1 Introduction
The massive shortage of qualified personnel to operate modern complicated IT infrastructures has led not just to the notorious skills gap in the security industry: the same shortage affects application development as well. Even the largest enterprises with well-staffed internal IT departments struggle to keep up with constantly changing business requirements to update their business software accordingly. Making changes in “off-the-shelf” enterprise products or SaaS applications is even more difficult: it may take months for such a request to be implemented and even longer for it to be deployed, even for the smallest changes in functionality.
Unsurprisingly, this has led to a rise of “Shadow IT”, when business line employees, frustrated by the shortcomings of available applications, would utilize unsanctioned tools and services to improve their productivity. Although such developments can significantly improve productivity and flexibility of business processes, uncontrolled proliferation of shadow IT without proper central governance has massive negative implications: further fragmentation of IT landscapes and data siloes, wasted time and resources, communications problems, and, last but not least, compliance issues and increased risk of data loss. Attempts to limit shadow IT with tools like cloud access security brokers have proven to be unsuccessful. Thus, an alternative trend has been on the rise in recent years: Citizen Development.
Citizen development is all about allowing business users with little to no programming skills to develop applications with convenient and uncomplicated tools sanctioned and controlled by central IT. As a general trend, it is by no means new: business users have been building their apps for years using scripts and spreadsheets. However, next-generation specialized development platforms focus not only on making these developments more comfortable and convenient but on ensuring their compliance with corporate security policies and government regulations and on the ability to prevent data leaks and breaches.
The market for low-code and no-code development platforms has been booming in recent years, with multiple vendors competing in offering the most intuitive GUI-based development environments for business users. Their primary goal is, of course, to meet the increasing need for applications without facing the shortage of skilled developers, improving and balancing productivity for both business and IT workers. Usually offered as software as a service from the cloud, these solutions help to put shadow IT under centralized governance, but often fail to take other security and compliance risks into consideration.
Oracle APEX is a low-code application development platform with a unique twist: it is entirely implemented within Oracle Database, making it portable (available on-premises, in a cloud, or just about anywhere where a running Oracle instance can be found), highly secure out of the box thanks to multiple controls built into the database itself, and powerful enough to run a wide variety of apps – from simple spreadsheets to large-scale projects with thousands of users. There is no need to deploy any additional software or manage infrastructure, and the service is completely free for all existing Oracle customers. It is also available as a part of the Oracle Cloud service portfolio with a generous free tier.