Showing results for 
Search instead for 
Did you mean: 

Citizen Developers: Out of the Shadows. Low-code strategies to minimize risk and maximize ROI.



Citizen development has democratized the digital transformation. No-code low-code platforms empower business experts to automate case-specific business processes with ease. Individuals at every level of an organisation are finally allowed to reap the tangible benefits of an otherwise abstract digital transformation.


It is no surprise that Forbes describes no-code low-code as being “The Most Disruptive Trend Of 2021”.  The article cites research by Gartner which shows that nearly two-thirds of development will be done in-house, using no-code low-code technology, within 3-5 years. [1]


Excel has long been the tool of predilection for citizen developers. It was, until recently, one of the only tools at their disposal to automate unique work processes without the involvement of IT. Excel power users built complex VBA macros and Power Query scripts to tackle small-scale business scenarios, which would otherwise have been left unaddressed by busy IT departments, struggling to keep up with the priorities of upper management.


Haphazard automation was better than no automation at all. Excel power users are the unsung heroes of organizations big and small. Often operating independently with little or no oversight, as a group, they constituted what amounts to a shadow IT department.


Today, no-code low-code platforms have ushered in a new era of citizen development, exponentially increasing both the potential risks and benefits for organisations. To minimize risk and maximize ROI, another article published by Forbes stresses the need to “bring shadow IT into the light and capitalize on citizen developers”.  [2] Easier said than done, as deeply ingrained habits, procedures, and structures must be transformed. Then again, transformation is the operating word of the digital transformation.




Risks lurking in the shadows

Governance and security are arguably the greatest risks faced by organisations adopting no-code low-code development strategies.


Without proper guidance, well-intentioned citizen developers may take it upon themselves to select no-code low-code platforms, which may or may not be aligned with the organisation’s overall IT strategy. Different departments could potentially deploy apps using a myriad of no-code low-code platforms, each with their own disparate fees, licenses, and databases. In short, a nightmare scenario for IT.


Furthermore, IT departments may be left holding a hot potato if a manager requests support for a broken app built on a platform that they do not fully understand. HR could face competing requests from unaligned departments, each pushing for training programs for their platform of choice.


Citizen developers often build solutions that get the job done… until they eventually leave the organisation. Then, their coworkers are left to fend for themselves, struggling to decode the undocumented inner workings of an app, if they even have access to the platform at all.


Without proper security training, citizen developers can potentially expose sensitive data, breach privacy regulations, or open back doors into an organisation’s infrastructure. Worse, rogue employees could leverage the efficiency of no-code low-code platforms to steal personal data or to wreak havoc.


Despite the risks and complications, the second Forbes article stresses that “you cannot fight shadow IT. People will always be driven to create better work processes. The solution is not to try to eliminate it; rather, it is to shine a light on it and bring it out of the shadows.”


It is important to recognize that a measure of risk has always been, and will always be, present in any business scenario. Any attempt to eliminate risk altogether is a futile exercise. Thus, the objective is to reduce risk to a minimum and control an organisation’s exposure.


Furthermore, maintaining the status quo implies accepting existing risks that may, indeed, be greater than the risks posed by no-code low-code development. Fundamentally, such platforms are used to automate data processing, in some capacity. As such, any yet to be automated work process also involves employees having access to data, in one form or another.


In many cases, employees process data using Excel spreadsheets. Excel files can most often be stored, accessed, shared, or deleted without an organisation’s consent or knowledge. Although the databases at the core of no-code low-code platforms cannot be considered 100% secure, they are most often safer than portable Excel files. Risk management is often about choosing the lesser of two evils.


In 2013, the BBC reported that Russia’s agency for Kremlin security bought typewriters “to avoid leaks.” Nevertheless, as long as the Kremlin contains a photocopier, a certain measure of risk will exist. [3]




The People Factor

IT departments are hard at work deploying enterprise-scale flagship digital transformation initiatives. In spite of the COVID-19 crisis, they have seen their digital transformation budgets increase. [4] Nevertheless, despite all the technological breakthroughs and increased budgets, business is people, still.


In a recent blog post by Amanda Silver, Corporate Vice President of Product, Developer Division at Microsoft, states: “The most successful companies understand digital transformation is not just about adding technology, but about supporting their people to continuously generate value through deep customer insights and rapid iteration.” [5]


The blog post highlights that recruiting talent is an ongoing challenge. “The global developer shortage limits the pace of innovation, digitization, and transformation. To help meet this demand, we must make technical learning more accessible to anyone who wants to learn to code and pursue a career in software development.”


