By Sami Kovanen
Allowing business users throughout an organization to develop or purchase apps on their own without oversight from IT (a practice called “shadow IT“) can be a recipe for digital chaos. When individual software solutions are widely deployed without coordination or oversight from IT, important concerns such as data security, regulatory compliance, and technical support don’t get the attention they should. As a result, technical, operational, and even legal issues can arise unexpectedly and cause serious disruptions to a company’s operations.
For example, citizen developers often don’t have the technical knowledge to fully appreciate the wide range of sophisticated attack vectors bad actors may employ to breach the security of the network-attached apps they create. Because of that technical naiveté, they may inadvertently introduce vulnerabilities in their designs that allow not only their software, but other network-connected systems throughout the organization, to be compromised.
That’s why it’s imperative that organizations provide appropriate, unified governance for the citizen development initiatives being carried out in their business units. Industry analyst Jason Bloomberg puts it this way:
“Among the management-provided resources that are essential to successful application creation is sufficient governance to provide the guardrails that keep everyone aligned with the security, compliance, and appdev best practices that are important to the organization as a whole—without slowing people down or disempowering them.”
