Having last time looked at the rise of citizen development, today we’ll be looking at associated risks and how to keep track of your platform. Though citizen developers can drive significant efficiencies, they also have their downsides.
Citizen Development Risks
Most of the risks of citizen development stem from a single route cause. Such ‘developers’ lack in-depth knowledge and experience in IT. They might be exceptional at solving localized problems, but their narrow scope means things are overlooked. And it’s here that their lack of an IT background can cause problems to emerge such as:
- Unsophisticated development processes (e.g. developing straight into production)
- Lack of consideration for platform architecture
- No concern for security or compliance rules
Incorrect Procedures
Now the first issue listed above is not necessarily a catastrophe. However, it’s enormously risky and certainly never best practice. An IT professional with knowledge of different methodologies, having formal testing processes and the concept of version control would immediately understand why it was a bad idea. However, to the inexperienced citizen developer, they are often unaware of the associated risks and developing in production often best fulfills their drive for efficiency. This highlights one important role that IT must play when employing citizen developers to gain extra capacity – they must train them on the importance of procedure. They must also make sure it is enforced.

Shadow IT & Citizen Development
Shadow IT is something we’ve touched on before. But what exactly is this scary sounding concept? Well, it’s essentially what happens in the unobserved parts of your platform. The changes that are made that the platform owner and architects don’t see or support. And the larger the object (in this case the platform) then the larger the shadow cast. Through manual means, it is impossible to keep track of everything.
With a centralized IT team, shadow IT should not be an issue. However, citizen developers may have little understanding of platform architecture. We’ve also established that IT’s resources are often busy elsewhere and leave citizen developers to manage their immediate area. This may very well work out for everyone involved until IT comes back to that part of the platform, looking to expand it and sees a cluttered mess.
The important thing here is oversight. Keeping track of what changes are being made and when in the platform is essential. This can stop the introduction of vast quantities of technical debt and also ensure that IT has a cleaner platform that is easier to maintain and scale. In most cases, one might also expect an absence of documentation explaining each decision, which can make a platform very difficult to unpick further down the line. Automated tools can shine a light on the shadows and let you see what your citizen developers have been up to. This ensures greater platform control for managers and prevents unexpected roadblocks.
Security Concerns
The most serious case of citizen developers not having IT experience can occur with security and compliance issues. They might not understand the implications of duplicating code, or might decide to use an open source library against internal rules. IT professionals with experience and training in architecture will have worked hard to ensure the safeguarding of corporate data. However, citizen developers could well provide accidental access to those who shouldn’t see it. With these implications in mind, it’s vital that IT takes an interest in understanding their platform evolution. While they might not have time to do all the development, the ultimate responsibility for platform security lies with them.

Citizen Development Governance
So how to go about keeping your citizen developers on track? Firstly, you can establish a list of shared best practices and gradually introduce them to improve standards. Secondly, ensure you have the proper tools in place to take stock of your platform inventory. You can’t control what you can’t measure. Once you have an overview, it’s time to implement governance policies and act. You might also want to think about our quality gating tools for citizen developers, letting them learn autonomously on the go.
Above all – make sure you establish regular communication channels with citizen developers. Working with them and understanding what they’re doing is beneficial for both IT and individuals. The citizen developers will appreciate learning more, especially if it permits them to do more themselves, and IT will get a greater understanding of day to day platform issues.
Conclusion
Citizen development is an immensely important part of modern platform development and will only increase over time. Therefore, it falls on IT to make sure internal procedures and tools are in place to monitor and govern and ensure the platform remains secure and under control. Working together properly, IT and citizen developers can greatly increase platform development while not compromising quality.