Project Management

Is citizen development just a form of sanctioned shadow IT?

From the Citizen Development Insights Blog
by , , , , , , , , , , , , , , ,
Citizen development is a disruptive approach to digital transformation and organizational innovation, where teams are empowered to turn ideas into applications using no-code/low-code technology. This blog provides insights, advice and practical knowledge from thought leaders and practitioners in Citizen Development.

About this Blog


View Posts By:

Cameron McGaughy
Martin Kalliomaki
Ron Immink
Maelisa Woulfe
Arjun Jamnadass
Mario Trentim
Jody Temple White
Octavio Arranz
Jelili Odunayo Kazeem
Derya Sousa
Elizabeth Jordan
Richard Earley
Jason Mayall
Chandrasekaran Audivaragan
Ryan Whitmore
Rogerio Sandim

Recent Posts

What You Need to Become a Citizen Developer

Citizen Development Part 5: Scaling For Success 

Citizen Development Part 4: Deployment and Beyond

Citizen Development Part 3: Providing Light-Touch Governance

Citizen Development Part 2: Getting Started

My experience of Shadow IT

As long as IT has existed, it seems that shadow IT has existed as well. I distinctly remember one of my first projects as a junior consultant where I was tasked with mapping an enterprise’s finance processes. I had carefully drafted detailed process maps based on the enterprise’s policies and procedures. I sat down with the client’s finance lead only to be told, “ That’s how it’s supposed to work, but here’s how it actually works…” Due to issues with the legacy system, an entire shadow finance system had been created. A few quick conversations with my colleagues in industry confirmed that my experience is not unique – and this is further corroborated by a McAfee study stating that 81% of Line of Business users use shadow IT.

Impact and Cost of Shadow IT

The impact and cost of shadow IT is massive. Gartner estimates that large enterprises spend 30 – 40 percent of their budget on shadow IT. Research from Everest group puts that estimate even higher - 50 percent or more. Additional impacts can include duplicated efforts, multiple sources of truth and security vulnerabilities, to name a few.

Is Citizen Development Shadow IT?

Given enterprises’ experiences and the cost of shadow IT, it’s not surprising that there is hesitation around the concept of citizen development. Phrases like “empower business users” are frequently espoused, but, cynically, isn’t citizen development just shadow IT in a different wrapper? If an enterprise is encouraging end business users to develop their own applications, is it sanctioning shadow IT and all the costs and issues that come with it?

Citizen Development is not Shadow IT

Personally, I strongly disagree with that sentiment, but it’s easy to see how someone could reach that conclusion. A PMI survey found that lack of IT governance and control is one of the top three barriers for increased adoption of low-code/no-code platforms.

Link between Citizen Development and Shadow IT

For enterprises to feel comfortable deploying and scaling citizen development, the concern of shadow IT and rogue software must be addressed head-on. PMI’s latest handbook, “Citizen Development: The Handbook for Creators and Change Makers,” starts to do just that.

PMI clearly states that effectively deploying citizen development isn’t about circumventing existing controls or finding work arounds. As stated by PMI, effective deployment requires enterprises to “engage with IT to excel in citizen development. IT needs to be a collaborative partner, the owner of access and permission controlling, as well as in charge of the protection and security of information.”

The right governance model allows enterprises to find the balance between empowering the business user while controlling and managing risks.  


Praveen Seshadri, the founder of AppSheet (a no-code platform) and now a Distinguished Software Engineer with Google, describes how enterprises can strike this balance: “So IT departments could easily say nobody can build an app that doesn't force sign in. And all the sign in must be through this identity provider and have your account access this data. And if you do, I'm going to know about it right away.” In this example, the business user still has the capacity to create and develop applications, but IT still retains full control. Rather than IT being developed in the shadows, it is carried out in the open with the full awareness of the IT department.


Not surprisingly, rather than fearing citizen development, with the potential for better oversight and control, IT department are embracing the low-code-/no-code movement. Coming back to Praveen, “That's one of the things that we're observing is that IT departments actually love the no code story, because it's not opaque, they can shine a light on it. It's a ‘What is this thing doing?’”

Ultimately, despite surface-level impressions, citizen development is the antithesis of shadow IT. It’s bringing application development into the light.

If you want to find out more, I'd recommend PMI's new book, Citizen Developer: The Handbook for Creators and Change Makers (available at 

Posted by Elizabeth Jordan on: February 05, 2021 09:29 AM | Permalink

Comments (9)

Please login or join to subscribe to this item
Ensuring that the security guard rails are in place, and then empowering and encouraging end users to work smarter, seems like a great idea for business.

Good piece of content Liz, thanks for sharing.

I personally feel that it's worth having the conversation with your IT / Tech department and request a safe and compliant environment to develop applications. In my experience, they are always willing to help and act as enablers.

I think it's that moment when LC-NC is no longer Shadow It.

Very interesting insights Liz. Thank you for sharing,

The biggest differences between shadow IT and citizen development, at least in how we're hoping to implement it, is that IT is provisioning the LC/NC tools/platform and controlling who can access what, and the end users in the business who build apps will be responsible for supporting them. There will be one source of truth for the data.

Great info Liz. Per Gartner "large enterprises spend 30 – 40 percent of their budget on shadow IT." and per and Everett Group estimates the Shadow IT impact even higher at "50 percent or more." Just think what they could do if they recouped even a portion of this expense. Thanks for sharing.

Collaboration is key moving forward. Thanks for sharing these great insights, Liz!

Jody, I couldn't agree more - up to 50% of the IT budget on shadow IT was shocking. Imagine reallocating that cost into empowering your staff through citizen development!

Very interesting post, and thanks for clarifying the difference between the two concepts.

Please Login/Register to leave a comment.


"Clothes make the man. Naked people have little or no influence on society."

- Mark Twain