Governance for citizen developers
Blog: Auraportal Blog
Working with multidisciplinary teams and
establishing a governance strategy applied to the citizen developer (business
user with little technical knowledge) is a complex task that requires an
organized centralization, and ability to coordinate the different areas of the
The concept of citizen developer starts with the first office applications. Tools such as Office or Lotus Notes, practically from the beginning, incorporated utilities for non-technologically qualified personnel to create automatisms that execute repetitive tasks, maintain a database, or manage a spreadsheet.
However, on many occasions, these
applications have been developed without any control, generating information
silos, security breaches and organizational chaos.
GOVERNANCE ISSUES FOR CITIZEN DEVELOPERS
The current demand for application generation makes it totally unfeasible for the IT department to remain solely responsible for generating them and encourages the democratization of software development.
In this context, low code development
platforms are entering the business world with great momentum, and are becoming
the central axis of its digital transformation, since they not only allow the
creation and modification of software much faster than traditional programming,
but also enable the business user to participate in software generation.
The ease of development, and reduction of
delivery times, can end up having a negative impact on the company’s
organisation if the number of applications created with these tools grows
significantly in an uncontrolled manner.
Governance is the determining factor that
turns disorganized and unauthorized employee initiatives into successful citizen
development. A low-code platform is the tool that enables these strategies to
be executed and empowers employees from different departments to get involved
in the application development process and contribute their business knowledge
to the software development.
GOVERNANCE FOR CITIZEN DEVELOPERS: THE IT DEPARTMENT
“A governance model is the backbone of any citizen development program”.
Today more than ever, organizations need IT
to lead governance strategies that enable the full integration of citizen
developers within the organization and ensure compliance with structural system
As mentioned above, integrating citizen
developers into the organization without IT oversight and mentoring can result
in a multitude of unsupervised applications that generate information silos,
data inconsistency, duplication, and security breaches in the system.
A good strategy requires clear objectives
and specifying what you want to achieve with your citizen developers. The key
to success is being able to work with multidisciplinary teams that work in tune
with the IT team to create applications that contribute to improving company efficiency.
The fundamentals that any governance system must cover are identity, access management, compliance with data security standards and regulations governing the systems. Generally, these concepts will be defined centrally and will answer the following five questions:
Who creates applications using the low-code platform?
In general, professional developers bring a
lot of knowledge to the areas of application design, performance and
reliability, however, it is the business experts that know what is really
It is very common for business users to complain
about the time they spend explaining their needs to developers, so
incorporating them into software development tasks seems to be the most logical
Software development work today is undoubtedly
a multidisciplinary task and it does not make much sense for the IT department
to have this task exclusively.
It will therefore be necessary to establish
which people will perform citizen developer functions and ensure that they are
provided with a low-code tool that allows IT to set the access permissions and
privileges that are needed.
How are applications created within the low-code platform?
A strategy that relies on a single
development platform will help unify the software, and eliminate the risk of having
applications, spreadsheets, or any other type of untraceable or unmonitored
If the organization already has established
guidelines, the citizen developer must comply with them, and be respectful
toward the existing way of working in the development and delivery of
applications. If the existing workflows and protocols of an organization are
followed, the integration of the citizen developer will be faster and more
The use of a low-code platform will
facilitate software development for citizen developers, and provide the
technological support necessary to naturally adapt to modern development and
delivery methods: Agile, DevOps, etc.
The intended outcome is that all citizen developers have a common way of working that works in tune with the IT department.
What separates a strategic and coordinated citizen developer program from unauthorized IT activity is the use of a common platform.
What types of applications will citizen developers create?
There are basically three ways of
approaching the type of applications that citizen developers can create:
- Development of software for a
single department or business unit.
- Applications of a certain type,
such as databases or workflow applications.
- Developments by classes or purposes,
such as applications focused on interacting with agents outside the
organization, or non-critical departments.
When do we create applications on the low code platform?
It is necessary to have a plan for citizen
developers in order to establish priorities and production guidelines:
- Will customer-oriented
applications or applications focused on departmental workflows have priority?
- Considering that a citizen
developer will probably have other functions in the company, how much time will
be allocated to the creation of applications?
In which departments are the applications created?
In general, business units or departments
can take responsibility for setting application priorities and delivering most
applications, but they are dependent on the IT team or a cloud provider to
operate the platform and its infrastructure.
In some cases, it is the development and
delivery teams that take responsibility for operations, and the management
teams that set the priorities.
SUPPORT AND SERVICES THAT GUARANTEE THE GOVERNANCE OF
Close collaboration between the IT
department and the citizen developers is a key factor in ensuring a successful strategy.
IT departments must guide and help citizen developers to improve their
techniques and supervise development activities.
Building a community
Knowledge of the organization is a very
important value of the organization and sharing it is essential to achieve good
In this spirit, citizen developers must not
only collaborate with the IT team, but also extend this collaboration to other
Citizen developer communities are necessary
to share skills and knowledge, but they also optimize work since they provide a
space to share software.
It will also be necessary to establish a
protocol that defines who should be in charge of this support in the
applications developed by citizen developers.
Training citizen developers.
Citizen developer must attend training and
demonstrate that they have the necessary knowledge to develop applications with
the low-code tool.
In addition, the IT or operations teams
will have to inform them about the connected systems and provide them with a
list of relevant data.
An ongoing training program with Webinars and workshops will enable citizen developers to acquire new skills and ensure they receive the support they need.
Security risks are always the first issue
raised by critics of citizen development. They argue that since it is not
possible to control it, it will only result in non-compatible and vulnerable
However, as we have seen, centralizing the
activity of the citizen developer through a low-code tool and establishing a
governance strategy will allow us to control the software.
On the other hand, the specific security features of low-code software such as AuraQuantic will contribute to eliminating vulnerabilities.