Universities turning to low code to help bring back students amid COVID-19


Schools at all levels are using low-code platforms to easily build websites that can help manage the health concerns of students.


Despite continued concern over COVID-19, schools at every level are just weeks away from reopening their doors to students of all ages, introducing a litany of problems that have yet to be solved by teachers or administrators. 

Last week, the White House and CDC Director Robert Redfield released guidance strongly urging schools to reopen. With the pressure to bring students back ramping up, dozens of colleges, universities and grade schools are now turning to low-code platforms to help guide staff and students through the safety process of reopening. 

Low-code companies like Appian and Claris are seeing increased interest in their platforms as schools try to quickly cobble together informational websites or platforms to deal with the healthcare ramifications of students infected with COVID-19. 

The University of South Florida worked with Appian to create its “CampusPass” site that manages and centralizes the health and safety of the entire USF community. 

SEE: Low-code platforms: An insider’s guide (free PDF) (TechRepublic)

“We have to return to campus and return to campus safely. We were asked to solve the problem of how we return our students safely to campus. What we’re trying to do with CampusPass is figure out who is coming back to campus and how they’re doing when they come back,” said Sidney Fernandes, vice president and chief information officer at USF.

“We have three campuses in Tampa, St. Petersburg, Sarasota, and also a medical school. There are over 50,000 students and over 15,000 faculty and staff, and all of them are envisioned to be using the solution.”

Alice Wei, the director of digital transformation and innovations at USF, explained that the school has been using Appain for about six years for a variety of projects and that they had to create the CampusPass site to aid in the school’s reopening process. 

The school decided to purchase the Appian solution and configure it to its needs despite the fact that they already have in-house developers that could theoretically build similar websites. 

Wei said it would have taken too long to build the solution from scratch and Appian already had templates built that were close to what the school needed.

Part of what makes the situation even more difficult is that each college or school within the university has its own reopening policy and some courses are more able to be held digitally. 

According to Wei, the initial intent of the solution is to send out a survey asking the USF population if they intend to come back to campus. If a person is not, then the process ends there. But if a person is returning to campus, they have to answer a series of questions to be cleared for coming back to campus.

With Florida’s coronavirus infection numbers spiking in recent weeks, the school wants to make sure returning students are symptom-free and have a recent COVID-19 test that came back negative.

Using Appian, Wei said her team was able to create the CampusPass site in just one month after starting at the beginning of June. They’ve now been beta testing the site for weeks as the school prepares to restart classes by August. 

Fernandes and Wei added that their use of Appian extends far beyond the CampusPass site. For six years they have been digitizing many of the school’s most onerous paper-based systems using Appian’s easy-to-use templates. 

“Our technology was dated and also the way we were providing service to our customer base was also dated in the fact that we had 16 programmers that were supporting about 175 custom developer apps. We had a 100-item-deep backlog of wants from our stakeholders and they were not able to keep up with this demand,” Wei said. 

“I looked over what the portfolio consisted of and it looked a lot like most of the work was just simple-to-fancy complex forms and a lot of workflows. So my question was what’s the point of building everything from scratch when it looks like it is all very similar things, over and over again, with a few custom fields. There were a lot of reusable components that could be used rather than trying to build each and every piece over again for every new solution.”

The first project they used Appian for six years ago involved digitizing the process of changing advisers. Wei said it was taking students three months to change advisers because they had to chase down professors and get signatures on paper.

Using Appian, they were able to create a digital version of this in less than six weeks and brought the process time down to just one week. The new site became beloved by students, validating their decision to use Appian, Wei said. 

“All universities need are a student information system, an HR system and a financial system. Everything else is a niche product but they’re very similar in their needs, like needing to schedule appointments with an adviser or needing to make sure a student is on track to graduate,” Wei said. “There’s a lot of reusability.”

Fernandes said low code is not a solution for replacing an underlying information system but it allows IT teams to declutter the system and very quickly provide solutions. The Appian platform already had an app built for this exact functionality and he said it “clicked nicely” into the school’s existing infrastructure. 

Wei added that most universities these days are facing the costly problem of updating systems that are decades old and in need of massive overhauls. 

The process of replacing a school’s entire student information system will cost most universities millions of dollars, so Wei said low-code platforms are a good way to meet in the middle, creating innovative tools on top of archaic systems. 

