There’s a common pattern with no-code / low-code applications and most modern SaaS products when it comes to security: they hard code the security of the types of users that can login to their solution. They might have some degree of Role-Based Access Control (RBAC) security configuration options for pre-defined user roles, like an internal administrator user. But even these options are often hard coded and limited. And so, it’s either impossible or very problematic to properly secure entirely new types of security models. This is especially difficult with no-code applications (such as Bubble or Airtable) because they often only offer one type of external “customer” user with no option to securely implement different kinds of external users that have a personalized user experience with specific security requirements.
Why is this a problem?
Let’s say you wanted to build a multi-stakeholder application, where different types of users and/or respective businesses need to securely interact with information to achieve a desired outcome. For example:
- a patient, doctor, personal support worker, and meals delivery worker that are part of a marketplace to provide patient-centric care services; or
- a customer, case manager, insurance broker, and commercial permit advisor that are all working at different institutions and need to fulfill an order; or
- a construction manager, supplier, business owner, and geotechnical engineer that all work at different companies and need to address complex procurement workflows; or
- a property manager, general contractor, tenant, and condo association representative that want to fulfill and track building services for many properties.
Expanding on the first example, what if each doctor works for different institutions that have limited access to other organizations and individuals’ information? The security complexity of an “ecosystem” of interactions between disparate organizations and individuals can be very challenging and expensive to implement using traditional application development approaches. In all the above examples, each type of user has unique personalized security requirements regarding the kind of information they can access and under different conditions. Even purpose-built SaaS solutions for a specific industry, such as a healthcare EMR system, will need to undergo an extensive custom development project to extend their security model to define a new type of external user that has a personalized experience. These sorts of security requirements are expensive, take a lot of time to implement, and are difficult to change.
We solved this problem!
Trellispark offers a fundamentally different approach to solving this problem by enabling fully configurable types of users (both external and internal to your organization) that can login to the application with personalized security without writing custom code. And the fun thing about this is you can keep innovating with adding or changing different kinds of businesses and user types anytime. This has several practical implications:
- Reduced Development Time and Cost: A significant advantage is the drastic reduction in the need for custom code, which often constitutes up to 90% of the work in traditional application development. With trellispark, user roles and security configurations can be defined through simple configurations, shortening the time required to deliver secure applications. This allows businesses to roll out updates and new roles in days instead of months
- Flexibility for Evolving Existing or New User Roles: As organizations evolve, they often need to adjust user roles or add new ones. Trellispark’s configuration-based model allows businesses to scale and adapt these roles quickly. For instance, if a new regulatory requirement mandates the creation of a new “auditor” role with specific access to financial reports, this can be implemented without redeveloping core security components.
- Empowering Non-Developers and Business Users: Non-technical users can define user roles and security settings. This reduces the dependency on IT teams, allowing business stakeholders to have greater control over how users interact with the system. This capability fosters collaboration between departments and ensures faster implementation of changes.
- Future-Proofing Your Application Architecture: Traditional systems often accrue technical debt – the future cost of making changes to custom code as the application evolves. Trellispark’s configurable model mitigates this by making it easy to add or modify user roles without re-engineering existing functionality. This flexibility is essential for organizations that need to stay agile in response to changing business conditions.
- Security and Compliance Advantages: Industries like healthcare and finance operate under strict regulations, requiring careful management of user data and access permissions. With trellispark, compliance with regulations such as HIPAA (for healthcare) or GDPR (for data privacy) becomes easier, as the platform can explicitly restrict the records and data downloaded to the browser or mobile app and can extensively log user interactions.