The previous article in this series covered the elements organizations should consider in order to get started with citizen development. In this article, I’ll be looking at a fundamental part of successful citizen development strategies: governance.
The question is: how do organizations balance the need for visibility and security on one side, with a need to keep up with changing markets and speed up the delivery of digital products and services on the other?
Business-led development without governance is shadow IT
With the demand for digital services continuing to skyrocket and experienced developers few and far between, the business side of many organizations has found itself backed into a corner. There are only so many times business-side employees can see their innovative new ideas for processes, products, and services go to the bottom of IT’s ever-growing backlog.
For some time now, this handicapping of the business side has driven employees to start building their own solutions – regardless of whether IT is on board or not. This is what’s known as shadow IT and it can take the form of spreadsheets, messaging apps, external drives, and more.
The problem with shadow IT is that, by its very nature, it creates a multitude of risks to an organization. These risks can include the improper – and even illegal – use of data; widespread duplication of data; a lack of visibility; increased vulnerability to cyber-attacks; and more.
How does citizen development solve the problem of shadow IT?
When the challenge is that business employees will always find a way to build their own solutions regardless of IT’s involvement, the logical step is to provide them with a safe and governed way to do so. This is citizen development.
By giving business-side employees access to low-code and no-code platforms, you’re giving them an effective tool to solve their problems whilst providing IT with a way to govern everything they build.
Light-touch governance
The key to citizen development is to empower a new breed of developer without unnecessary limitations. By providing light-touch governance, business-side employees are free to work within the sanctioned environment IT provides, and risk is minimized when it comes to the most essential parts.
It’s all about layers. Think of it this way: any governance you provide is better than no governance at all, which is the reality for many organizations. With no-code and low-code platforms, IT can now set permissions and roles according to the level of risk. Governance should be reasonable, rather than restrictive.
How will citizen developers fit into the broader IT space?
It’s important that citizen developers follow the existing workflows and protocols within the full scope of IT’s efforts. An example of this is ensuring data coherence and standards for data handling.
A good starting point is to establish a master list of authorized data sources with a network of APIs to guide citizen developers and create a robust IT ecosystem. Establishing a clear plan for the data that citizen developers will work with, and how they work with it, creates alignment with the IT department and also serves to mitigate security risks.
When should citizen developers contribute to application delivery?
Organizations should also consider how to prioritize which applications will be built by citizen developers, and set guidelines as to the expectations for citizen developer output. For example, will departmental workflow applications or customer-facing apps take priority? How much of a citizen developer’s time should be allocated for application development and delivery, considering that it is probably not their primary role?
Accelerate innovation without losing control
When it comes to governance, low-code and no-code platforms create a win-win for the business and IT. IT has a transparent overview of all of the business side’s software activities, and is able to ensure everything is safe and secure. At the same time, the business side now has a central tool with which citizen developers can build solutions continuously, thereby improving their knowledge and skills with every project.
In other words, the risk to the organization decreases, and the speed of innovation increases. The business side can execute on its needs and ideas, and IT can focus on more than simply “keeping the lights on.”