User-created apps to face greater security risks

User-developed applications will account for at least 25 percent of new business software by 2014, driving the need for companies to adapt to this rising community of "citizen developers", according to a report by Gartner.

Released Thursday, the study noted that in an era of constrained IT budgets, end-users are looking outside IT organizations for application development and in many cases, are building application themselves.

However, Gartner warned, at least a third of enterprises without proper citizen-developer governance policies would experience substantial data, process integrity and security vulnerabilities by 2014. The research firm defines "citizen developers" as end-users who create new business applications for others through development and runtime environments sanctioned by corporate IT.

"End-user application development (EUAD) is nothing new but the risks and opportunities it presents have become much greater in recent years," Ian Finley, research vice president at Gartner, said in the report.

While the potential for EUAD to provide value is great, risks to the business as a result of poorly managed or unmanaged EUAD can also be severe, the analyst firm warned.

EUAD posed limited risks to organizations in the past as such activities were usually limited to a single user or workgroup. However, Finley said the risks have since heightened as end-users now can be tasked to build departmental, enterprise and public applications.

According to Eric Knipp, research director at Gartner, EUAD is transformed by converging forces such as changing workforce demographics, mass customization and maturation of service-oriented architecture, the availability of simplified tools for new development and the power of cloud computing to deliver IT capabilities to end-users with no IT assistance.

"Fighting these forces is a losing battle but [implementing] a citizen developer program can reduce risks and unlock the potential in EUAD," Knipp said in the report.

Such programs, which include sanctioned platforms, governance, access to enterprise services and IT guidance, could also form a safe environment for end-users, he added.

Finley said: "By engaging with end-users and helping them help themselves, IT can accelerate the exploitation of new technology and help end-users create competitive advantage and build closer links with their business peers, while managing the risks of EUAD."

The Gartner report also suggested that IT organizations manage the inherent risks of EUAD by educating citizen developers on where they have to tread lightly and offer platforms with "sharp edges" removed.

In addition, IT leaders should work with businesses to identify "just-enough governance" to enable and protect citizen developers to mitigate risks such as the reproduction of similar applications, inadequate application lifecycle management, the delegation of responsibility for failed projects to the IT department, and the ignorance of best practices in security and performance.

Knipp added that IT leaders must be proactive in managing citizen developer initiatives by providing tools which enable transparency in monitoring, change control and analytics. "If end-users developers are ignored, and they build applications without help or knowledge from IT organization, then there is a real risk that they will fail miserably and create an unplanned burden for IT," he said.