OutSystems CEO Paulo Rosado on its unique position in the market, current challenges in development, and how low-code can help solve those.

We recently had a chance to catch-up with Paulo Rosado, one of the founders and CEO of OutSystems. As one of the pioneers when it comes to low-code development, it’s always interesting to hear his thoughts on topics dealing with software development. We talked about what makes OutSystems stand out in the low-code market, the shortage of software developers, and the role low-code can play in battling cybersecurity concerns.

Building on top of commodity services with OutSystems

Many if not all companies today are building their digital platforms to fit their respective requirements and demands. That results in a collection of services that are interconnected. Organizations purchase most of those services, usually from the cloud nowadays. However, almost all of them need to develop applications of their own, on top of those commodity services. You build those applications using new data, which don’t have an integration with the foundation. These new applications together with the commodity services form an organization’s full software stack.

That last stage is where OutSystems comes in, Rosado points out. OutSystems does so in a fundamentally different way than other low-code players on the market, he argues. That also makes his company stand out in that market: “One consistent differentiator for OutSystems is that other low-code offerings hit walls in terms of how much you can do with it.”

More granular development

As an example of a differentiator, he mentions the development of high adoption user interfaces. A lot of (low-code) tools simplify those too much. “In order for interfaces like that to function properly, you need to be able to tune the latency”, he explains. That’s not possible in many tools, so the resulting application won’t function as well as it should. Other walls Rosado mentions have to do with creating data repositories, scalability, compliance, and integrations. He claims OutSystems handles those better than other tools.

From where we stand, this success must have something to do with the strong focus OutSystems still has on its core business, which is building (core) applications on top of existing services. They have no clear intention of entering adjacent areas in the automation landscape, something we do see happening at other companies focusing on low-code. When we present our view of OutSystems to Rosado, he answers by stressing the importance of best-of-breed solutions and products for specific tasks. So OutSystems uses or connects with best-of-breed solutions for things like RPA, bug tracking or agile project management. He sees no value at the moment in doing these things themselves. OutSystems wants to keep full focus on what they do best.

Skill-shortage asks new questions

The second topic we discuss with Rosado is the shortage of developers. Asked what this means for OutSystems, he initially takes a broader view. “It’s not so much about what this means for OutSystems, but about the bigger picture”, he says. He mentions a prediction by Microsoft that stated that there will be an explosion of software in the next three to five years. We will collectively need and develop more software during that time than in the past decades together. This goes way beyond which application development platform organizations choose, is the point he tries to make. First and foremost, it’s an organizational issue, which needs to be addressed.

In order to illustrate the complexities organizations face when developing new platforms, Rosado points to the large number of diverse skills you need to achieve this. He states that no fewer than sixteen skillsets are required nowadays to build a cloud-native platform. A lot of the profiles/people you want in those teams are expensive and in very short supply. However, it is crucial for organizations to do their utmost to create teams that are up for the job.

Paulo Rosado, co-founder and CEO of OutSystems

Even though the challenges presented by the explosion of software can’t be fully addressed by which application development platform an organization uses, this does not mean OutSystems can’t help nudge organizations in the right direction. So what can OutSystems do to relieve the burden somewhat for organizations? “We try to be extremely efficient in what our customers can do with the OutSystems platform”, answers Rosado. We addressed some of the ways in which OutSystems improves efficiency in a previous story. You can read it here. At the end of the day, though, organizations need to setup so-called fusion teams, and pool as much knowledge and skills together as possible. That’s going to be the primary challenge towards the future.

Shift-left is great     

If you’re familiar with what is happening when it comes to application development, then the term ‘shift-left’ is probably familiar too. Shift-left means that cybersecurity isn’t something that belongs to the right of the development pipeline (i.e. when the application is finished), but should be part of the development process from the beginning. In other words, cybersecurity shifts to the left, into the CI/CD pipeline.

Rosado welcomes this move to the left. “Shift-left is great for OutSystems, it fits our environment very well”, he states. OutSystems’ low-code application development platform has a foundation that’s the same for everyone using it. This means that you don’t have to setup every security control separately when you develop an application. It also means that many things that result in poor security are completely impossible te develop on the OutSystems platform. Rosado picks out code injection as an example. If for some reason an application fails the code swipe, just run the compiler again. If you don’t use a low-code platform, you will have to setup a security check like this separately.

How about API Security?

One of the most recent additions to the threat landscape is API Security. Does low-code also have the tools to battle API-based attacks? According to Rosado, the OutSystems platform can help in that area too. One of the key features of low-code comes into play here. That is, the OutSystems platform can expose and ingest a REST API visually. That gives developers a better understanding of the API. In addition, it’s possible to pre-generate everything, so you immediately notice it when something isn’t working as it should. In other words, you have much more control over the code.

High level of control benefits everyone

Even though shift left suits low-code very well, this doesn’t mean that a low-code platform is impervious to vulnerabilities. Rosado points that out too. However, it’s what you can do when you detect a vulnerability that makes all the difference. “We can change everything in minutes if we detect a vulnerability”, he explains. This fact is a crucial reason for organizations to consider and go for low-code, he adds.

A very important side-effect of being able to act so quickly is that the change immediately makes every organization using the OutSystems platform more secure. That is, not every organization has a SecOps team, but they still benefit from the changes OutSystems makes. So if a bank, which has a SecOps team, gives OutSystems feedback on a vulnerability, they update the platform, not only for the bank, but also for organizations with less cybersecurity resources. This should result in more secure applications across the board.

Low-code has matured

More secure applications and a platform that’s built for the explosion of applications in the foreseeable future, make low-code in general and in this specific case the OutSystems platform a very mature option for organizations looking to quickly build new applications. That’s also what Rosado sees in the market at the moment, he mentions towards the end of our discussion. “OutSystems is reaching the high-end use case where we are being used in the core”, he adds.

High-end use is what OutSystems is aiming for. It means that organizations trust the platform, and that the platform has the capabilities needed to interact with mission critical systems and processes. Rosado sees clear evidence of this in the recent huge upswing of legacy migration using low-code. This upswing probably won’t stop anytime soon. Companies like OutSystems have an important role to play to enable that. Based on our chat with the CEO, we’d say the company is ready to do just that.