Survey Indicates 'Citizen Developer' Security, Data Risks

Judging from the dozens of low-code tools available -- with more arriving regularly -- the "citizen developer" movement is taking enterprise development by storm in the face of a skills shortage that especially impacts the mobile and Big Data spaces.

However, this rapidly growing approach can entail new security risks. For example, a slideshow article by CIO Insight, titled, "Rapid App Development Creates Security Nightmare," reported on 2015 IDG and Lookout Inc. research titled "Buying into Mobile Security."

It noted the security implications affecting enterprises stemming from the sheer volume of mobile apps hitting the market, opening up new attack vectors and increasing the risk of data breaches. "Adding fuel to the fire, off-the-shelf development tools enable organizations and individuals alike to essentially flood the market with new apps," the report said.

And the issue has been evident for even longer than that, as exemplified in a July 2014 post titled "Do Citizen Developers Pose a Security Risk?"

The answer then -- and now -- is "yes," according to brand-new research that echoes earlier efforts and concludes that along with enabling ordinary business users to create enterprise apps -- without relying on high-priced and hard-to-find professional developers -- low-code tools bring risks in the areas of security, data integrity and more.

Those are some of the findings in a just-published survey of IT decision-makers (ITDMs) sponsored by Appian Inc., a Business Process Management (BPM) company with its own low-code development offering. The data comes from a YouGov online survey that last November polled 508 IT decision-makers "to understand their pain points about citizen development (e.g., data security, integration, scalability) and the need for a new technology platform to manage citizen developers (i.e., a citizen integrator)." Appian sells such a platform.

The survey investigating low-code enterprise development uncovered both the good:

A key insight uncovered from Appian's research is that 75 percent believe an enterprise low-code platform is a solution to harness the energy of citizen application developers and alleviate the burden on IT departments. IT leaders surveyed cited operational efficiency (35 percent), data security (32 percent), and agility (32 percent) among the top benefits of low-code.

and the bad:

IT leaders state that citizen developers pose risks for data integrity (73 percent of respondents), security (69 percent of respondents), integration (58 percent of respondents with experience with citizen developed apps) and other aspects of enterprise business application development.
What's Needed to Keep Citizen Development Secure and Scalable
[Click on image for larger view.] What's Needed to Keep Citizen Development Secure and Scalable (source: Appian)

Other survey findings include:

  • Nearly eight in ten (78 percent) report that as citizen development continues to grow, having one low-code platform is more critical than ever.
  • About eight in ten (79 percent) ITDMs believe enterprise low-code platforms increase work productivity.
  • About one-quarter or more of ITDMs report the following as benefits of having an enterprise low-code platform for companies:
    • Compliance (27 percent).
    • Competitive advantage (26 percent.)
    • Time to market (that is, speed) (26 percent).
    • Scalability (24 percent).
  • Four in ten or more ITDMs report the following are necessary to keep citizen development secure and scalable at companies:
    • IT department oversight/governance (45 percent).
    • Collaboration between business units and IT department (43 percent).
    • IT department integration (40 percent).
  • Over three in four (77 percent) ITDMs believe having one enterprise low-code platform can ensure citizen developers are using the right data in their apps.
  • Nearly half (46 percent) of ITDMs report new technology platforms or roles (that is, positions/employees/functions) are necessary to keep citizen development secure and scalable at companies.

"Enterprise low-code platforms ensure data governance and security while enabling business and IT to work together to build apps much more productively," Appian said in a news release about the survey results. "Enterprise low-code is secured and managed by IT."

"IT ensures integration with other systems is done properly, ensuring data governance and quality. Developers and citizen developers can leverage this platform to quickly build useful business apps with little or no coding required. The result is faster time to market, and faster time to change, for enterprise applications. IT can also take citizen-developed apps built on the platform and easily add more power and sophistication, working closely with lines-of-business throughout the enterprise."

More Coverage of Low-Code Tools

About the Author

David Ramel is an editor and writer for Converge360.