Can citizen developers move shadow IT into the light?

Citizen developers can produce valuable businesses applications quickly, but is speed to market worth the risk of security and compliance considerations flying out of the window?

woman code laptop developer programming
Credit: Shutterstock

Citizen developer tools that allow business staff to build applications are becoming increasingly powerful and can lead to important productivity gains.

That’s the view of Mark Driver, a research director at Gartner. He expects citizen development efforts to expand significantly over the next five years.

A key reason for this is the accelerating enterprise use of cloud-based software platforms that allow citizen developers to access corporate data more easily than data stored on servers in corporate data centers controlled by the IT department, he says.

But here’s the problem. Many citizen developer platforms purport to offer data access and other controls to help ensure regulatory compliance, but Driver says that these are often of limited use.

"Compliance controls? Vendors over-hype them and the truth is that citizen developers are essentially ignoring regulatory and compliance issues," he says. "Some platforms do look after that, but there are examples of apps built with citizen developer tools that completely ignore privacy and compliance issues."

But business users want to use citizen developer tools because they get tired of waiting for IT departments to develop applications they need want to make their jobs more efficient.  That means IT departments have little option but to embrace citizen development while keeping a watchful eye over it, Driver says.

"If citizen development is done properly in partnership with the IT department, then that can work," he says.  "There is a distinction between people who develop unbeknownst to IT – we call that shadow IT – and citizen developers who work in partnership with IT."

[Related: 9 bad programming habits we secretly love]

Some organizations have already established these sorts of partnerships, but Gartner expects 70 percent of large enterprises will have done so by 2020, up from just 20 percent in 2010.

There is good reason to do so, Driver believes:  Gartner expects that 50 percent of companies without formalized control and management of citizen development policies will encounter substantial data, process integrity and security vulnerabilities by 2020.

Filling in the gaps

One company that is heavily invested in citizen development is Mich.-based specialty fulfillment company Helm Incorporated. It uses a cloud-based citizen development platform called Intuit QuickBase.  Michael Wacht, the company’s vice president of operations and a former CIO, says he wants to give business users the capability to develop their own applications to fill the gaps between the applications offered by the IT department.

"As we are a service business we have lots of unique needs, and we were so frustrated with the backlog of applications we were waiting for that we decided to let our teams develop them themselves," he says. "It turns out we can develop an application faster than we can document a process.

Helm's experience is that employees are able to develop useful applications without having any formal programming skills. This is consistent with a recent study of QuickBase users carried out by Intuit which  found that only 8 percent of respondents had traditional coding skills in coding languages like Java, .NET, C++ or Ruby, yet 68 percent considered developing apps to be part of their job.

"We find that our staff want to learn to use QuickBase as they want more control in their domain," says Wacht. "Advanced Excel users are the perfect candidates,” he adds.

As an example of the type of application being developed, Wacht highlights a merchandising team at the company that sells shirts, stickers and other items with company logos attached.

 "That team generated about 3,000 spreadsheets over a space of two years, and they would circulate these spreadsheets every day. The first app that was developed was a fairly robust database with 256 fields, and it was very successful as it cut out errors and saved a lot of time.”

The company now uses 30 applications built using the platform, and Wacht estimates that 95 percent of staff use at least one every day as a critical part of their jobs. Thousands of spreadsheets have been eliminated, and overall he estimates the company has saved around $250,000 by getting rid of process redundancy.

As far as compliance procedures are concerned, Wacht relies on the controls that the QuickBase platform provides, and which are configured by IT department administrators.

Much of the data that these user-developed applications require is customer-related, but Wacht is not worried that it is being used in citizen-developed applications.

“I like to remind people where the data came from," he says. "Before, it was in emails, faxes, phone calls and was not controlled at all. Now it is controlled much more rigorously in the QuickBase applications, and that’s what I say in an audit."

A DIY ethos fuels the hands-on approach

In general the types of applications that are suitable for citizen development are ones that make peoples’ jobs easier by automating a process, believes Karen Devine, global marketing and channels leader at Intuit QuickBase.

[Related: The terrible 10: Programmers’ biggest frustrations]

Devine adds that younger workers expect to identify and solve problems themselves. “If the technology means that you don’t need coding skills and is accessible then the people closest to the work are the best people to design the solution to a problem,” she says.

Devine says that citizen development should be thought of as a natural extension of the trend that has seen business users generating their own documents instead of using a secretary in a typing pool or someone else to create them.

"In the past we had a PowerPoint pool, and I would write an outline of a presentation on a piece of paper and someone would turn it into a PowerPoint file. But if I didn’t do it quite right then it would have to go back and be changed. Now it’s much easier: I know what I want and I just do it myself."

Another way that citizen developer tools can be used, Devine suggests, is to get IT departments to do the majority of the app development work – including ensuring that compliance and security is baked in – by creating “application templates.”

"These ‘mostly done’ applications can then be given to business users who then develop the last mile, making minor changes and customizations and taking on responsibility for updates and maintenance," she explains.

But even if they sanction and supervise citizen developers, the biggest problem for IT departments is the risk that some business users will also turn to shadow IT:  developing other applications behind the IT department's back.

"There nothing that a CIO can do to stop this from happening," warns Gartner's Driver. "These users work for different people, and the only person they have in common with the IT department is the CEO.

"So all the IT department can do is attempt to educate people in terms of the benefits and the risks, and try to influence the decision to become a citizen developer rather than a shadow one," he concludes.

This story, "Can citizen developers move shadow IT into the light?" was originally published by CIO.

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
Windows 10 annoyances and solutions
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.