Defined by Gartner as “a user who creates new business applications for consumption by others using development and runtime environments sanctioned by corporate IT”, the idea of a non-IT professional in an enterprise business department developing applications that are specialized for his/her area of the business is rapidly gaining traction as a corporate business strategy.
Last year, Gartner surveyed businesses and found that 41% of interviewees already had citizen developers, and another 20% were planning for them.
To support these citizen developers with little formal IT knowledge, a plethora of low-code application development tools has entered the marketplace, but invariably citizen developer applications have to be integrated with other systems in the enterprise -- a job that is left for IT. Many of these new apps don’t meet the full terms of Gartner’s citizen developer definition, either, because users develop apps on their own that are not “sanctioned by corporate IT” or conforming to corporate IT standards.
In short, IT must be involved. Here are eight steps that IT can take to preclude issues and ensure that citizen development efforts stay on track:
For consistent application development practices, compliance and security, IT has three choices: Deal with shadow IT, and just hope for the best; give end users the tools to develop their applications and just hope for the best; or actively partner with end users as these users develop applications and use application development tools.
The third alternative is preferable, but it means that IT must do more work visiting with users and coaching them in new para-IT skills.
A mutually respectful partnership in which IT staff and end users can share ideas and also new technologies and application approaches can be a great combination. It enables end business users to become more educated in the toolsets and applications they develop; and it enables IT to develop keener insights into the business and what the business needs.
2. Asset management
With the growth of shadow IT, many cloud-based services and other systems and applications may have come through the door without IT knowing about them. This creates risk, because there no longer is a central function in the enterprise like IT that can account for all the company’s IT assets.
You can periodically perform physical inventories of corporate IT assets by going from user department to user department, but an easier way is to invest in an IT asset management system that registers new IT assets when they arrive and are installed -- and that can also automatically detect these assets on networks when they come online.
For example, if a user subscribes to a new cloud service, you can have visibility of that new service coming onboard through your network, even though you weren’t informed.
This automation gives you a “heads up” to new entry points for security breaches that you need be aware of.
3. Communication and collaboration
It’s easy to become introspective and focus on immediate projects and deadlines, but IT business analysts should also actively mingle with end users to stay current with user IT needs and activities.
The sooner IT inserts itself into conversations about cloud services and systems that users might choose to fund on their own, the more IT is in a position to help with what certainly will evolve into calls for help with system implementations and support.
If IT actively collaborates on user “citizen development” projects, there is also a better chance that any new systems, services, hardware or applications brought in by users will be compliant with company standards.
Now is the time to fill the gap if IT is short of individuals with the people skills needed to communicate and collaborate with others.
4. Centralized data management
A mid-sized company with 251-500 employees uses an average of 123 applications, according to a survey conducted by Blissfully in 2019. That number goes up to 203 different applications for companies with 1,000 or more employees.
Many of these systems are independent of each other. They are brought in by users and become data silos that are only used by those users. If user citizen developers employ business intelligence and analytics tools of their own, the data repositories that are separately required by these systems can rapidly devolve into data silos on their own.
From both business and IT standpoints, the goal is to have users throughout the company use “single version of the truth” data. Independent data silos using their own data don't facilitate this. Instead, they create risks in business decisions because they could carry faulty and inconsistent data.
The good news for IT is that users don't want the burden of having to curate their own data.
It is in IT’s (and the company’s) best interest to get all this data into a single repository that can regularly refresh and repopulate data in distributed user department repositories. This guarantees that users throughout the company are drawing from the same clean, vetted, secure and current data.
5. Checking status of report and application usage
Remember how you did all that user report “spring cleaning” once each year, identifying reports that were never or seldom used, and then asking users if they still wanted the reports? It was a good way to clean out shelfware that IT no longer had a reason to maintain.
The same goes for applications and reports that are now being developed by citizen developers.
Unless IT takes the initiative, it’s unlikely that users will clean out shelfware. This wastes storage resources and has the company paying for software licenses it isn't even using.
A simple approach is to extend ITs yearly evaluation of data and applications that aren’t being used to the data and applications in user areas. The “idle” list can then be reviewed with users so you and your users can determine what to discard.
6. Security and zero trust networks
Users in areas like manufacturing and the warehouse still shout IDs and passwords over the wall and can forget to lock server cages at the ends of shifts. It’s understandable since they aren't IT, and their primary focus is on other areas of the business.
One way IT can shore up security in edge-computing environments is to implement zero trust networks that monitor every IT asset that's on the network, allow access to these assets only to users with the proper credentials, and immediately notify IT of any breach of protocol.
IT’s ability to remotely monitor and control zero trust networks ensures that no one uses network resources without IT knowing about it.
The days when IT operated out of a glass house and set all the rules for users and IT are long past. However, the need to control and maintain IT assets hasn't gone away.
With users now in charge of more edge IT applications, IT and the company can benefit if IT trains users in para-IT skills so that users minimally understand what they must do to secure and manage IT at the edge.
Yes, IT can use zero trust networks to gain visibility of even the outermost edges of enterprise IT, but it’s still advantageous to train users in basic IT governance and maintenance skills that they can apply on the spot, without IT having to intercede in every case.
8. Vendor management
Even if users bring in new applications and vendors without IT knowing about it, users don't excel in vendor management. There will be times when vendors fail to meet SLAs or when vendors provide poor support, and users will go to IT.
The temptation might be to tell users that they’re on their own, but the better choice for everyone is for IT to jump in and get involved.
Check out these InformationWeek articles on low-code and citizen developers:
Modern App Dev: An Enterprise Guide
Do Self-Service and Low-Code Curb Shadow IT?