Organisations may find solutions from within. The cohorts of existing shadow IT power users represent a readily available and untapped pool of talent. Power users possess both business experience and emerging technical skills. None are better suited to automate business processes than those who have been doing the work themselves for years. All it takes is curiosity, training, and a corporate culture of innovation.


This pool of talent may be larger than one would expect. A recent study by Microsoft and Goldsmiths, University of London, shows that “73% of UK workers are NextGen Workers: people who possess a combination of high consumptive skills as well as emerging productive skills”. Moreover, “17% of employees currently feel able to create digital tools and systems for other workers to adopt.” [6]


A democratized digital transformation culture must be at the core of any concerted citizen development initiative. The digital transformation is not IT’s business, it is the business. There are as many digital transformation stakeholders as there are employees in an organisation. Individuals at every level must feel involved and empowered to innovate.


This begins with transparency and an effective communication strategy. Organisations must strive to ensure that every employee understands how and why the digital transformation is relevant in their role and from their perspective.


For example, Sonepar, a world-leading B-2-B electrical wholesaler, formerly held annual IT conventions where IT professionals from across the world convened to share best practices and strategize about future projects. COVID-19 changed their plans, and the event was moved online.


“The original plan was to have a physical event in Berlin with the IT team and digital experts, amounting to only 60 or 70 people covering the Digital Enterprise Agenda. Then we decided to just think big, and invite all 48,000 associates to attend this event, and have 80 experts from 15 countries recording more than 3000 hours' worth of content.” - Jérémie Profeta, Chief Digital Enterprise Officer, Sonepar [7]


Most organisations already have a digital transformation plan. [8] A clear citizen development strategy should be a key element of that plan. The stakeholders, thus every employee, should be aware of the plan and their part in it.




Simplifying governance through platform standardisation

The first element of this plan should the selection of a single no-code low-code platform to be used for the entire organisation. Governance, security, and training would otherwise be as complex to manage as the number of platforms in circulation.


According to research published by Gartner, “by 2023, over 50% of medium to large enterprises will have adopted an LCAP (low code application platform) as one of their strategic application platforms.”


Depending on the digital maturity of the organisation, business units may already have developed solutions on multiple platforms. If so, the expertise of already active citizen developers should be leveraged and dully considered in the platform selection process. This is also an opportunity to recognize and shine a light upon the contribution of citizen developers; bound to the shadows no more.


As such, the single platform transition plan should provide a measure of flexibility for niche applications. The plan should include a transition period, during which citizen developers receive training on the chosen platform and support in porting their existing applications to the new platform.


The Gartner “2020 Magic Quadrant for Enterprise Low-Code Application Platforms” provides valuable insights into the advantages and disadvantages of various such platforms. [9]


The Microsoft Power Platform, which includes PowerApps, Power Automate, and Power Virtual Agents, is named as a Leader in the Magic Quadrant. Seamless integration with Office 365, particularly with Teams, reduces the learning curve and provides an improved user experience.


Well suited for small-scale business process automation, the Microsoft Power Platform can also scale enterprise-wide by leveraging the underlying Azure infrastructure.


Organisations with existing Microsoft 365 subscriptions may already have access to many of the functionalities of the Power Platform. Indeed, as many of the costs of the Power Platform may already be bundled into an organisation’s existing subscription model, the low marginal costs of adopting this platform can be a significant advantage.




Facilitating access to data while reducing security risks

The Microsoft solution is recognized for its robust security. Dataverse, the relational database which powers the platform, offers rich field and record-level security options to minimize risk while facilitating access to the data that users need.


Traditionally, the Excel power user processed data using spreadsheets, obtained from various internal and external sources. These portable spreadsheets expose organisations to risk, as their distribution is usually not well controlled.


Risk can be reduced by using a centralized data lake and linking the relevant portions of the data to Dataverse environments. An environment is essentially a container for apps and data, which can be attributed to a given business unit with well-defined security privileges for individual users and groups.


In practical terms, a user may now be using VLOOKUP’s to access data in a spreadsheet. Usually, this implies that the user has access to the entire data source. Instead, data can be organised in Dataverse to ensure users can view individual records without having direct access to extract the entire database.


Most work processes that are automated through Excel VBA macros can be ported to the Power Platform by using a combination of PowerApps and Power Automate. Any data which is transformed using Power Query in Excel can be processed identically in the Power Platform using dataflows, also based on the popular Power Query M language.


