Jul 22, 21 1:00 pm

Was this post helpful?

How to Empower The Democratization of Innovation Through Citizen Development

Jul 22, 2021
| by:
Alex Hewko

As digital transformation emerges in both speed and size, it’s no surprise that almost every business is turning to more digital solutions. This new market is demanding more high-value, real-time services. At the same time, IT resources and staffing is limited. How can you empower your business to self-serve through citizen development?

So, how does a business digitize more rapidly to meet market demands, while also being cognizant of their IT team’s availability and budget?

They need to empower their business to self-serve.

Digital transformation

What Does Self-Serve Innovation Look Like In a Business?

Self-serving innovation means that digital experiences can be delivered faster. Operational business models are changing so that other areas of the business that aren’t typically involved in the creation of digital products (ie. marketing, sales) are now leveraged as part of the production line.

To do this, organizations use low-code or no-code tools which rely on a graphical interface to create applications. These applications are WYSIWYG (‘what you see is what you get’) or ‘drag-and-drop’ and so they tend to be easy for non-developers to work with. Some examples of these platforms are the Salesforce Lightning Platform, Mendix, Squarespace, and Elementor.

Salesforce Lightning Flow Builder

This is a particularly appealing idea for SMEs that may not have the resources to fund development for a variety of new experiences or new applications. Even large enterprises are adopting the model as they improve their agility and speed (see the Toyota example below).

Linked is the emergence of empathy-driven mobile-app development (MAD) which also develops with little or no programming code.

Below is a graph of top companies which offer low-code tools.

Use Case Example

Microsoft PowerApps is an example of a low-code platform that enables app-creation without the use of code. This allows both everyday users and professionals to interact with data & metadata, as well as create custom connectors. The platform is used by large companies, including IKEA, Hexion, and Toyota.

Microsoft Power Platformj

Toyota saw revenue growth of about $10 billion dollars from 2017 - 2019 and saw another 44% increase in stock value from July 2020 - July 2021. The company claims their persistent growth is from increased agility across all business units. In effort to practice more agile approaches, the company began ‘exploring low-code and no-code solutions like [Microsoft] PowerApps’ as they ‘wanted to offer employees the ability to create their own applications quickly and simply,’ said Chris Ingalls, Business and Solution Architect at Toyota. In 2020, Toyota had over 400 applications created with the platform. To support this new utilization for other business units, Toyota established a Center of Excellence that provides structure and direction for citizen developers.

The Rise of Citizen Development

A citizen developer is someone with low or no technical experience in coding, yet who designs applications, websites, dashboards, or other digital experiences. These are usually people in marketing, sales or customer service. However, really any person in the organization could be a citizen developer with the right knowledge and skills.

IT service management company, Gartner, predicts that the low-code and citizen development market will increase 23% in 2021 to a projected $18.1 billion globally. They have also said that already 41% of those working on applications are outside of an organization’s technical department. The COVID-19 pandemic was a high driver for the increase in citizen development initiatives.

Anyone can be a citizen developer

Benefits of Citizen Development

Creativity Boost

Increased access to application development also invites fresh perspectives. Other departments have contact with the end-user in unique ways and may be able to think of more creative solutions to common user experiences. This study identified that creativity boosts were found in citizen development teams that worked together on empathy-driven MAD projects. The reason was because of closer feedback loops within the team and higher exposure to both multiple team perspectives and the world.

Toyota’s Chris Ingall said that their use of self-serving innovation tools was important for the company as ‘there are creative people in all our business units. They’re not just creating applications. They’re really solving the little problems that, added together, are a big problem to solve.’

Lower Costs

The average cost of hiring an app-developer in the US is approximately $90,000 per year. With an agency, app development pricing ranges from $40,000 to $120,000+. Pricing is, of course, dependent on the complexity, device support required and maintenance plan, among other considerations.

Low or no-code applications are cost-friendly alternatives for those companies that have smaller budget allowances or who are not ready to commit the time to developing a coded application. Alternatively, it can be a great option for large companies that want to expand in niche areas.

Salesforce Lighting starts at $25USD per user per month for a starter plan, or $150 for their ‘plus’ plan. Mendix, another low-code development platform offers a free community plan. Their paid versions start at $1,875 per month, up to $7,825 per month for an Enterprise plan. Keep in mind that the Mendix plans allow multiple users and some plans offer unlimited app development.

In the Toyota example from above, the organization found that they had many small teams with very different, specialized needs. As such, it wasn’t feasible to hire a development team for each small project. Through enabling their staff to manage development on their own work, Toyota could keep employees engaged on their projects while not paying for additional developers (saving them around $90,000 - $125,000/year per developer). Microsoft PowerApps pricing, in comparison, starts at $40 per user, per month for unlimited apps per user.

