3 Key Considerations for Governing Citizen Developers
Low Code and No Code Governance Explained
Add bookmarkIf you like what you read here, don't forget to register for our upcoming virtual event, Low Code Automation: Digital Transformation Democratization taking place April 12-13, 2022.
In a world where time, resources and IT talent are ever more scarce, low code and no code tools allow non-IT professionals to do what was once unthinkable: build their own applications with minimal IT involvement.
Given that such tools allow users from all types of backgrounds to accomplish the proverbial “do more with less,” it's little wonder that no code and low code tools are becoming increasingly popular. In fact, a 2021 study conducted by Formstack found that 20% of workers have adopted no-code tools, 66% within the past year and 41% in the past six months. In addition, earlier that year, Gartner forecasted that low- and no-code app platforms will eventually account for 65% of all app development by 2024.
Though low/no code tools have the potential to add great value to an organization, they must be adopted with care in order to do so. To start, though they may require less technical expertise than traditional methods, they still require substantial training and oversight. In the wrong, ungoverned hands, low/no code tools can easily lead to increased shadow IT, security risk and system complexity amongst other problems.
In order to ensure success, a governance framework for low and no code projects is essential. Here are 3 key considerations for doing just that.
Create a Centralized, Multi-Functional Team
One of the pervasive myths about low and no code tools is that they require little to no involvement from IT. However, this couldn’t be further than the truth.
In fact, perhaps more than any other technology in existence, low and no code tools demand cross functional collaboration. While citizen developers may be embedded within business units, they must work hand in hand with pro-coders and other stakeholders to ensure applications are effective, secure and deliver expected business results.
As such, low and no code governance teams must include experts from IT, security and business unit heads.
Empowering the Citizen Developer
Who is your citizen developer? What departments are they in? What is the minimum amount of training they need to effectively operate low code and code tools? Who approves applications once they are built? Establishing the who, when, where and why should be a fundamental component of your governance strategy.
One thing to keep in mind is that different departments will likely have different governance needs. For example, highly regulated departments such as finance and HR may require tighter controls than sales or marketing. While some teams may be eager to experiment and innovate with these tools, others may require more guidance.
As with any powerful technology, both innovation and risk prevention require substantial skill. Laying out clear cut rules regarding how much training is required to use the tools and how it can be obtained is especially important.
Create a Citizen Development Governance Command Center
To ensure frontline users have access to the resources and guidance they need to succeed, consider creating a citizen development governance command center. A centralized hub for all things citizen development related, command centers such as these not only help train and mobilize the citizen developer, they also drive app development standardization.
Embrace a Security-First Approach
One of the biggest downsides of low and no code solutions is their inherent security risks. By nature, most low-code tools will use proprietary languages, frameworks and libraries. It can be challenging, even for security experts, to adequately analyze these tools for hidden security vulnerabilities. Secondly, an inexperienced citizen developer is less likely to identify potential security vulnerabilities in a newly built application.
Your governance strategy should not only outline appropriate use cases, but limit which capabilities and enterprise data are available to which users. There must also be a thorough approval process to ensure citizen developer-built apps meet security standards.