Can Citizen Developers Put Your Business at Risk?

Thursday, May 10, 2018 by under Data & Cyber Security/Hacking

Can Citizen Developers Put Your Business at Risk

Historically, businesses have relied on information technology (IT) departments to write code, develop applications and manage network administration tools.

However, as the market for enterprise applications grows, more companies are taking a do-it-yourself approach to software development.

What is this new strategy? Below we define who a citizen developer is and inform you of some risks involved with the recent IT movement.

Who Are Citizen Developers?

Citizen developers are employees without any formal training or experience in creating enterprise applications. They take advantage of low-code tools to build custom software that improves productivity and efficiency.

Platforms like Salesforce App Cloud or Google App Maker allow inexperienced developers to design applications that assist operations. Some of these include:

  • Automated billing systems.
  • Call center and customer support software.
  • Content management systems (CMS).
  • Customer relationship management (CRM) platforms.
  • Enterprise resource planning (ERP) systems.
  • Payment processing programs.

Citizen Developer Advantages

Citizen developers offer a quick, low-cost alternative to hiring outside enterprise development firms that often table requests due to high demand.

Businesses rely on citizen developers to quickly build custom applications to increase the organizational speed of business operations. Their support takes pressure off IT departments and allows staff to focus on larger projects.

Risks Involved With Citizen Developers

Although citizen developers offer a low-cost alternative for businesses, they could leave your business vulnerable to a cyber attack if you don’t take necessary security precautions. Consider the risks before you employ a citizen developer:

  • Greater chance for data breaches. Citizen developers use low-code platforms to build applications that store critical business data. Although some of these platforms include security features, inexperienced citizen developers might not know to include them or the best way to ensure information is protected.
  • Concern for network security. If citizen developers work remote on a public network, business data is even more vulnerable.
  • Disregard for company cyber security policies. Citizen developers create their own passwords and application rules. They often isolate IT departments and may be uninformed of set cyber security policies.
  • Lack of training. Citizen developers don’t have formal IT or security training or certifications, yet businesses give them access to online databases full of sensitive information.

Examine all of the risks involved with this new breed of developers and consult with your IT department before making any decisions. If your business chooses to employ a citizen developer, consider the following tips:

  • Ensure the citizen developer understands that the IT department has final oversight of the application. Your citizen developer and IT staff must work together to avoid risks.
  • Train citizen developers to follow business cyber security standards, such as using a virtual protected network (VPN) when working remote.
  • Always test the application before using it live. Collaborate with your IT department to confirm all security standards are met.
  • Regularly update company passwords and software during, and even after, the tenure of the citizen developer.
  • Conduct cyber threat assessments to confirm the strength of your network.

What are some of your citizen developer concerns? Share in the comments below.

The content herein is provided for informational purposes only, "AS IS" and without any representation, warranty or condition as to its accuracy or reliability. The content herein is not intended to modify, and does not modify, the terms and conditions of any agreement between you, including the company or entity you represent (“You”), and Vector Security, Inc. and/or its affiliates (collectively, “Vector”), or to create any legal obligation of Vector to You with respect to content or otherwise.

 

Please read our commenting policy before posting comments.


comments powered by Disqus