Accelerate your Digital Experience Platform Journey with Low-Code

Forrester finds that, in 2020, over 27% of organizations improved their customer experience (CX) index scores, a big number compared to the few who were making progress in the years before.

“To emerge successfully from this global crisis, brands must build experiences that help them engage with their customers at an emotional level,” wrote Forrester SVP, Sharyn Leaver.

So, how do enterprises engage customers at an emotional level when the predominant
channel of interaction is now digital?

By delivering insights-driven, personalized, contextual, end-to-end digital customer experiences anytime, anywhere, across channels and devices.

To achieve this, at accelerated time-to-value and scale, enterprises need a springboard: A Digital Experience Platform.

Gartner defines a Digital Experience Platform (DXP), as an integrated set of technologies, based on a common platform, that provides a broad range of audiences with consistent, secure, and personalized access to information and applications across many digital touchpoints.

At WaveMaker, we visualize it in three layers:

Foundational Business Engine
Digital Engagement Hub, which brings together APIs from the business engine
Customer Experience Suite, which is the UX layer, made up of apps

Most enterprises have the business engine and the digital engagement hub, even if some of them might be legacy software. However, the digital customer experience layer needs to respond to rapidly evolving needs, offering opportunities for experimentation and rapid implementation. It is here that low-code can help. Here’s how.

Transforming applications to a customer-oriented approach

In most industries, IT is designed around the organizational structure, not customer needs. For instance, the technology architecture of a retail organization is driven by the supply chain — divided into inventory, point of sale, customer relationship management, e-commerce, etc. So, if a customer wants to check on the company’s website whether a product is available in their nearby store, it would be next to impossible because the e-commerce engine doesn’t speak to the inventory management system.

A digital experience platform can enable enterprises to address such use cases without elaborate investments in product development. When the business engine is built on customer-oriented architecture, deploying applications as microservices, loosely coupled, and API-driven with functional encapsulation, the low-code customer experience suite empowers you to drag and drop any combination of features and functionalities to create a new app. It effortlessly abstracts the various business engines to create apps with little manual programming.

Leveraging data for personalized digital experience

No customer wants to search and scroll endlessly on their shopping app to find the product they want. Nor do they want to manually drag and drop features into their interface to personalize it themselves. They want personalized experiences that are meaningful, engaging, and, most importantly, efficient.

A digital experience platform can leverage advanced analytics to deliver that. The low-code customer experience suite can form the abstraction over the analytics engine to bring together user, interaction, and business data to create a 360-degree view of the customer. It can enable dynamic user experiences, ensuring continuity of customer relationships, displaying cross-sell/up-sell opportunities contextually.

Delivering omnichannel engagement

In the era of ‘hand-off’ between devices, customers demand a smooth omnichannel experience from enterprises. For instance, an e-commerce customer today wants to add items to their cart from any device, anywhere, anytime, and purchase them all together when they’re ready.

Digital experience platforms are built to enable this seamlessly. By integrating various digital business engines, the low-code customer experience suite allows you to build omnichannel customer journeys — effortlessly moving from one channel to another, ensuring continuity of engagement across devices.

Enabling dynamic content delivery

Traditional applications are optimized for short-term transactions, while digital experience platforms are built to create long-term customer value. For instance, an e-commerce application is typically built around capabilities like search and checkout, focussing on the efficiency of shopping. But customers today are seeking more engagement. Perhaps why social commerce — blending of social media like Instagram and shopping — is gaining popularity, as it stresses the ‘experience' of shopping.

The digital customer experience suite enables enterprises, especially in industries like banking, media, retail, or fashion to design websites, portals, apps, etc. to deliver personalized, contextual, relevant, and timely content to improve stickiness and loyalty.

Ensuring end-to-end digital service

Today, saying “you need to come to the store to get this done” is a sure-shot way of losing a customer, especially given that the cost of switching to a new provider is the lowest it has ever been. However, traditional shelf-ware is heavily restrictive in the functionalities they can offer.

Digital experience platforms enable you to deliver end-to-end digital service. With the customer engagement suite, enterprises can:

Build and deploy new applications quickly for customers
Enable dashboards with predictive analytics for employees
Create chatbots to automate answers to common concerns
Automate data collection in the form of feedback through email, SMS, or app notifications
Streamline product and business innovation based on customer behavior and preferences

In 2018, PwC found 32% of customers say they would stop doing business with a brand after one bad experience, even if they had loved it before. On the other hand, customers are willing to pay a 7-16% price premium for a good experience. This becomes even more telling in the post-pandemic era.

Today, just offering a digital avenue isn’t enough. The digital channel(s) is the storefront, relationship manager, customer service, marketing, sales, product catalog — all rolled into one. The true success of a digital channel is in dynamically adapting to customer needs. A digital experience platform helps you achieve that.

With a robust low-code customer experience suite built with WaveMaker, you can accelerate your digital experience platform journey significantly. Its ability to provide features such as a composable architecture, scalability, cloud-native capabilities, customizability, repeatability and security strengths enable your application teams to create differentiated experiences at a fraction of the time and cost.