Dataverse allow offers rich auditing tools that allow administrators to understand exactly what is happening with their data. Instead of using static Excel files with potentially obsolete data, Dataverse can act as a dynamic repository for the latest available data.

The Power Platform allows administrators to create Data Loss Prevention policies to ensure data can only be connected to related applications that are approved by the organisation.


In essence, when correctly used and configured, Dataverse can democratize access to data, while controlling data distribution and exposure at a granular level.




A structure to foster innovation

Once a low-code platform is chosen and security guidelines have been established, users will have the tools at their disposal to contribute to their organisation’s digital transformation. However, a hammer is nothing but a useless paperweight until it actually strikes a nail.


Using new tools and developing new solutions requires time. Alas, free time is often at a premium for business users who are already stretched to the limit. Citizen developers can only be fully enabled to innovate if they are granted a clear mandate and the time to act upon their ideas.


A return on investment implies an initial investment, particularly in human resources. To fully leverage the potential of citizen development, organisations need to invest in a structure to foster innovation.  


The following structure can empower individual business users to innovate while maintaining control over governance and security risks.


Center of Excellence (CoE)

The PowerApps Center of Excellence Starter Kit was made available by Microsoft in 2019. According to Microsoft, “a CoE is designed to drive innovation and improvement, and through its central function can break down geographic and organizational silos in order to bring together like-minded people with similar business goals to share knowledge and success, whilst at the same time providing standards, consistency, and governance to the organization.” [10]


In the proposed structure, the CoE is a function of IT designed to support and govern citizen development initiatives in several business units. Depending on the size and corporate structure of an organisation, one or several Centers of Excellence may be established. The CoE team is responsible for governance, security, ROI monitoring, and high-level support.


Also, the CoE should provide a Solution Template Catalog, based on previously deployed solutions. Built according to established best practices, the templates could be adapted by citizen developers to suit their particular business needs, without needing to start from scratch. This Solution Template Catalog should also be used to showcase and recognize individual accomplishments.

The CoE could also provide custom connectors, scripts, and API’s that can be leveraged by citizen developers and included as function blocs in their apps.


Some projects are both too small for IT and too big for citizen developers. These mid-scale projects could also be led by the CoE, in partnership with the relevant business units.


Ideally, a CoE team would include both code-first developers and core-business experts, with a deep understanding of existing work processes. The CoE team would be engaged in continuous training to ensure their skills are always up to date.


Agile Tag Teams

The digital transformation should permeate every facet of an organisation. Agile Tag Teams are comprised of two business experts with extensive operational experience with the work processes they seek to automate.


In many organisations, the IT department is a cost center. As the department manages enterprise-scale infrastructure and projects, the costs of the IT department are often attributed to individual business units (or profit centers) on a prorated basis.


Agile Tag Teams are not a function of IT, but rather a function of the business unit that they serve. As such, they focus exclusively on developing solutions for that particular business unit. As the relevant business unit will reap the direct benefits of the Agile Tag Team’s use case-specific work, it is reasonable that they should assume the costs of such a team.


The Agile Tag Team should be at an arm’s length of business users, easily accessible at all times. These teams are the key to fully democratizing an organisation’s digital transformation. With a keen understanding of specific business processes and emerging technical skills, the Agile Tag Teams bridge the gap between business users and IT.


Agile Tag Teams should focus on small-scale solutions with an immediate impact, that can be developed and deployed in less than two weeks. Larger projects can be submitted to and prioritized by the Center of Excellence. The purpose of the Agile Tag Teams is to quickly deploy and support solutions based on business user feedback.


There is a common perception from business users that IT projects take an eternity to deploy and do not consider their case-specific needs. This perception can breed a culture of cynicism which slows the pace of innovation. With an ear to the ground, Agile Tag Teams are meant to break this perception and to ensure that every business user feels the digital transformation has a positive impact on their everyday work.


The Agile Tag Team workers need time both to communicate with users and to concentrate on building apps. Their time can be organized to this effect. The Tag Team citizen developers can have alternating support and development responsibilities in the morning and afternoon. While the first team member is available to support users in the morning, the second team member focuses on development. In the afternoon, the roles alternate.


Power Users

Power users are business experts who both execute business processes and strive to improve them. Their main responsibilities are linked to the business unit’s expertise and app development is not an official part of their role. They are willing to invest some of their time to automate business processes, as long as it does not interfere with their day-to-day responsibilities.


