3 min

With the undeniable rise of low-code helping to fuel the dual-carriageway of software application development that is no-code, the spectre of so-called ‘citizen developers’ has arguably given these practitioners a bad rap overall. Given the rise of both disciplines (sometimes in scenarios where one single vendor straddles both approaches), how should we regard these avenues into automation and what kind of governance controls should we now be ensuring we put in place.

As we know, low-code is designed solely to help streamline and expedite the workflow of professional developers. It’s intended as a tool to help developers build complex enterprise applications and still requires a fundamental knowledge of code. These tools don’t empower citizen development’ and the app creation is still done within the confines of the IT department. This clarification is made Dinesh Varadharajan in his role as chief product officer at integrated low-code/no-code platform company Kissflow.

Where we look at no-code for businesspople, there are arguments for its use to enable business users to build helpful workflow and departmental processes without turning to IT.

Thousands of long-tail applications

“The idea that non-technical business users can create an unlimited number of processes with little direction or IT oversight is the reason for IT concern and general scepticism towards these people,” said Varadharajan. “Actual citizen developers are ones that in theory are creating hundreds if not thousands of long-tail applications [i.e. the smaller often incremental application functionalities that are either too specific, rare or random for the development team to think about creating without spiralling costs or at the risk of breaking other mission-critical project lines] and digital workflows completely independent from IT and professional developers.”

Long-tail apps are tools that business users request to make their work easier and more efficient. However, these apps don’t fall into the urgent and important category. These are apps like visitor management, local asset requests or incident management. So how do we make use of these technologies effectively in real world business use cases.

Governance lays down the law

“Governance is the antidote to the negative sentiment surrounding citizen developers,” said Varadharajan. “This negative sentiment isn’t based on the threat of citizen developers ‘stealing’ work away from traditional developers – or conversely – creating more work (e.g. generating more technical debt). The negative sentiment is based on a lack of control and oversight (since it’s the IT department that is fundamentally responsible for data and process security in the organisation). Strong and reliable governance can and should disarm most current objections to citizen developers/development.”

The suggestion here is that a no-code or low-code platform with robust integrated governance allows IT to secure the businesses’ IT perimeter.

It offers full visibility of every application created and its subsequent adoption. It alerts IT of suspicious activity (downloads, transfers, printouts of data) and keeps a digital record of the tools used across the organization since its implementation. Permission-based governance is counter to concerns that citizen developers will create vulnerabilities through application creation without proper guidance.

Two paradigms for development

“The future of lower-code (by which I obviously mean both no-code & low-code) is likely to evolve based on two paradigms,” suggests Varadharajan. “Traditional low-code code automation tools will continue to be used by professional developers to build complex enterprise applications. In the near term, generative AI will bring further innovation to this process and continue to expedite application creation. Generative will also accelerate and scale traditional software development that’s done by traditional developers.

If Varadharajan is permitted to offer a second paradigm here, it would be to point to his own firm’s approach to the no-code end of the spectrum; he would like to suggest that tools like Kissflow might scale because of the growing adoption of these tools when they are properly monitored and controlled by IT teams through a robust governance solution. 

“In this sense, governance is what will enable these kinds of solutions to scale and act as a counter to a lot of current negative sentiment toward citizen development. We will likely see low-code and no-code further split into separate categories. Each is meant for a different kind of stakeholder with a different goal,” he surmised.

In closing, Varadharajan is optimistic and says that governance does not necessarily mean overt levels of totalitarian control i.e. governance can represent an encouragement factor for end users to be successful and to deliver business value.