Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The rising security risk of the citizen developer

George V. Hulme | April 18, 2017
Citizen developers may help enterprises to develop apps more quickly but what is it going to do to enterprise security?

The guidelines Britton advises include: 

  • Define programming languages these citizen developers can develop with. My recommendations would be memory-managed languages (Java, JavaScript, etc.). I would suspect that most of these citizen developers are building web-based applications or possibly mobile applications.
  • Define how the citizen developers will connect to these applications. HTTPS or HTTP? Make sure to protect the data in transit. 
  • Provide guidance on how to encrypt data at rest. 
  • Provide mobile SDKs that they can use to ensure that the enterprise can manage the applications properly. Selling the need for a software life-cycle management - how do we deploy, how do we revoke access when someone leaves the group, how do we wipe data from the application if the device is lost or stolen? 
  • Create an advisory board to help mentor the citizen developers to build better applications. 

It’s important that IT leadership and security teams realize that, just like earlier shifts in computing such as BYOD and the consumerization of cloud brought on by cloud computing, that they’re not going to put the brakes on the rise of the citizen developer. They’re going to need to seek out their internal citizen developers and work with the various business units to support and guide this new wave of developers in ways that are secure but also enable businesses to develop the apps everyone needs.

According to Gartner research, this will be the strategy for most enterprises. By 2020, the research firm predicts that 70 percent or more of large enterprises have citizen development policies in place.

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.