How low-code application development & identity management work together
In a recent Helpnetsecurity article, Eric Leach, Chief Product Officer of Strata Identity, discusses why low-code applications and identity management need to co-exist. In the article, Leach discusses the adoption of low-code tools and discusses releated identity concerns.
Until recently, software development required top talent to type code line-by-line painstakingly. It’s a slow process with a hefty price tag. Companies need a faster and less labor-intensive way to meet business needs, including:
- Adding new functionality like passwordless authentication
- Introducing Multi-factor authentication (MFA)
- Identity proofing
- Behavior analytics
- Complex role- or attribute-based authorizations
Low-code application development, as the name suggests, allows for less coding and, therefore, less time required by developers. Low-code is often touted as a benefit since non-technical people can take on some of the work, but it is not without drawbacks.
Leach shares the three primary challenges of managing identity in a low-code ecosystem. He proposes “a more manageable approach when using low-code development frameworks to build applications.” That is – “to connect them to a single abstraction layer for identity services.”
Read on to hear how to make low-code development work with your identity and access management (IAM) framework.
Skills gaps alleviated with low-code tools
Keeping pace with changing requirements places significant demands on IT teams – especially those managing legacy apps, on-premises, alongside multi-cloud infrastructure. Many enterprises opt for low-code software development tools to reduce demands on highly-skilled (and costly) IT resources. The impacts of “the great resignation” include slow recruitment processes and challenges in finding skilled labor – the need to preserve skilled workers for high-value tasks, has reached new limits.
It’s simply not sustainable for businesses to have their top talent bogged down with tedious coding. While some mission-critical apps are best updated by senior IT technicians, many apps can be updated without significant risk, by non-technical team members or contractors due to low-code.
In recent years, the emergence of low-code tools has contributed to the phenomenon of citizen developers. They’re often employees with enough knowledge to undertake basic coding using graphical user interfaces (GUI).
Sounds great initially, but it’s important to bear in mind that this approach has its limitations. Let’s take a look at problems you might encounter if you opted for citizen development as a strategy:
Security vulnerabilities when non-technical people use low-code
Apps modified by citizen-developers still need to safely interact with other mission-critical infrastructure. Without expert oversight, well-intended (but inexperienced) workers may introduce security vulnerabilities that go undetected.
Complexities arise when transitioning from a platform-specific approach
The complex configuration of some platforms makes it difficult to make changes to software development processes. If multiple platforms are involved, it’s even more challenging – particularly where legacy on-premises and multi-cloud infrastructures are involved.
Removing low-code tools can be hard
If you decide that a citizen developer approach isn’t right for your business, you’ll need to reorganize the resources that were focused on coding. Restrictions on identity providers related to this approach will also need attention.
Creating alignment between business needs and your identity framework
The citizen developer approach may solve some problems – and cut costs – relative to having expensive IT specialists involved. But to remain competitive, it’s vital to ensure that any changes made within your infrastructure are supporting business goals.
Citizen developers lack the expertise to ensure the optimum performance of your complex infrastructure. That can limit your competitive advantage in today’s digital economy. There is another way to achieve your business goals without compromising on security or hiring more IT specialists.
Use abstraction (an Identity Fabric) for the best results
The average business relies upon a range of standards related to identity authorization and authentications. So it’s tempting for IT teams to turn to citizen development to modernize infrastructure and save money, given the scale of the task.
Many IT leaders discover that there’s still a lot of work to do to ensure standards are implemented appropriately when low-code tools are involved. Manual orchestration of standards is inefficient and error-prone, creating additional strain on already stretched teams.
In an environment of constant cyber-threats, it’s vital to ensure that identity management is not compromised by software development. It’s a false economy to try to save money on coding and increase the risks of data breaches or losses in the process.
For best results, automation of the process is required. Using an abstraction layer or Identity Fabric, standards related to identity management, such as SAML, can easily be applied. Because abstraction relies on logic embedded in the identity framework, it also eliminates the need to push code to apps.
Additional advantages of an Identity Fabric include:
- Reduced burden on citizen developers
- Eliminates the need for hardcoding
- Standards are easily accommodated
- App owners and identity providers don’t need to be involved
Safeguard your data, and give your top talent the gift of time – by eliminating the need for repetitive manual coding. See how abstraction can help you modernize without compromise.