Governance and Risk

How do we empower Citizen Developers without creating a security nightmare or Shadow IT?

EL Asked by Elena Rodriguez · 15-01-2025
0 upvotes 14,342 views 0 comments
The question

Our biggest fear is that employees will build hundreds of apps that don't talk to each other, don't follow GDPR, and have no security oversight. How do you create a Governance Framework that provides "guardrails" instead of "roadblocks"?

3 answers

0
JU
Answered on 02-02-2025

The key is moving from Shadow IT to Sanctioned IT. Provide an IT-managed platform (like Microsoft Power Platform) where data connections are pre-approved. An LCCoE (Center of Excellence) should be a joint task force that sets the rules: which data can be accessed and what the UI standards are.

 

0
MI
Answered on 10-02-2025

We use "Sandbox Environments." Developers can build anything in their sandbox, but to go live, the app must pass an automated scan for security. This keeps the "Wild West" feeling at bay while maintaining speed.

EL 12-02-2025

The automated scan is a lifesaver. It checks for common vulnerabilities like hardcoded credentials or open API endpoints before the "Publish" button even becomes active.

0
SA
Answered on 15-02-2025

Don't forget Lifecycle Management. What happens when a Citizen Developer leaves? The LCCoE must ensure every app has a co-owner and documented logic, or you'll end up with "Zombie Apps" that no one knows how to fix.

 

JU 20-02-2025

We've started implementing "App Expiration Dates." If an app isn't used for 90 days, the owner gets a ping to renew it or it gets archived automatically.

Share your thoughts

Your email address will not be published. Required fields are marked (*)

Professional Counselling Session

Still have questions?
Schedule a free counselling session

Our experts are ready to help you with any questions about courses, admissions, or career paths. Get personalized guidance from industry professionals.

Request a Call Back

Search Online

We Accept

We Accept

Follow Us

"PMI®", "PMBOK®", "PMP®", "CAPM®" and "PMI-ACP®" are registered marks of the Project Management Institute, Inc. | "CSM", "CST" are Registered Trade Marks of The Scrum Alliance, USA. | COBIT® is a trademark of ISACA® registered in the United States and other countries.

Book Free Session