How do you know your IT governance is good? When you have a well-rested CIO. For citizen development, this means the people in charge of overseeing critical systems aren’t lying awake at night wondering who has access to which applications and what those employees can potentially do with them. They’re not stressing over the possibility of shadow IT that could wreak havoc on vital operations or what it might take to fix such a disaster.
The CIO knows the governance processes are working for them and, if that should ever change, they’ll be able to easily make adjustments. Maybe that sounds more like a dream world to you, but it can be your reality. You can empower your business and gain peace of mind with a strong governance framework that supports citizen development fusion teams.
Align people and processes for good governance
Begin by examining your IT governance goals so you can determine if your framework is good or not. The essential function of IT governance is to create a framework that synchronizes an organization’s business IT and business strategies. A good governance framework should also ensure the organization can use technology efficiently, effectively, and with reduced risk to the IT environment.
When it comes to citizen development, IT leadership is a crucial partner who oversees access and permissions and protects security. Without this partnership, a fusion team isn’t undertaking citizen development; they’re creating shadow IT. The role of IT leadership is to guide citizen developers and empower them to learn by doing. A fusion team needs room to make mistakes within risk-mitigating guardrails that are defined by the IT department.
A true citizen development mindset will result in a new way of working and a shift from a traditional IT Department model. This change can ultimately benefit everyone in the organization as well as clients and external stakeholders. However, before that happens, your fusion team should learn key principles for good governance, such as:
- Why governance is important
- Why security policies and standards are put into place by the IT department
- When citizen developers should consult IT
- Which app development and deployment rules must be followed and how
A fusion team must commit to upholding internal standards, best practices and external regulatory requirements throughout their citizen development journey. When this foundation is in place, it will lead to a symbiotic relationship built on mutual trust and respect.
Define your governance non-negotiables
The next step is understanding that there’s really no one-size-fits-all solution. Remember in our first article in this series on fusion teams when we said, “The citizen development cat is out of the bag, but that doesn’t mean it has to run wild”? Many people want to find a low-code/no-code (LCNC) development tool that has all the right tricks to tame the beast, but that’s not really how it works.
What we hear from CIOs is that they need a solution for taking back control of their IT backlog in a way that’s also compliant with the security standards of the business and easily integrates into their IT environment. They want to be able to not only keep the lights on, but also deliver on small, yet significant issues such as name changes or simple automations.
These requests are important to the day-to-day work of business teams yet never seem to bubble up to the top of the backlog. This is a perfect entry point for Citizen developers to start making a noticeable difference with LCNC development. However, your platform should have some essential governance features to ensure your solution doesn’t create bigger problems down the road, including:
- Ability to assign user roles and an admin setting that can prevent specific roles from creating applications.
- Oversight of: applications being built and deployed and who built them, integrations, data access, and maintenance.
- Dedicated and customizable citizen development environment with adjustable permissions.
- Sandboxes for testing and publishing applications in a controlled, isolated environment.
- Default security controls for applications that enable CDs to experiment and develop without the risk of data leaks.
- Supports a (federated) identity provider such as OpenID.
- What is the workflow for app approval and who has the final authority to publish them?
- Who will maintain apps built by citizen developers?
- How much training will citizen developers require before they can start building apps?
- How will the organization determine if the applications are value-adding for the business?
Balance governance with innovation
We spend a lot of time talking with CIOs who tell us that the current ways of working aren’t sustainable. In our increasingly digitized world, placing full responsibility for all tech solutions onto the IT department (many of which are facing crippling personnel shortages) just doesn’t make sense anymore. It’s extremely difficult, if not impossible, to balance centralized IT operations with the ever-evolving and increasing demands of a modern business environment.
Fusion teams help IT deploy solutions faster, ensure those solutions are value-adding for the business, and increase the digital agility of the entire organization. A scalable citizen development program also eliminates two major threats to IT security: shadow IT and dependency on spreadsheet macros.
Above all, the most important governance feature that you can have is an LCNC development platform provider who has the flexibility to adapt to your specific needs and can be your ally in scaling citizen development fusion teams within your organization. Your provider should understand your standards and vision and be able to help you put the first safeguards in place.
They should be able to enhance your governance capabilities as your citizen development program matures and becomes fully integrated into your business operations. Governance is not a simple process or a task to check off and forget about. It will be constantly put to the test. Consequently, you and your LCNC partner should both have a mindset for continuous improvement. A comprehensive, yet flexible, strategy that combines the right resources, training, collaboration, and security will be your key to success.