LCNC systems are delivering fast ROI that is very enticing, but it’s also raising risks in terms of security and stability.
The typical enterprise with a significant IT team and smaller development team is slow and inefficient at producing working software that benefits the organization, and they are incentivized to build solutions that help larger groups of users, not small. But that’s because they’re working with IT in hopes of avoiding security incidents and assuring network resources remain available without interruption.
The governance and oversight required to create an environment where this can be done safely is rare. Most companies have difficulty managing their existing, professional development teams already. LCNC use multiplies that problem out to more members of the staff, and they have less understanding of the kinds of problems they could unintentionally (or intentionally) create.
Enterprises with the budget and focus to successfully govern and harness LCNC as a development pattern will likely see an increase in efficiency and profit long-term. But those enterprises which fail to provide consistent, aggressive oversight and training are likely to make headlines in the coming years with big, expensive security breaches, sabotage by disgruntled employees, and system outages from poorly informed development patterns.
I think the key questions anyone in enterprise should ask themselves before allowing LCNC tools on employees’ computers and access to shared resources are:
- Do we already have a successful and current track record of effectively managing the risks of running many software development projects in parallel?
- Is there capacity to increase that management effort in multiplies of 10 or 20?
Rewards and advancement are available to someone who can answer both questions with a confident “yes”, but I’d also suggest backing those assertions up with real data. If a big problem arises from an LCNC app under your watch, you’ll need that data to demonstrate a serious, good faith effort to avoid such negative outcomes.
So if you proceed, do so with caution adventurer. Here there be dragons. If your corporate culture is risk-averse and apt to seek accountability when big problems happen, I’d be wary of letting users in your organization write their own apps that can interact with shared resources.