To see how low-code can accelerate your digital platform journey, try a demo of WaveMaker today.

Applying a ‘security mindset’ while using low-code

Authored by Gopi Mishra, Principal Architect - Development, WaveMaker, Inc

Enterprises are increasingly using ‘Direct-to-Consumer’ digital initiatives. They are parallelly digitizing their internal processes with increased velocity. These changes bring with them a tide of security threats. From insider threats to exposed marketplaces, there is always a security hazard lurking around the corner--one that can assume mammoth proportions if security doesn’t become an ingrained part of application development. In fact, according to a report by cyber security firm 'Checkpoint', cyberattacks on organizations worldwide jumped by 29% during the first half of 2021 as compared to the same period in the previous year.

So if an enterprise is adopting the web, mobile, and cloud, and directly selling to the consumer, it would be paramount that the IT team prioritizes the security of its product, and most importantly ingrain the best practices of weaving security into the development process.

Who better to don the mantle of defense than the ‘developer’? After all, when it comes to the security of an application, ‘developers’ are the first line of defense!

Defense-In-Depth

A ‘Defense-In-Depth’ approach to security for applications is a layered approach to security. What it essentially means, is that developers should take necessary action to mitigate security risks at every layer, be it the front-end (client), middle-tier, database services, or even the network layer. To do that, developers need to collaborate with various stakeholders: customers, DevOps teams, IT-networking, and the security teams handling the necessary infrastructure.

A developer has to have the same approach while developing secure applications using a low-code platform. WaveMaker comes fortified with SAST tested auto-generated code that is Veracode^TM verified. While developers working with WaveMaker can rest assured of the inherent security of the platform, there are a few best practices that a one can follow while using WaveMaker low-code to develop secure applications.

Embed security using WaveMaker

Developers need to think about security primarily in three areas: Data, Business Logic, and Coding. Data in itself could be static or could be in transmission. Depending on its state, the developer needs to keep an eye out for the following checkpoints:

Data at Rest:

Ensure that no personally identifiable information is stored at the client-side (in-cache of web application or in device storage of a mobile application)
For mobile applications, store relevant and critical information in secure elements
Avoid storing information such as service credentials and connection strings in an accessible file. If stored, ensure that there is a proper authentication and authorization mechanism in place to access these files
If possible, use rooted/jailbreaking detection for mobile apps.
Cordova provides plugins for the same. This can be added to the application by importing the plugin to the application. Plugins can be imported as described here.

Data in Motion:

Secure data in motion from being intercepted

Use HTTPS for all calls between the client and the server-side
Use TLSv1.2
Ensure that the data between client and server-side is encrypted
Use updated security certificates that have the latest and secure cipher algorithms
Ensure validity of certificates. In case, certificate pinning is used on mobile applications ensure that certificates are renewed before expiry and app uploaded to app/play store to avoid apps breaking in production
Protect API calls with authentication
Do not include PII data as a part of a GET call

Business Logic:

Use multi-factor authentication
Have a password policy and validation
Include input validation as a part of data length, type, and white-listed characters
Do not include passwords as a part of the ‘Remember Me’ functionality
Do not provide the reason for the failure of authentication in event of a validation failure

Coding Best practices :

Do not log sensitive information like passwords
Include all loggings as a part of the ‘isDebugEnabled’ flag so that they can be disabled in the production
If ‘Request’ and ‘Response’ are logged or can be logged in debug mode then create filters for sensitive data
Use the latest versions of third-party plugins that are imported into the application
Use the latest SDKs/APIs that are tested against vulnerabilities
Flush out session data during logout
Error stack trace should not have sensitive information. It is always advisable to add custom messages as error messages rather than simply passing or printing the error stack trace which may have application class/file names or sensitive data.
WaveMaker is Veracode^TM certified and the auto-generated code is protected against OWASP Top 10 security risks. However, while designing an application the developer should keep these risks in mind and design the application to safeguard it against them (For a greater list of guidelines, follow this OWASP cheat sheet]
When using WaveMaker low-code platform, ensure that Veracode^TM-like scans are performed for both JavaScript and Java code

Security is an inarguable conclusion

While security best practices can help developers immensely, what is more important, is that they develop a ‘security mindset’. Security must be a priority and not an afterthought. While developing applications using ‘Agile Practices’, security should be a criterion in the ‘Definition of Done’ of user stories. Bigger pieces should be taken up as enabler stories. Regular penetration tests should be performed early in the development stage and should be a part of every sprint release. A security loophole caught early in the game will alleviate future pain points, bring down costs and reduce technical debt.

Being secure is not an option, it is an inarguable conclusion. Developers with a finer sense of security will hold this as their mantra.