Low-code platforms are also helpful because they allow IT teams to work with specific department stakeholders who can be involved in the process. This deep collaboration translates into investment in the platforms from people outside of IT who take ownership of the process and feel more invested in its success, Wei said. 

Brad Freitag, chief executive officer of Claris, said the company has received a deluge of interest from educational institutions eager to build quick low-code websites that provide COVID-19 information and help to students, parents, staff and administrators.

Most schools, he noted, are working on tight budgets and generally do not have the funds to hire costly software developers to build sites, forcing them to turn to low-code options like those from Claris or Appian.

“Of our 50,000-plus customers, education represents about 8,000 of them. We’re in 45 or 50 different verticals, and education is one of the biggest for us. We are regularly hearing about the challenges they face and how they’re responding to it. Low-code solutions offer some solutions to these pandemic-created problems,” Freitag said. 

“Schools we’re talking to generally fall into one of a few categories. One is building applications around student engagement. The second is around safety and security. And the third is the broad category of paper replacement.”

Like Wei at USF, Freitag said dozens of schools are looking to rid themselves of cumbersome paper-based processes using low-code platforms while others need to build websites to create safety protocols related to COVID-19. 

Some schools need low-code platforms to manage the complex process of cleaning school buildings. As schools figure out how to create socially-distanced school days, they also have to figure out when cleaners can come to classrooms for deep cleans each day, Freitag added. 

He mentioned one school outside of Chicago that used the Claris platform to create a site that asks students about potential symptoms for COVID-19, recent contact with people who may be infected, and daily temperature checks before they enter school buildings.

The school has even made the app they built available for any school to use for free. 

Another school in Southern California is using Appian-made solutions to help teachers know which student is attending class virtually that day. Teachers got tired of using cluttered Google Sheets documents and decided to build an app that allows students to respond with an emoji that not just says whether they are attending class that day but indicates their mood. 

“Low code addresses the fundamental problem that there are not enough computer scientists who can help programmatically build all the solutions everyone needs affordably,” Freitag said. “Most schools are not aware that low-code platforms are available and affordable.”


Wei said their platform has been great for students because it handles contact tracing and surveying all in one central place. With the information gleaned from student responses, Wei added that the university will be able to figure out whether health officials need to do sample testing, lottery systems or pool testing to see how many kids on campus are sick. 

Within the solution, staff members can figure out how to help infected students, how to isolate them and what they can do in case staff members fall ill as well. 

“All those things can be viewed and managed in the system in terms of the communication within the university,” Wei said. 


“We’re all flying by the seat of our pants as things change, especially here in Florida. So this has helped provide us with a holistic solution to help students and track the numbers.”

Open Source Weekly Newsletter

You don’t want to miss our tips, tutorials, and commentary on the Linux OS and open source applications.
Delivered Tuesdays

Sign up today

Also see

Companies turning to isolation technology to protect against the internet’s biggest threats


Isolation technology allows companies to keep employee browsers siloed in the cloud.

Image: metamorworks, Getty Images/iStockphoto

There have never been more cyberattacks, and the problem has grown exponentially since millions of people were forced to work from their home networks due to the coronavirus pandemic. Organizations are now faced with the thorny problem of how to keep enterprise data and systems safe from a universe of threats in need of only one small mistake or opening. 

Global spending on security products and services is expected to increase to $151.2 billion by 2023. Yet no matter how many layers of security companies put in place, successful cyberattacks continue to increase at a worrying rate. 

SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic)

To deal with this deluge of new threats, dozens of the world’s biggest organizations are turning to isolation technologies and techniques to protect employees from the kind of common mistakes cybercriminals are increasingly taking advantage of. 

“With isolation, you are choosing not to detect anything. That’s the beauty of it. All you’re really doing is taking the entire internet and entire active content on websites and moving it to the cloud and letting it run its course there so you never pay any attention to whether something is good today or bad,” said Kowsik Guruswamy, chief technology officer of Menlo Security.

“If you take out the initial part of the kill chain, which is that people click on links and people go to websites and get infected, then it doesn’t matter what the infection does. Isolation posits that if you can stop that initial vector, it doesn’t matter whether it’s a RAT (remote access trojan) or trojan. We never have to determine the goodness or the badness of anything in order to isolate. We never need threat intelligence to make a policy decision to isolate or not.”


Menlo Security now uses versions of isolation technology to protect eight of the ten largest banks in the world, critical infrastructure, and large government agencies. 

