In Asia, the rapid adoption of low-code/no-code (LCNC) platforms are transforming digital innovation by enabling faster application development amid developer shortages and rising competition.

However, this acceleration introduces significant security risks, including inadequate access controls, unmanaged integrations, and shadow IT, which can bypass traditional compliance protocols.

AI and automation are increasingly integrated into LCNC tools, enhancing development speed and intelligence but also complicating security oversight.

For CIOs in Asia, it is critical to proactively embed security early in the LCNC development lifecycle, maintain visibility into decentralized development efforts, and balance governance with innovation to mitigate risks without stifling agility.

Failure to address these risks can expose organizations to data breaches and compliance failures, undermining digital transformation efforts in 2025/2026.

In this PodChats for FutureCIO, we are joined by Jason Merrick, senior vice president of product, Tenable, to talk about critical questions CIOs for business leaders need to address when adopting low code/no code.

1. Define what low-code/no-code means/is to users and to the application development team.

2. Current State of Adoption: What is the current landscape of low-code/no-code adoption in Asia, and what trends are emerging?

3. Security and Compliance: How do we ensure that LCNC platforms comply with relevant data protection and regulatory standards, and what access controls are in place to secure these environments?

4. Embedding Security: How can security be integrated early in the LCNC development lifecycle to mitigate potential risks?

5. Inventory Management: What processes should be established to maintain an up-to-date inventory of all LCNC applications and integrations, ensuring visibility and governance?

6. Citizen Development Oversight: What visibility and monitoring tools are implemented to oversee decentralized citizen development and manage risks associated with shadow IT?

7. Training and Incident Response: What training and support are provided to citizen developers on secure practices, and what incident response plans exist for vulnerabilities or breaches related to LCNC applications?

8. Final advice: With technologies like AI, agentic AI, among other things, what is your advice for business leaders and the heads of the development teams as it relates to LCNC adoption in 2025/2026?