In a recent Helpnetsecurity articleEric Leach, Chief Product Officer of Strata Identity, explains why low-code applications and identity management must coexist. In the article, Leach discusses the adoption of low-code tools and discusses related identity issues..
Until recently, software development required top talent to painstakingly type in code line by line. It is a slow process with a high price. Businesses need a faster, less labor-intensive way to meet business needs, including:
Low-code app development, as the name suggests, allows for less coding and, therefore, less time required by developers. Low-code is often touted as an advantage since non-technical people can take on some of the work, but it’s not without its drawbacks.
Leach shares the top three identity management challenges in a low-code ecosystem. It offers “a more manageable approach when using low-code development frameworks to build apps.” That is, “to connect them to a single abstraction layer for identity services”.
Read on to learn how to make low-code development work with your Identity and Access Management (I AM) frame.
Skill gaps mitigated with low-code tools
Keeping pace with changing needs places significant demands on IT teams, especially those managing legacy, on-premises applications alongside multi-cloud infrastructure. Many companies are opting for low-code software development tools to reduce demands on highly skilled (and expensive) IT resources. the repercussions of “the great resignation” include slow recruitment processes and difficulties in finding skilled labor – the need to retain skilled workers for high value-added tasks has reached new limits.
It’s just not viable for companies to see their best talent bogged down in tedious coding. While some critical applications are best updated by experienced IT technicians, many applications can be updated without significant risk, by non-technical team members or contractors due to low code.
In recent years, the emergence of low-code tools has contributed to the phenomenon of citizen developers. These are often employees with enough knowledge to undertake basic coding using graphical user interfaces (GUIs).
This sounds great at first, but it’s important to keep in mind that this approach has its limitations. Let’s look at the problems you might encounter if you opt for citizen development as a strategy:
Security vulnerabilities when non-technical people use low-code
Applications modified by citizen-developers must always interact securely with other critical infrastructures. Without expert supervision, well-meaning (but inexperienced) workers can introduce security vulnerabilities that go undetected.
Complexities arise when transitioning from a platform-specific approach
The complex configuration of some platforms makes it difficult to change software development processes. If multiple platforms are involved, it’s even more difficult, especially when on-premises inheritance and multi-cloud infrastructure are involved.
Removing low-code tools can be tricky
If you decide that a citizen developer approach isn’t right for your business, you’ll need to reorganize resources that were focused on coding. Restrictions on identity providers associated with this approach will also require careful consideration.
Create alignment between business needs and your identity framework
The citizen developer approach can solve some problems – and reduce costs – compared to involving expensive IT specialists. But to stay competitive, it’s essential to ensure that any changes to your infrastructure support business objectives.
Citizen developers lack the expertise to ensure optimal performance of your complex infrastructure. This can limit your competitive advantage in today’s digital economy. There’s another way to achieve your business goals without compromising security or hiring more IT specialists.
Use abstraction (an Identity Fabric) for best results
The average business relies on a range of identity-related standards authorization and authentications. It is therefore tempting for IT teams to turn to citizen development to modernize the infrastructure and save money, given the scale of the task.
Many IT managers find that there is still a lot of work to be done to ensure that standards are applied appropriately when low-code tools are involved. Manual orchestration of standards is inefficient and error-prone, creating additional pressure on already overstretched teams.
In an environment of constant cyber threats, it is essential to ensure that identity management is not compromised by software development. It’s a false economy to try to save money on coding and increase the risk of data breaches or losses in the process.
For best results, automation of the process is necessary. With the aid of abstraction layer or Identity Fabric, standards related to identity management, such as SAML, can easily be applied. Since the abstraction relies on logic embedded in the identity framework, it also eliminates the need to push code to applications.
Additional benefits of an Identity Fabric include:
- Reduced load for citizen developers
- Eliminates the need for hard coding
- Standards are easy to adapt
- Application owners and identity providers do not need to be involved
Protect your data and free up time for your best talent by eliminating the need for repetitive manual coding. Find out how abstraction can help you modernize without compromise.