Power users can be trained to develop simple micro-solutions, which can be developed in a matter of hours or even minutes. The Agile Tag Team is at their disposal should they need any guidance, support, or assistance.


Power users with business expertise often have great ideas to automate business processes, but lack the time or skills to act upon them. The Innovation Backlog App, which will be discussed further below, can be used as a platform to share these ideas.



Users execute business processes and consume the apps produced by power users, Agile Tag Teams, and Centers of Excellence. They represent the bulk of the workforce. The quality of their user experience and their perception of the digital transformation will define the success or failure of any innovation initiative.


Business process automation will have a significant impact on their day-to-day work. Whether or not they perceive this impact as being positive is often a function of the quality and availability of the support they receive in managing their evolving responsibilities and roles.


As such, the Agile Tag Teams are at their disposal to promptly answer questions about newly developed apps. The Agile Tag Teams will also swiftly act upon bug reports provided by the users and evaluate their ideas.


The Innovation Backlog: A flexible focus on ROI

Microsoft developed the Innovation Backlog app as a component of the Center of Excellence Starter kit.


“The Innovation Backlog app gives your business users a place to record and prioritize their wish list of digital innovations. Your teams can use this app to submit ideas for apps and flows and describe pain points with the current process. Using a wizard to describe the current process, team members provide information about the people involved, the tools used, and ways to measure improvement. This information is then used to calculate an ROI and a complexity score.” [11]


As the low-code strategy is deployed and success stories are shared, more and more users will submit ideas for new and improved apps. The Innovation Backlog App allows Agile Tag Teams to prioritize development initiatives based on objective factors, namely ROI.


Each Agile Tag Team should have its own Innovation Backlog. As the teams are dedicated to a single business unit, so is their Innovation Backlog. This ensures that business units can evolve in parallel, rather than in series, and helps to broaden the reach of the digital transformation.


Although ROI should be the main factor in the prioritisation of development initiatives, Agile Tag Team members should be afforded a measure of flexibility to develop “pet projects” of their choosing. Up to 20% of an Agile Tag Team member’s development time should be spent on projects of their own choosing, which may not be directly aligned with ROI objectives.


For example, pet projects could be selected by Agile Tag Team members to develop their expertise with newly available features. Some projects can have a relatively low overall ROI, but a significant impact on a specific individual. The Agile Tag Team member may decide to develop such a pet project to recognize the efforts of an individual on another project.


Training, training, training

Proper training is essential to ensure the success of an organisation’s citizen development strategy. Adapted training should be offered to all stakeholders to ensure the no-code low-code tools are used efficiently and safely.


A short training program should be created for all users to explain the organisation’s citizen development strategy. The training should expose the benefits of the strategy, expose the structure, and name the tools available. All stakeholders should understand how they can contribute, who they can call for help, and how they can submit their ideas.


At the end of the training, power users wishing to learn more about low-code development could be redirected to Microsoft Learn. This free learning platform allows users at every level to acquire a broad set of skills with PowerApps and Power Automate.

Motivated individuals such as power users should be encouraged to follow complete learning paths on Microsoft Learn and to obtain the relevant certifications. To ensure proper security and governance, access to certain Power Platform features could be granted to users based on their training credentials.


The proposed structure is also meant to be a talent incubator, allowing users to gain skills progressively and offering a path to upward mobility in their careers. For example, a Power Platform Fundamentals certification could be a prerequisite for the Agile Tag Team member role. A Power Platform Associate certification could be a prerequisite for a role within the Center of Excellence.



The digital transformation is about people more than it is about technology. Technology is but a tool, a means to an end. The success of a digital transformation depends on how people make use of these tools. Low code platforms are no exception.


Using these new tools, citizen developers with business expertise have the potential to drive an organisation’s digital transformation. It is IT’s responsibility to ensure they are driving in the right direction.


Brought out of the shadows and into the light, citizen developers have the power to evangelize a culture of innovation throughout an organisation… if given the proper guidance and support.


Further reading: The Case for Citizen Developer Micro-Products, From the Forest to the Trees


About the author: Charles Séguin is passionate about automating the boring stuff so his team can focus on what matters most: the customer. Based just outside of Montreal, Canada, he works at Lumen, a division of Sonepar, the global market leader in B2B distribution of electrical products, solutions, and related services. 


Follow the author on LinkedIn