Citizen Development Governance

Table of Contents

Having last time looked at the rise of citizen development, today we’ll be looking at associated risks and how to keep track of your platform. Though citizen developers can drive significant efficiencies, they also have their downsides.


Citizen Development Risks

Most of the risks of citizen development stem from a single route cause. Such ‘developers’ lack in-depth knowledge and experience in IT. They might be exceptional at solving localized problems, but their narrow scope means things are overlooked. And it’s here that their lack of an IT background can cause problems to emerge such as:

  • Unsophisticated development processes (e.g. developing straight into production)
  • Lack of consideration for platform architecture
  • No concern for security or compliance rules


Incorrect Procedures

Now the first issue listed above is not necessarily a catastrophe. However, it’s enormously risky and certainly never best practice. An IT professional with knowledge of different methodologies, having formal testing processes and the concept of version control would immediately understand why it was a bad idea. However, to the inexperienced citizen developer, they are often unaware of the associated risks and developing in production often best fulfills their drive for efficiency. This highlights one important role that IT must play when employing citizen developers to gain extra capacity – they must train them on the importance of procedure. They must also make sure it is enforced.

Developing in Production
Don’t develop in production!


Shadow IT & Citizen Development

Shadow IT is something we’ve touched on before.  But what exactly is this scary sounding concept? Well, it’s essentially what happens in the unobserved parts of your platform. The changes that are made that the platform owner and architects don’t see or support. And the larger the object (in this case the platform) then the larger the shadow cast. Through manual means, it is impossible to keep track of everything.

With a centralized IT team, shadow IT should not be an issue. However, citizen developers may have little understanding of platform architecture. We’ve also established that IT’s resources are often busy elsewhere and leave citizen developers to manage their immediate area.  This may very well work out for everyone involved until IT comes back to that part of the platform, looking to expand it and sees a cluttered mess.

The important thing here is oversight.  Keeping track of what changes are being made and when in the platform is essential. This can stop the introduction of vast quantities of technical debt and also ensure that IT has a cleaner platform that is easier to maintain and scale. In most cases, one might also expect an absence of documentation explaining each decision, which can make a platform very difficult to unpick further down the line. Automated tools can shine a light on the shadows and let you see what your citizen developers have been up to. This ensures greater platform control for managers and prevents unexpected roadblocks.


Security Concerns

The most serious case of citizen developers not having IT experience can occur with security and compliance issues. They might not understand the implications of duplicating code, or might decide to use an open source library against internal rules. IT professionals with experience and training in architecture will have worked hard to ensure the safeguarding of corporate data. However, citizen developers could well provide accidental access to those who shouldn’t see it. With these implications in mind, it’s vital that IT takes an interest in understanding their platform evolution. While they might not have time to do all the development, the ultimate responsibility for platform security lies with them.

Keep your platform secure!

Citizen Development Governance

So how to go about keeping your citizen developers on track? Firstly, you can establish a list of shared best practices and gradually introduce them to improve standards. Secondly, ensure you have the proper tools in place to take stock of your platform inventory. You can’t control what you can’t measure. Once you have an overview, it’s time to implement governance policies and act. You might also want to think about our quality gating tools for citizen developers, letting them learn autonomously on the go.

Above all – make sure you establish regular communication channels with citizen developers. Working with them and understanding what they’re doing is beneficial for both IT and individuals. The citizen developers will appreciate learning more, especially if it permits them to do more themselves, and IT will get a greater understanding of day to day platform issues.



Citizen development is an immensely important part of modern platform development and will only increase over time. Therefore, it falls on IT to make sure internal procedures and tools are in place to monitor and govern and ensure the platform remains secure and under control. Working together properly, IT and citizen developers can greatly increase platform development while not compromising quality.

Interested in what we do?
Find out how Quality Clouds can enhance your SaaS platforms' governance, compliance, and quality in real-time.
Quality Clouds
Quality Clouds was created to address a significant gap in the tech industry: the challenge developers face with Salesforce and ServiceNow deployments. Identifying the risks of working on unknown systems, our founders sought to empower developers with essential insights for quality and governance in SaaS projects.

Want to learn more? Let's talk: