As digital transformation emerges in both speed and size, it’s no surprise that almost every business is turning to more digital solutions. This new market is demanding more high-value, real-time services. At the same time, IT resources and staffing is limited.
So, how does a business digitize more rapidly to meet market demands, while also being cognizant of their IT team’s availability and budget?
They need to empower their business to self-serve.
What Does Self-Serving Innovation Look Like In a Business?
Self-serving innovation means that digital experiences can be delivered faster. Operational business models are changing so that other areas of the business that aren’t typically involved in the creation of digital products (ie. marketing, sales) are now leveraged as part of the production line.
To do this, organizations use low-code or no-code tools which rely on a graphical interface to create applications. These applications are WYSIWYG (‘what you see is what you get’) or ‘drag-and-drop’ and so they tend to be easy for non-developers to work with. Some examples of these platforms are the Salesforce Lightning Platform, Mendix, Squarespace, and Elementor.
This is a particularly appealing idea for SMEs that may not have the resources to fund development for a variety of new experiences or new applications. Even large enterprises are adopting the model as they improve their agility and speed (see the Toyota example below).
Linked is the emergence of empathy-driven mobile-app development (MAD) which also develops with little or no programming code.
Below is a graph of top companies which offer low-code tools.
Use Case Example
Microsoft PowerApps is an example of a low-code platform that enables app-creation without the use of code. This allows both everyday users and professionals to interact with data & metadata, as well as create custom connectors. The platform is used by large companies, including IKEA, Hexion, and Toyota.
Toyota saw revenue growth of about $10 billion dollars from 2017 – 2019 and saw another 44% increase in stock value from July 2020 – July 2021. The company claims their persistent growth is from increased agility across all business units. In effort to practice more agile approaches, the company began ‘exploring low-code and no-code solutions like [Microsoft] PowerApps’ as they ‘wanted to offer employees the ability to create their own applications quickly and simply,’ said Chris Ingalls, Business and Solution Architect at Toyota. In 2020, Toyota had over 400 applications created with the platform. To support this new utilization for other business units, Toyota established a Center of Excellence that provides structure and direction for citizen developers.
The Rise of Citizen Development
A citizen developer is someone with low or no technical experience in coding, yet who designs applications, websites, dashboards, or other digital experiences. These are usually people in marketing, sales or customer service. However, really any person in the organization could be a citizen developer with the right knowledge and skills.
IT service management company, Gartner, predicts that the low-code and citizen development market will increase 23% in 2021 to a projected $18.1 billion globally. They have also said that already 41% of those working on applications are outside of an organization’s technical department. The COVID-19 pandemic was a high driver for the increase in citizen development initiatives.
Benefits of Citizen Development
Increased access to application development also invites fresh perspectives. Other departments have contact with the end-user in unique ways and may be able to think of more creative solutions to common user experiences. This study identified that creativity boosts were found in citizen development teams that worked together on empathy-driven MAD projects. The reason was because of closer feedback loops within the team and higher exposure to both multiple team perspectives and the world.
Toyota’s Chris Ingall said that their use of self-serving innovation tools was important for the company as ‘there are creative people in all our business units. They’re not just creating applications. They’re really solving the little problems that, added together, are a big problem to solve.’
The average cost of hiring an app-developer in the US is approximately $90,000 per year. With an agency, app development pricing ranges from $40,000 to $120,000+. Pricing is, of course, dependent on the complexity, device support required and maintenance plan, among other considerations.
Low or no-code applications are cost-friendly alternatives for those companies that have smaller budget allowances or who are not ready to commit the time to developing a coded application. Alternatively, it can be a great option for large companies that want to expand in niche areas.
Salesforce Lighting costs $25 per user per month for a starter plan, or $150 for their ‘plus’ plan. Mendix, another low-code development platform offers a free community plan. Their paid versions start at $1,875 per month, up to $7,825 per month for an Enterprise plan. Keep in mind that the Mendix plans allow multiple users and some plans offer unlimited app development.
In the Toyota example from above, the organization found that they had many small teams with very different, specialized needs. As such, it wasn’t feasible to hire a development team for each small project. Through enabling their staff to manage development on their own work, Toyota could keep employees engaged on their projects while not paying for additional developers (saving them around $90,000 – $125,000/year per developer). Microsoft PowerApps pricing, in comparison, starts at $40 per user, per month for unlimited apps per user.
Low-code and no-code projects support business enablement, but do not fully replace an organization’s technical team. It’s an opportunity to allow the broader organization to learn about development with the support of a qualified, trained team. Therefore, as more work can be spread across more teams, companies see reduced bottlenecks.
In businesses that use low-code tools, new applications can be deployed quickly, even in just a day or two. By shifting the development of these digital experiences to wider areas of the company, the CTO and their technical team can focus more exclusively on technology strategy, corporate security and organizational innovation directives.
Another use case of low-code is for companies integrating machine learning. Using low-code tools allows technical teams to develop programs quicker as they don’t need to write as much of the code manually. As such, there’s less likelihood for coding errors and application maintenance is simplified. While this example doesn’t show how the rest of the organization can self-service their own innovations, it does show how low-code tools can also benefit the technical team itself.
Potential Consequences of Self-Serving Innovation
A professional development team is more likely to have the experience and training to identify possible security vulnerabilities in an application. In contrast, a marketing or sales team is a lot less likely to have that same knowledge.
For example, the low-code tool may use a proprietary library with hidden vulnerabilities. By nature, most low-code tools will use proprietary languages, frameworks and libraries. So users need to have a level of trust with the tool.
In June 2020, our Software Secured team discovered a XSS vulnerability within the Elementor website builder app. Elementor is a low-code website builder tool which integrates with WordPress. In our report, there were two areas for XSS, including in the image widget and with adding custom CSS.
Secure Citizen Development
There are a number of ways to incorporate citizen development and ensure application security, including:
- Limit the development tool’s capabilities. Having a structure in place so that only certain elements can be accessed. This is beneficial in companies that have an IT team in place who can manage access to features in app-development tools.
- Establishing a formal approval process before an application can go live. This is also beneficial for companies with an existing IT team. The professional development or security team can review the application before launch.
- Penetration testing or penetration testing as a service (PTaaS). PTaaS is a flexible security testing option that aligns to do comprehensive testing on major launches and continuous re-testing and reporting on applications all year long. It’s ideal for companies that don’t have enough time to review applications themselves, but have a technical team that can support from the organization-side.
- Train your team on security best practices. Sometimes it’s best to focus on the root. Hiring a team of security experts for a corporate application security course can benefit both your professional and citizen developers about top security bugs and how to create secure applications.
If you’re questioning integrating citizen development initiatives, the graph below is a great reference. To mitigate security risk, focus on areas where your citizen developers can safely work on their own or collaborate with your technical team. The above four ways of improving security are also important to consider in your adaptive governance framework.
Empower Your Business To Innovate
Organization-wide innovation culture is the goal for almost every business. Businesses hire teams in all departments that have the passion and capabilities to achieve real change. So, why not empower them to fully capitalize on their ideas?
Incorporating no code and low code tools is an option that allows the broader members of an organization to develop new digital experiences and applications. With the support of a technical team for customization and security testing processes in place, organizations can rapidly digitize their operations through self-serving innovation. This is an important step for any business trying to stay competitive in the age of digital transformation.
If your business is looking to adopt low-code tools, we’re happy to ensure that your new applications are secure. Book a call with us here to get a custom quote!
We help DevOps teams at SaaS companies to build confidence in their application security.Discover PTaaS
Was this article helpful?
Share This Post