The low code – no code trend of the last few years shows no signs of abating in 2022. Businesses understand the advantages of using business experts (aka citizen developers) to solve problems for their own units rather than professional software developers in terms of speed and efficiency. Yet the approach has some downsides as well, almost all of which fall under the heading of governance.
If you give business specialists the tools to create business-specific applications, are you also equipping them to open back doors to hackers, to provide routes for insider attacks, or the removal of data from your systems without appropriate safeguards?
Is Governance Anathema to Citizen Development?
That’s a scary list of potential downsides, isn’t it? IT organizations do play a part in low code – no code development: ensuring governance processes are in place to help citizen developers in keeping data safe. Yet a comment I received on this topic reveals a common view of governance. I’ll paraphrase: “As soon as you reintroduce IT governance and controls, you have killed all benefits to me of having citizen developers, because you have slowed everything back down to IT’s pace.” That a stakeholder should view governance as something that slows down the pace of development is not a first, and should not be surprising, no matter how fast and efficient your own IT division is. The real question is, does the perception match the reality, and who should be in charge of assessing the risk?
While industry analysts such as Gartner suggest there is a huge gap in the job market, with not enough highly skilled candidates to fill all the software development posts, it also suggests the way around this gap is to lean on the citizen developer and no code movements to push forward digital transformation agendas. So how do we do this in a safe and secure manner?
My suggestion here is if CIOs are going to provide the resources that underpin and support the line of business in this way, providing enterprise-class software testing, code management and deployment to the no code apps built by the business, then the CIO owns the risks. Therefore, they should get to call the shots on governance, via their Chief Information Security Officer or infosec teams. But they need to figure out how best to use their own scarce resources to ensure they don’t slow down the pace of business teams.
A Multidisciplinary Approach to Digital Transformation
To achieve business success, including successful digital transformation initiatives, organizations need to keep away from the politics of empires or fiefdoms. All divisions need to work together for the common good. For anyone who read that last sentence and thought I’m stating the obvious, you are very lucky not to have worked in organizations where such internal politics got in the way. Large organizations have layers, often described as corporate or organizational politics. Sociologists can explain why that tendency is not going away, so we should just acknowledge it, and work with it.
At the end of the day, business units need their problems solved and their processes automated to improve efficiency. And CIOs might be scrambling to find resources to build these capabilities, even when it only involves configuring software purchased from specialist vendors. So we need to take an holistic view to solving the problem, combining the right resources from business and IT at the right place and time to create the most value:
The simple Venn diagram above represents my personal take on the ‘practice areas’ that need to come together to support business unit led digital transformation through the citizen developer and no code movements. The dollar signs denote the sweet spot where everything comes together.
This takes us full circle back to a previous article of mine, about citizen developers fixing information management. Whether we’re talking about knowledge management, information management or data management should be situational, and in some respects does not matter, if all players are on the same page and have a common understanding.
How IT Can Support Low-Code or No-Code Development
That common understanding in turn brings us back to the topic of data or information literacy: if we want citizen developers, and therefore the business, to succeed, they’ll need support. Providing support is where the scarce IT resources might have the most impact:
- Internal training on secure and safe development practices.
- Well designed and written self-service support and documentation.
- Fast and efficient provisioning processes.
- A standardized tool kit. If the line of business (LOB) wants to use no code, they cannot just go and pick their own tool. They must use the supported ones.
- Easy ways to submit an LOB no code app for security, load and end user testing.
- Easy ways to submit tested code, modules and apps to repository so other business units can re-use them in solving their own problems.
- Connectors, APIs and integrations provided by the expert developers in IT, to facilitate and enable the LOB’s citizen developers.
I believe this kind of multi-disciplinary approach to no code development will help businesses get the most out of it. It is heading towards what Gartner are now calling “composable applications” — applications that are built from business-centric modular components, making it easier to reuse code. To get to the point where composable applications are a reality for your organization, the business units need to understand application and data security concerns are real, and that governance is not there to slow them down, but to provide safeguards. IT needs to put resources into enabling safe and efficient no code development by citizen developers. When this comes to fruition, then we can all have a happy new year making progress in digital transformation.
Jed Cawthorne is Director, Security & Governance Solutions at NetDocuments. He is involved in product management and working with customers to make NetDocuments phenomenally successful products even more so.