Five Reasons Why CIOs Don’t Want Citizen Developers Creating Enterprise Apps

Five Reasons Why CIOs Don’t Want Citizen Developers Creating-01

To survive, businesses must function at a faster and more efficient pace. They require greater digital capabilities. However, most IT organizations have tremendous supply constraints. There are too many business needs, and there aren’t enough skilled developers to meet them.

The volume of requests that IT departments receive vastly outnumbers their capacity to meet them. The backlog of change requests could be hundreds of thousands, requiring months or even years of work. Long delays frustrate business executives, prompting them to look for other ways to complete digital transformation projects.

Shifting application development teams from IT to business users is one solution for this bottleneck that has recently received a lot of attention. These so-called “citizen developers” build apps for themselves or others using tools that aren’t explicitly prohibited by IT or business divisions.

Although democratizing technology and allowing non-IT people to build apps sounds great, it can lead to issues for the CIO and enterprise IT. Because “citizen developers” are not developers, delegating this task to less qualified people creates additional work down the road, separates company data, and increases risk.

Also Read: Insider Threats at Workplace: Top Four Strategies to Prevent Them

The CIO has nothing to worry about as long as citizen developers aren’t interacting with IT systems or producing data that requires enterprise management and management. But if it changes, things quickly become complicated.

Here are five reasons why a CIO doesn’t want citizens creating their own enterprise apps.

Security posture

Citizen developers are regular employees who expose the company to security threats. They frequently engage in risky security behaviors such as repeating passwords, exposing data, and failing to maintain systems up to date.

As a result, businesses can expect to spend billions of dollars on security software such as antivirus, firewall protection, and anti-phishing software to defend the company and reduce the risk of “citizens” using inadequate security hygiene and practices. The Infosec team’s governance of IT software projects need to apply to these initiatives as well.

Also Read: Addressing Risks Associated with Extended Software Supply Chain


Newly hired IT developers do not begin by developing mission-critical apps without supervision. Instead, they are guided by senior developers who have both formal and informal knowledge of what works and what doesn’t in their company. This guidance is lost with a citizen development team, and the chance of costly development mistakes is significant.

Managing and deploying platforms

IT must extend its change management protocols to the platform as soon as the app in question accesses sensitive or mission-critical data. That includes test environments development environments, performance test environments and integration environments, among others.

Because IT is responsible for system and data integrity, these processes are crucial. Citizen developers will essentially follow the same procedures as IT when developing apps.

As a result, these apps face the same development delays as IT-built apps. The majority of the delays are caused by the availability and management of test data and the environment. If this component of development remains the same, citizen development will take the same amount of time as traditional IT development.


It may appear that developing RPA apps to automate repetitive operations will save money. However, the majority of the people working on these apps are with third-party service providers. For every dollar spent on RPA software licensing, for instance, organizations spend five dollars on services.

Spending so much on services to construct or alter automations raises the total cost of ownership, which may not have been factored in from the start. And, because IT outsources much of its software development to third parties, there’s no clear reason to bypass IT in the first place.

Governance and control

IT governance includes regulations, laws, and policies that define, manage, and ensure that operations of an IT department run smoothly. Allowing non-IT employees to develop applications and democratising technology can result in data and processes that weaken centralized ROI reporting.

This is especially true if the data generated by a citizen-built app isn’t accessible through enterprise reports and dashboards. The lack of effective governance of citizen development projects either severely limits their scope or exposes them to risky activities that must be brought under the same control structure as other IT projects.

For more such updates follow us on Google News ITsecuritywire News