Business Enablement

Low-code and no-code projects support business enablement, but do not fully replace an organization’s technical team. It’s an opportunity to allow the broader organization to learn about development with the support of a qualified, trained team. Therefore, as more work can be spread across more teams, companies see reduced bottlenecks.

Low code projects decrease app dec backlog

In businesses that use low-code tools, new applications can be deployed quickly, even in just a day or two. By shifting the development of these digital experiences to wider areas of the company, the CTO and their technical team can focus more exclusively on technology strategy, corporate security and organizational innovation directives.

Another use case of low-code is for companies integrating machine learning. Using low-code tools allows technical teams to develop programs quicker as they don’t need to write as much of the code manually. As such, there’s less likelihood for coding errors and application maintenance is simplified. While this example doesn’t show how the rest of the organization can self-service their own innovations, it does show how low-code tools can also benefit the technical team itself.

Getting Started with Citizen Development

Potential Consequences of Self-Serving Innovation

Security Risks

A professional development team is more likely to have the experience and training to identify possible security vulnerabilities in an application. In contrast, a marketing or sales team is a lot less likely to have that same knowledge.

For example, the low-code tool may use a proprietary library with hidden vulnerabilities. By nature, most low-code tools will use proprietary languages, frameworks and libraries. So users need to have a level of trust with the tool.

In June 2020, our Software Secured team discovered a XSS vulnerability within the Elementor website builder app. Elementor is a low-code website builder tool which integrates with WordPress. In our report, there were two areas for XSS, including in the image widget and with adding custom CSS.


Secure Citizen Development

There are a number of ways to incorporate citizen development and ensure application security, including:

  1. Limit the development tool’s capabilities. Having a structure in place so that only certain elements can be accessed. This is beneficial in companies that have an IT team in place who can manage access to features in app-development tools.
  2. Establishing a formal approval process before an application can go live. This is also beneficial for companies with an existing IT team. The professional development or security team can review the application before launch.
  3. Penetration testing or penetration testing as a service (PTaaS). PTaaS is a flexible security testing option that aligns to do comprehensive testing on major launches and continuous re-testing and reporting on applications all year long. It’s ideal for companies that don’t have enough time to review applications themselves, but have a technical team that can support from the organization-side.
  4. Train your team on security best practices. Sometimes it's best to focus on the root. Hiring a team of security experts for a corporate application security course can benefit both your professional and citizen developers about top security bugs and how to create secure applications.

If you’re questioning integrating citizen development initiatives, the graph below is a great reference. To mitigate security risk, focus on areas where your citizen developers can safely work on their own or collaborate with your technical team. The above four ways of improving security are also important to consider in your adaptive governance framework.

Reduced Customization 

While the use of low-code and no-code tools certainly helps improve speed and efficiency of application development, it doesn’t have the same design flexibility as a fully custom-coded software application. No-code tools restrict access to the code and don’t allow any additional customization. Low-code tools typically offer base templates and design elements sets. Any additional customization would need to be coded in, often using JavaScript.

Empower Your Business To Innovate

Organization-wide innovation culture is the goal for almost every business. Businesses hire teams in all departments that have the passion and capabilities to achieve real change. So, why not empower them to fully capitalize on their ideas?

Incorporating no code and low code tools is an option that allows the broader members of an organization to develop new digital experiences and applications. With the support of a technical team for customization and security testing processes in place, organizations can rapidly digitize their operations through self-serving innovation. This is an important step for any business trying to stay competitive in the age of digital transformation.

If your business is looking to adopt low-code tools, we’re happy to ensure that your new applications are secure. Book a call with us here to get a custom quote!

Was this post helpful?

About the Author

Alex Hewko
Alex is the Marketing Manager here at Software Secured. She enjoys writing to learn about cybersecurity, leadership, and technology in sales & marketing processes. She shares her insights from a background in international marketing and information technology. From launching global marketing campaigns in the tech and CE industry, to completing a Master's research project on humanizing remote B2B selling processes, Alex is passionate about storytelling and educating audiences on topics that haven't yet been talked about.
Share This Post

Leave a Reply

Your email address will not be published.

Related Post

Jul 13, 2023 by Shimon Brathwaite

Mastering SLAs: 4 Ways to Meet Your Deadlines

Read more

Was this post helpful?

Jun 21, 2023 by Shimon Brathwaite

6 Ways to Help Your Penetration Test Vendor Find More Vulnerabilities

Read more

Was this post helpful?

Jun 5, 2023 by Omkar Hiremath

How to Properly Secure Your JWTs

Read more

Was this post helpful?


301 Moodie Dr. Unit 108
Ottawa ON K2H 9C4

Designed by WP Expert
© 2023
Software Secured