Governance Guidelines Tip 5
The most severe concerns posed against citizen development are those that call into question security risks. Critics argue that citizen development is fundamentally insecure, owing to the fact that it is inherently uncontrollable, and will only result in unsupported and vulnerable software and a lack of compliance with wider security regulations.
By centralizing citizen development activity and providing clear and strategic governance, each of these concerns can be systematically averted. Because you have delegated ownership to a department or individual, there will be checkpoints in place to ensure that all citizen developer activity (and output) is catalogued, monitored and quality controlled.
Together with the use of no- or low-code platforms that include out-of- the-box security features, and therefore minimize the need for security documentation, there is also an added layer of accountability through what is essentially an internal review system.
Proper training can also augment security, when citizen developers are provided with compliance guidelines and receive supplementary information security certifications.