April 5, 2022 Software Development

The Citizen Developer: Promises and Perils of a Low Code World

There’s a movement to democratize IT and empower anyone in an organization to develop the applications they need—the citizen developer. It’s touted as a way to boost efficiency and collaboration, save money or quickly solve a department challenge without needing to engage with an IT department that’s already stretched.

But are citizen developers and low code platforms a double-edged sword? When does citizen development make sense and how do you make it work? Let’s dive in.

Who is the Citizen Developer?

These are individuals within an organization who have access to low code development platforms, such as Microsoft’s Power Platform, where they can design and build their own business applications. These can be apps for personal use or for their team.

While low code platforms are hailed as simple to configure and deploy without coding expertise, the reality is a bit more complicated. We explored the pros and cons of low code development platforms in a previous post.

That said, there are scenarios in which empowering your citizen developers can be beneficial.

Opportunities and Risks of Citizen Development

The Opportunities

Consider a situation where you’re planning to hire a new employee, and you’re flooded with applicants. You want to extract details like application date, applicant information and key experience from these emailed applications into a single dashboard without mind-numbing cutting and pasting.

Or for those of us who have to submit daily time sheets, we can save huge amounts of time if we don’t have to re-enter the same information in every day.

These are just a couple very simple examples of where a citizen developer could quickly and easily create an automated workflow or small application to drastically improve personal efficiencies. The possibilities are tremendous and for staff, it can be rewarding to know that you’re solving a personal headache and you don’t have to wait for IT to help you out.

The Risks

What starts out as a simple application or tool can take on a life of its own, quickly growing as others in the organization adopt it or expand its use. We see this situation often. An application was built for a simple purpose and becomes a mission critical tool it was never designed (or architected) to be.

It’s important to realize that the citizen developer movement is tied into the concept of Shadow IT, which has been creating issues for a while now. Departments in a company will procure and deploy technologies or tools without informing IT. On the surface this might not seem like a big deal, but the trouble starts when that application or tool fails and IT are called in to help fix issues, or recover mission critical data, from an application they never knew existed.

Gartner studies have found that shadow IT is 30 to 40 percent of IT spending in large enterprises, and our research at Everest Group finds it comprises 50 percent or more. CIO


Similarly, applications built by citizen developers can create security and operational issues if they are not correctly architected and implemented.

It’s Not Just The Code

While low code platforms are readily understandable by people without programming expertise, it’s more than a simple drag-and-drop widget. You can build some very powerful tools, and you know what they say: “with great power comes great responsibility”.

Just because you can build an application on your own to perform a specific task or automate a workflow, doesn’t mean you should. Or at least not without some careful consideration.

For example, (and as we discussed last time), Microsoft Power Apps come in different types – Canvas Apps and Model Driven Apps. Knowing which one is best for a particular application is a critical consideration and takes a deeper understanding of application development.

There’s a lot to consider before building any application big or small such as: business requirements, architecture, scalability, integrations, rights and security, data accuracy, documentation, and ownership to name a few. It’s also important to make sure that your application doesn’t just work well today but can be adapted for anticipated future needs.

IT pros and software developers have the expertise to take a more wholistic, longer-term view and to architect a solution that is flexible, scalable, and secure, while minimizing the number of rogue applications within your organization.

 80% of the time a simple app becomes something bigger than what it started out as. Whitecap

When Citizen Development Makes Sense

Low code solutions put a lot of power in the hands of its users. It might be tempting to prevent all development outside of IT but that’s not the best approach. A more effective strategy is to establish clearly defined and communicated parameters for any development that takes place outside of IT. That way, everyone knows and understands the rules for citizen development efforts.

Citizen development applications work really well when:

  • They’re for personal use by only one staff member or a small team.
  • They’re designed to help automate repetitive, manual tasks.
  • The application and its data don’t impact or won’t potentially alter mission critical data or reports.

Making Citizen Development Work: Governance is Key

So where does this leave your business? Do you open up the flood gates and let your employees do as they please or do you clamp down on citizen development entirely? The solution, as is often the case, may lie in the middle.

The key to making citizen development work is good governance. The IT team creates the underlying infrastructure, giving appropriate staff access to low code software so they can build their own applications on top of it. But the IT team creates the rules and oversees usage. Microsoft has some helpful articles to get you started.

Governance sets guideposts for what can and can’t be developed outside of IT and can help ensure that enterprise-wide security is safeguarded.

Governance models will vary based on the company, but every company should provide very detailed guidance and examples for how and when you can develop your own applications. It should also outline approval processes, define training requirements, and restrict access at certain levels while placing limits that safeguard corporate security.

Revisiting the governance process regularly will also help ensure it remains relevant and appropriate for the tools that exist in the organization.

Do you need help with your Power Platform strategy, implementation, and governance? Let’s chat.