SEE: SSL Certificate Best Practices Policy (TechRepublic Premium)

Guruswamy said the company protects hundreds of other clients from cyberattacks by eliminating the threat of malware from the web, documents, and email, even going so far as to offer customers a $1 million guarantee ensuring 100% protection against all malware, including exploits, ransomware, zero days, and more.

The company has created a fun tutorial illustrating exactly how isolation technology works, but Guruswamy explained that almost all threats these days, especially malware, originate from either corrupted email links or malicious forced downloads that come from redirected advertisements on dangerous websites. 

“If you step back, it’s that first point in the killchain that matters the most because after that, once the piece of malware gets into the endpoint PC or Mac, then it’s really up to the creative nature of these bad actors to do whatever they want to do,” Guruswamy said. 

“From Menlo’s perspective, if we can take out that first infection vector, then you have no problem whatsoever. That’s where the isolation technique comes in.”

For decades, CISOs have been trapped on the hamster wheel of endlessly trying to figure out which links or files are good and which links are bad to protect the unaware employees of an organization who cannot tell the difference. Still today, enterprises deploy suites of tech ranging from signatures to machine learning, crowdsourcing, and deep learning.

SEE: TechRepublic Premium editorial calendar: IT policies, checklists, toolkits, and research for download (TechRepublic Premium)

But, as Guruswamy noted, security teams have to be right 100% of the time and cyberattackers only have to succeed once to hit the jackpot. 

First organizations, generally connected to the government, tried to manually air-gap work devices, forcing employees to literally use one computer that was connected to the internet and another that was entirely disconnected to the web. Others began trying the same idea but with container techniques or hyperledgers but the problem then revolved around how to scale this for enterprises with thousands, or hundreds of thousands of employees. 

Chris Rothe, co-founder and chief product officer at Red Canary, said isolation is an effective technique to use for endpoints infected with RATs but also can be used as a preventive tool. 

“Other forms of isolation like browser sandboxing can be used to make it more difficult to get a RAT on an endpoint in the first place. For instance, if a user’s endpoint functions as a dumb terminal and they use it to log into a virtual desktop then it’s most likely a RAT would land in the virtual environment rather than locally on the user’s endpoint,” Rothe said.

“That virtual desktop can be destroyed and rebuilt frequently which would then remove the RAT. Reactive isolation of a compromised endpoint is very widely used in incident response programs. You have to stop the bleeding before cleaning up, and removing a RAT and isolation is an effective way to do that even if it just means unplugging the network cord from the wall.”

Guruswamy echoed those ideas and said the team at Menlo stepped back and thought about where most threats originate: Browsers. 

SEE: Ransomware attack: Why a small business paid the $150,000 ransom (TechRepublic)

“What if we can scope this isolation to really be around browsers because that’s really where the starting point is. That’s where we live our lives, that’s where we watch news, entertainment, do our job, and manage payroll. Menlo’s idea was to run a browser in the cloud on behalf of the user. So when you go to any website, what actually happens is that in real time, the Menlo browser opens your link in the cloud,” Guruswamy explained.

To make it a bit clearer, he said to think of a regular employee going to cbsnews.com. With isolation, the browser on the user’s laptop or computer never actually goes to the website. The user has no idea, but the cbsnews.com page is opened in the Menlo cloud system.

“None of the original content from cbsnews.com ever touches your browser, so you have this insulated layer or air gap. There is no active content from cbsnews.com, like Javascript, Flash and all of that on your device because everything runs on the cloud. It never touches you,” Guruswamy said. 

“You are able to turn your browser into a passive viewing device. You can still interact with it, still copy paste, click do all that stuff. For the most part, you have no idea as a user that you’re being isolated.”

SEE:  Watch out for these subject lines in email phishing attacks (TechRepublic)

Menlo’s technique and platform has been particularly useful for larger enterprises that have struggled to protect endpoints for thousands of workers. 

Guruswamy added that the technique also works in the context of email. Every click on every email link ends up getting isolated in the cloud so that if a link ends up triggering a driveby download or phishing attempt, isolation keeps the endpoint safe. 

Since millions began teleworking, Guruswamy said Menlo has worked with a number or enterprises who needed isolation to help protect disparate users. 

“We have a customer in Australia that replaced their on-premises proxy with Menlo a few years ago, and they haven’t had a single listed virus on any of their endpoints in four years,” Guruswamy said. “It’s now to the point that the CISO now jokes that the security team is bored.”

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays

Sign up today

Also see