A powerful citizen developer ecosystem - Mendix v7 brings great power – and, possibly, great responsibility

Written By:
Content Copyright © 2016 Bloor. All Rights Reserved.
Also posted on: The Norfolk Punt

I’ve been following Mendix for some time. It’s an interesting application delivery platform, which is heavily focused on growth: it doesn’t make a profit yet, but has really captured the “citizen developer” imagination – and each release seems to address any concerns I had with the previous release. So I thought it might be fun to check out the innovations in Mendix 7, showed off at Mendix World 2016 in Rotterdam.

Mendix seems to be stressing the ecosystem idea – stuff that it doesn’t do itself can be handled by means of drag-and-drop connectors to other platforms. I like that idea. The world is an increasingly complex place and few companies can realistically aspire to do everything perfectly – so linking to technology platforms offering (for instance) mature IoT, big data and machine learning capabilities makes a lot of sense.

This, however, raises potential issues for companies employing “citizen developers”. Linking platforms into a bigger ecosystem has implications – a simple connector to an analytics platform could get someone with a good understanding of, say, their low-code development platform and not much experience outside that, into something they don’t really understand. That doesn’t mean to say that the idea is a bad one, of course – it’s potentially very empowering – but “with great power comes great responsibility”.

For example, a powerful big data analytics platform has to (or will have to) deal with “consent” if it deals with “personally identifiable information” or “PII“. The data subject may have to give explicit consent for the precise use you are making of their PII unless you can “pseudonymise” it in some well-defined way (see, for example, here), and data subjects will be able to remove consent – in which case you’ll have to notice this immediately and stop processing the stuff. This is not the place to discuss data protection law and the impending EU GDPR (which will still impact UK organisations post-Brexit, by the way) but a citizen developer who understands his/her area well may be entering uncharted waters if they make a simple connection to a powerful analytics platform and change the way its analytics data is used.

This will primarily impact the organisation they are working for rather than the developer him or herself, although it might be career-limiting too. Fines for misusing PII without adequate consent could get into millions of euros, and don’t forget that an organisation has to provide an effective Data Protection Impact Assessment too – the citizen developer could be opening up serious governance issues. There are potential issues with other connectors too (machine learning, for example, may be very useful but you probably still need to understand how it works and what you can reasonably expect to achieve) but, I repeat, this doesn’t make giving a low code development platform simple drag-and-drop connectors to other platforms a bad idea. It’s just that it may not be as simple, in reality, as you think; even if making the connection is very easy.

Mendix accepts that this is all highly relevant but points out that “this is more of an organisational challenge than a potential risk with the Mendix Platform. Mendix offers drag-and-drop connectors to IoT and Analytics services, but when binding the service in the Microflow, developers will be prompted to configure the authentication to that service”.

So if sensitive PII data would be accessed, it’s the organisation’s access control policies that should be preventing innocent or unconscious access to data that a developer isn’t allowed to use, although implementing this in accordance with GDPR may well not be trivial (and is only Mendix’s problem in the sense that it might discourage use of some of its features).

That all said, Mendix now provides integrated connectors to the AWS IoT managed cloud platform; AWS Machine Learning (a service that guides users through the process of creating machine learning models without having to learn all the complexities of machine learning); IBM Watson services for analysing images and returning the objects, people (which implies potential use of PII), and text found within the image, for content recommendation and exploration, for text to speech, for understanding the contents of an image or video frame, and for developing automated branching conversations between user and application; a Low Power Wide Area Network, for low-cost, mobile, secure bi-directional communication for IoT, M2M and industrial applications; and, MQTT, the lightweight messaging protocol for small sensors and mobile devices, optimised for high-latency or unreliable networks. This all looks really impressive and seems to underline the Enterprise capabilities of Mendix for professional programmers. It has good stuff for the citizen developer too, but I do wonder whether they could be overwhelmed with all the power and options on offer.

Mendix itself has some interesting improvements in this release. In addition to new low-level technology innovations, the Mendix Web Modeller now appears to support a devops-style approach to development with rapid experimentation, frequent iteration and close collaboration between business and IT. Mendix now also has a sophisticated Application Test Suite (developed in partnership with Mansystems) that supports functional and regression testing in the development process (again, this could be seen as a devops story) and which allows users to automate cross-browser functional testing based on keywords linked to user stories. Mansystems has also helped to develop Mendix Application Performance Monitor, which supports identification of potential performance issues early in development (the most cost-effective place to find them); but also speeds resolution of problems that do get through to production.

As always, the proof of the pudding is in the eating, but Mendix has found some enthusiastic customers for its new release (as you’d expect). For example, Hans Luijendijk, director of Business Enterprise Architecture & Strategy at AFI KLM E&M, says: “Our equipment tracking app [which pulls data from the KPN Low Power Wide Area Network, to give engineers using iPads a live view of the locations of each piece of airline maintenance equipment] showed us just how powerful a force like the Internet of Things can be. We’ve just scratched the surface in the ways we can use the Mendix platform to digitally enable our engineers and transform our operations”.