Understand Citizen Development (CD) Risks: Mitigate and Avoid Them with a Citizen Development Center of Excellence (CD COE)

By Jim Hutcherson, VP, Low-Code/No-Code COE

As agencies increasingly look to empower their business subject matter experts (SMEs) and give them the freedom to create solutions to meet their mission, citizen development has become a popular way of building applications quickly. While citizen development comes with several advantages, it also poses various risks that must be managed for the organization to reap the total rewards of this approach. In this blog post, we will discuss a few risks associated with citizen development, such as lack of IT expertise and knowledge, security risks, compliance and regulatory issues, integration challenges, and maintenance and support issues—all of which have the potential to impact the mission and deliverables for CIOs, business executives, and government agencies who undertake a citizen development approach.

What is Citizen Development and Why it Poses Risks? 

Citizen development is a growing trend where non-technical users create software applications without formal IT training. This allows agencies to save time and money by not relying on IT professionals for every new or updated application needed to meet their mission. However, this methodology also poses significant risks if not addressed. Non-technical users may have yet to gain the necessary knowledge to create secure and functional applications, resulting in potential security breaches, data loss, or even total system failure. Companies must understand the risks and implement proper training and oversight measures to mitigate the potential dangers.

How a Lack of IT Oversight Can Be a Risk. 

With the rise of cyber threats, lacking IT expertise and knowledge can be a considerable risk. This is especially true for government agencies that may have an ever-growing demand for more technical solutions. However, relying solely on citizen development, with a lack of IT knowledge, can lead to vulnerabilities when it comes to data security, technical debt, application updates, and data availability. It’s essential to invest in citizen development supporting resources to address cybersecurity measures and stay up to date on the latest IT developments so that you can protect your agency. A CD COE with the knowledge and support framework can mitigate and avoid the risks outlined below.

Security Risks When Using Citizen Development. 

With citizen development, SMEs with little to no coding experience are tasked with creating applications using the Low Code Application Provider (LCAP) tools. This can unwittingly open security vulnerabilities that could compromise sensitive data. The CD COE needs to manage citizen development carefully, with strict guidelines and oversight from IT professionals, to ensure that security risks are minimized, and data remains protected. As with any technology, the benefits of citizen development are substantial, but it is vital to establish clear security guidelines, and process and data reviews that include application access and data sharing rules.

Compliance and Regulatory Issues to Consider.  

Citizen development is a game-changer in its ability to deliver solutions to a large user base quickly. However, with great power comes great responsibility, and compliance and regulatory issues have become a top concern for most organizations. Citizen developers may have a different level of knowledge or training than professional developers, which can lead to unintentional violations of regulations such as GDPR, HIPAA, or PCI DSS. Ensuring citizen developers have access to the proper training, tools, and CD COE guidance is crucial to mitigating these risks and maintaining regulatory compliance. As the use of citizen development continues to grow, agencies must take a proactive approach to address these issues to avoid costly penalties and damage to their reputation.

Integration Challenges with Citizen Development Solutions.

Agencies face new challenges when integrating citizen development solutions with their data. One major obstacle is ensuring that these solutions adhere to security and compliance standards, which can be particularly challenging when developed by non-IT personnel. Moreover, citizen development solutions often involve a mix of different technologies and tools, making it difficult to integrate them seamlessly with other systems. The key to overcoming these challenges lies in adopting a more strategic approach to citizen development using a COE, which includes establishing clear guidelines and standards, educating citizen developers, and leveraging low-code reusable components to facilitate integration. By doing so, agencies can take full advantage of the benefits offered by citizen development solutions while minimizing the associated risks.

Maintenance and Support Challenges that May Arise with Citizen Development. 

Citizen development has opened new possibilities for agencies to innovate and scale at a faster pace. However, maintenance and support challenges may arise with these citizen development applications. For instance, non-technical citizen developers may need more knowledge to handle complex issues that occur during application release, LCAP updates, and application maintenance. Additionally, changes to the technology used in the application may render certain features of an application obsolete, requiring upgrades that citizen development may not be equipped to perform. Thus, it is crucial to establish clear application maintenance standards and consider shifting long-term citizen development support to the CD COE. This aligns the business needs with the long-term goals for IT. It also reduces the impact of traditional Shadow IT, causing both resource and financial strain on the IT organization.

In conclusion, citizen development offers a variety of benefits. However, the associated risks, including a lack of IT expertise, security vulnerabilities, compliance and regulatory guidelines, integration challenges, and maintenance and support can become burdensome as proper supporting resources are needed. It is important that agencies consider implementing a Citizen Development Center of Excellence to maximize the benefit of its citizen development usage while avoiding potential drawbacks.

For more information on how the Octo LC/NC team can help implement end-to-end citizen development, best practices, and modern approaches to your federal agency, contact an Octo team member by visiting our website.