Governance and security for no-code tools, what to do?
Governance and security for no-code are two topics that come up very regularly, particularly in large companies. Indeed, when you are a startup, when you are three people in the box, you generally give access to all the data in the company to the founder and it is not an issue. When you start having more than a hundred people, you will need to manage rights, authorizations, and above all you will have an important issue which is access to data. this is where governance becomes very important.
It is essential if you are a large account and you have security issues to set up governance both on the use of the tools who you are going to train, who will have the right to use these tools, but also data governance: what data you will give access to in order to create a use case.
For example, you are not necessarily going to give the same access to data to the finance team to create tools to manage expense reports, as to logistics, which will need access to orders.
The subject of GDPR is also a second very important subject. Today we are still in a gray area of blur between data hosted in the United States and data hosted in Europe. Most of the time today, large accounts want to fully protect themselves against any legal risk around customer data. We are lucky today to have despite everything a no-code technical stack in Europe, great European publishers who do a great job. Some US publishers are also now starting to have data hosted in Europe. For example, at bubble you can have a server hosted in Europe. It’s expensive but it works very well and therefore allows you to be also rgpd compatible.
Don’t forget also that around these subjects, there is obviously always the question of what is called “vendor locking”: you used a SaaS solution and therefore where is your data located? Can you retrieve them at any time? I always invite you to read again, even if it is long and tedious, the T&Cs of the publishers and to make sure to request any modification that would allow you to guarantee reversibility, and access at any time to your data whatever happens to you. the company.