In an earlier blog, I briefly mentioned governance in relation to the Citizen Developer. To start, I’ll explain to you what a Citizen Developer is. According to Gartner, it is an employee who creates applications for their own use or others. Using tools that are not actively prohibited by IT or business units. Therefore, Citizen Developers report to a business unit and often have a position outside of IT. They are usually business people with little IT knowledge who develop their own software. And that is precisely where a danger lurks. Are Citizen Developers now succumbing to their own success?
Citizen Developer friend or foe?
Today, we often see the Citizen Developer emerge hand-in-hand with the use of No-Code software. A solution that doesn’t require you to write code to create an application. But if you’re honest, you know that the Citizen Developer phenomenon has been around for a long time. I don’t know if I’m being too adamant, but I’m inclined to say that in every organization that now uses No-Code software, complex business-critical Excel workbooks and spreadsheets were used for quite some time before that. It is this form of shadow IT that is being addressed first by the Citizen Developers.
As with Excel, solutions are now emerging that are important to the business. Solutions that the IT department is not interested in because they are perceived as cheaper and they are also quickly ready for use. Therefore, I am often tempted to label this as ‘Excel 2.0’.
Deploying a Citizen Developer
The next step that is often taken is to employ Citizen Developers for Low-Code solutions. Like Mendix and OutSystems. You’ll then find that over time, the shoe starts to buckle. Because problems arise that stop the further modernization of your IT landscape. Which creates obstacles to your Digital Transformation. So that in doing so, compliance with laws and regulations is simply compromised.
What are the top 5 challenges of employing Citizen Developers?
- Does your Citizen Developer have sufficient knowledge of data modeling?
- Does your Citizen Developer have sufficient knowledge of rules about privacy?
- Does your Citizen Developer have sufficient knowledge of integration technology?
- Does your Citizen Developer know how to reuse existing solutions?
- Does the Citizen Developer communicate outside his own bubble?
Drafting Application Governance the solution
Now I don’t want to spoil the party of your Citizen Developers at all, but it seems unwise to let them have their way unlimited and uncontrolled. I strongly advise you to set up an application governance in which you make agreements and regulate the way in which control will be carried out. Using the 5 points mentioned above, I will show you why this is necessary.
ad 1. Does your Citizen Developer have sufficient knowledge of data modeling?
For example, how is a person’s name recorded? Sometimes the Citizen Developer chooses to use a single text field because no more is needed. Better to split the name into title, initials, middle name and surname. It might even be helpful to record the birth name as well. And loose also the first name. Very basic, but illustrative of why knowledge of data modeling is necessary. And of course you can extend this to not splitting up, for example, an order and its associated order lines. Or all kinds of addresses.
By including in your Application Governance at least the basics of data modeling and, where possible, training your Citizen Developers in it, you can solve this pain point in many cases.
ad 2. Does your Citizen Developer have sufficient knowledge of rules about privacy?
The rules about handling privacy-sensitive data or data that can uniquely identify a person have tightened considerably in recent years. The question, however, is whether your Citizen Developer knows that you are not allowed to store just any BSN number or credit card number. And what about religion or sexual orientation.
Again, you can include in your Application Governance rules that people must follow. And of course, training can help here too. Yet it is precisely at this point that the difference between a “regular” developer and a Citizen Developer may come into play. One is engaged in application development on a daily basis. The other only occasionally. Especially when you don’t deal with it on a regular basis, chances are you don’t have these rules fully in focus. Randomly checking for this can therefore do no harm.
ad 3. Does your Citizen Developer have sufficient knowledge of integration technology?
Perhaps integrating with other systems is not exactly the most logical activity for a Citizen Developer. And that is precisely the problem. The strength of an IT landscape in which Intelligent Information Management has been properly implemented is that through integrations with other systems, duplicate storage of data is avoided. And in this way it is ensured that the correct information is used. There is one place where users are stored. There is one place where documents are stored. There is one place where the organizational structure is defined. And so you can name many more examples. To make use of the power, you must integrate with it. Unfortunately, this is very close to programming and is not easy for every Citizen Developer.
ad 4. Does your Citizen Developer know how to reuse existing solutions?
Integrating as discussed above is a form of reuse. But it is also wise as a whole application to promote reuse. Because Citizen Developers do not work in one department but are spread throughout the organization, they are unlikely to be familiar with whatever has been created elsewhere. And that’s quite apart from being able to technically reuse. On balance, this wastes hours of work, potentially duplicates data, and misses the opportunity to join forces and improve processes.
ad 5. Does the Citizen Developer communicate outside his own bubble?
In the tradition of beautiful Excel spreadsheets, many Citizen Developers will be busy creating an application for their problem in their environment. Within an IT department, there is normally oversight that transcends all business units. Synergy is then less difficult to achieve. For the sake of speed, such a bubble can work quite well. In the long run, however, it does not. In the end, you then create the next generation of shadow IT.
Prevent disorder and apply structure
How then to proceed you will think. Just as you set up Information Governance, you can also set up Application Governance. Starting with the basics and progressing to a model where there is a clear distinction between 3 layers. The first layer is the formal IT landscape. Fully under the control of IT. The third layer is the one where the Citizen Developer has all the freedom within the agreed limits. The second layer in between will be an interplay between Citizen Developer and IT. In that layer, there will be collaboration with varying contributions from IT to support and control the Citizen Developer. Perhaps “Rapid Development under Architecture” is a nice label for this layer. Then again, what exactly that is, I’ll be happy to explain in a future blog.
Or contact us directly so we can explain this in person.