Author’s Bio

Gopi is a software architect with over 15 years of experience in the financial tech and IT domain including 9 years he spent on mastering mobile architecture design. He presently leads a team of low-code developers and mentors them about best practices in software development. In his free time, he loves to read non-fiction, watch history channels or binge-watch movies.

Write to Gopi Mishra at info@wavemaker.com

Creating Progressive Web Applications with WaveMaker

Authored by Akhil Pillai, Principal Engineer, WaveMaker, Inc

The web has been a unique platform to develop applications for decades. Of late, platform-specific applications have created a lot of buzz, mainly owing to their reliability and extensive features. Some of them work offline, some have hardware capabilities while some of them can notify users of important updates. PWAs or Progressive Web Applications are the web’s newest attempt at matching the level of reliability and richness that these native applications offer.

What exactly are Progressive Web Applications?

Progressive Web Apps are just plain old web applications with newer capabilities enabled on modern browsers using progressive enhancement. That is, even if the modern features are not supported by the browser, the user still gets the core experience of a web app. PWAs make use of web-platform features like service workers and manifests to give users an experience on par with native apps.

Some of the features that PWAs offer are:

Installable

PWAs allow users to install them through prompts that are either on the browser or implemented by the developer. Once installed, they mimic native apps that are available on home screens, docks, or taskbars. The application opens up as a different window rather than as a tab in a browser and is shown as part of the app switcher, thus tightly integrating it with the platform.

Reliable

Speed is crucial to keep the user interested and reduce bounce rates. Google's research shows that an increase in page load times from 1 to 10 seconds leads to a 123% increase in bounce rates. The capability of PWAs to cache resources and load them from the cache greatly increases speed and performance. This not only helps with load times but also helps when the network is slow or there is no network at all. This means even when offline you have access to your favorite application unless network connections are indispensable.

Linkable

Being a web application, PWAs can be easily shared using URLs. Anybody with a URL can install a PWA on any platform with a supported browser. This greatly reduces the effort it takes to distribute an app through an app store. Managing versions are made easy too with auto-updates or prompted updates that allow partial updates. With this feature, gone are the days when we had to download entire applications for just a small change in text.

Enables Notifications

One of the biggest flexes that native applications had over web applications is the ability to push updates to the user. Though web applications could show notifications, they needed to be running in a window to do so. PWAs have overcome this hurdle through service workers. A service worker is a piece of code that runs in the background even after the web application is closed by the user. This allows the web application to run background tasks and receive notifications. This makes it easy to keep the user engaged even when the application is not running.

Secure

PWAs are inherently secure. The service worker, which is the core part of a PWA, is only activated if the connection is secure. If the connection is not established over a secure HTTPS protocol, PWAs behave just like normal web applications.

Though these are some of the main features that PWAs offer, there is much more to them like background sync and hardware communication among others.

How can PWAs impact business?

Most of the features directly or indirectly affect the way users interact with web applications. This in turn drives business decisions. For example, giving a native feel to a web application is made easier with PWA. This allows businesses to ship applications faster while skipping app stores and their complex policies. PWAs while reducing development effort also reduce the associated development cost. Faster loading times give a big boost to customer retention while notification capabilities keep the user engaged.

In terms of data supporting these tall claims, let's take the case of Twitter. Twitter saw a 65% increase in pages per session, 75% more Tweets, and a 20% decrease in bounce rate. Nikkei saw 2.3 times more organic traffic, 58% more subscriptions, and 49% more daily active users. Hulu replaced their platform-specific desktop experience with a Progressive Web App and saw a 27% increase in return visits. As they say, numbers don't lie. PWAs are definitely influencing customer interaction with applications.

How can WaveMaker help?

PWAs combine the native feel of platform-specific applications with the dynamic nature of web applications. But how do we implement all these features? Using vanilla JavaScript and HTML to implement such rich features would take a lot of time and effort. Of course, libraries like Angular and Workbox can help but WaveMaker goes a step further. With the latest 10.9 release, PWA is officially in its beta stage on WaveMaker. All the user has to do is enable an ‘app.pwa.enabled' flag in the profile they use for production. Detailed instructions can be found here.

WaveMaker uses Angular’s built-in support for PWA and throws in a bit of its own magic to enable these features. As soon as the flag is enabled, two of the most prominent features are baked right into the WaveMaker web applications - installability and caching. Notifications are also enabled by default that can be made to work with a few app-specific changes. WaveMaker also allows the user to choose a custom icon for the installable app. What better than having your brand image in your user’s app drawer!

At WaveMaker we realize that continuous improvement and innovation is the path to creating customer satisfaction. As of now, PWA features that are in the beta stage are subject to continuous improvement. The way forward is to enhance features like notifications and to gradually add features dictated by customer interests.

PWAs are here to stay and WaveMaker will help your business embrace the technology with as little code as possible.

Watch this video to know more.

Author’s Bio

Akhil Pillai is a full-stack developer with more than 10 years of experience in software development. He is a technology enthusiast and a polyglot with a soft spot for machine learning. In his free time, he loves to read technical content and listen to music.