-code can significantly speed up app development and rollout for companies trying to quickly and safely improve client experience and ease of use. Having a dedicated low-code platform and support team frees businesses to focus on their core functions instead of security and data protocols. 

The advent of low-code development doesn’t mean that data breaches will never occur. But, businesses with a low-code solution can access accelerated resolution of data breach investigations and “right to erasure” requests. The prospective benefits of low-code are dependent on a given company’s unique set of needs. The risks of doing nothing while waiting for IT staffing shortages to resolve, however, are all too evident.

Malcolm Ross, VP, Product Strategy / Deputy CTO, Appian

Malcolm Ross is the VP, Product Strategy / Deputy CTO for Appian, with over 22 years experience of proven execution in driving organic growth while leading high performance teams across product development, sales, and marketing.