Governance: the missing but critical link in no-code/low-code development

Governance should take center stage in any no-code/low-code deployment, and the Power Platform is no exception. Companies that do not provide strong oversight for employee-developed apps face significant risks. This article will guide you on key focus areas when introducing low-code development within your organization and how to establish robust governance practices and a Center of Excellence (CoE).

With great "power", comes great responsibility

Power Platform gives a lot of power to your teams. According to Gartner, 80% of technology products and services will be built by non-tech professionals by 2024. While low-code/no-code is clearly the future and the present, this growing trend doesn’t come without challenges. 

Some businesses can become hesitant when it comes to granting power to their business users (citizen developers). But interestingly, research shows that approximately 15% of a company’s workforce are likely to be early adopters of new technology. 

Embracing this potential by listening to employees' ideas and transforming those who know your business best can provide both customer and employee value. For example, citizen developers can build apps in just a few days to a couple of weeks, often beating the usual timeline associated with large IT departments.

This approach shows how granting power to business users can lead to efficient outcomes while promoting innovation from inside your organization.  

In other cases, governance has not kept up with the rapid rise in citizen developers within companies, leaving security holes. Governance is the practice of evaluating and directing technological investments to ensure they support an organization’s goals. It also involves aligning technology with a company’s internal policies and strategy. 

A governance practice asks questions like:

• What’s the purpose and mission of this app?
• Who is accountable?
• How are decisions made?

When it comes to governance, companies should prioritize applications that are most critical to their businesses, and deprioritize applications that may have narrower impact, such as simpler productivity-based apps.

For example, a manager may want to remember team members’ birthdays. Instead of setting a reminder on Outlook, they may create a Power App to send an email 14 days ahead of each birthday. That has very little impact on overall business applications. On the other end of the spectrum, a Power App that’s integrated into a company’s ERP or CRM is business critical because it touches far more systems. That means that app is exchanging data with those applications and must follow important data and security standards.

What you risk with ineffective governance over citizen-developed apps

In many companies, governance over business-critical citizen-developed apps has fallen through the cracks. If a company doesn’t integrate governance into its no-code/low-code development process, what do they actually risk?

• Security risks related to “shadow IT”. IT should know what’s being built and should approve platforms that citizen developers can build on.
• Data security concerns regarding connectors with business-critical systems. IT needs visibility into data usage, and security features like role-based access and data encryption are required.
• Compliance issues regarding GDPR or other regulations. If data is not managed correctly, you could face fines and legal penalties.
• Quality-control challenges. Without a Quality Assurance (QA) process in place, a small mistake could quickly escalate to a breach that may have serious financial implications.
• Downtime. SLAs are important for business-critical applications.
• Application Lifecycle Management (ALM) support. This might include updates to ensure that the application remains protected even through modifications or additions to its functionality.
• Environment health. Organizations need an environment strategy where they can proactively standardize processes around testing and product setup, as well as control permissions for access.
• Maintenance challenges. Maintenance ensures timely database and application updates, as well as any new features.
• Staff turnover challenges related to the app or flow ownership. With oversight, IT can ensure that business-critical apps aren’t abandoned.

What is good governance for no-code/low-code apps?

Power Platform is designed to be user-friendly, especially for those who may not have extensive technical backgrounds. It integrates several Microsoft tools, including Power Apps, Power Automate, Power BI and Power Virtual Agents, creating a unified environment that streamlines processes and allows for automation across different areas of business operations.

However, as your platform grows and more users are introduced into the system, the risks mentioned above will become more prevalent. Implementing robust governance practices is crucial to mitigating these challenges.

Our best practices for establishing governance in the Power Platform is structured into three key areas:

• Secure –  ensures data integrity and compliance with legal regulations and managing environment security to protect sensitive information in the Power Platform
• Monitor – involves tracking application usage and detecting unauthorized creation, helping optimize app utilization for a more streamlined and effective experience
• Manage – includes environment setup, user access management, and overseeing the entire application lifecycle, guaranteeing ongoing security through continuous monitoring and adaptation 

In addition to these considerations, it’s essential to establish strategies for effectively managing your applications and environments:

1. Organize and set clear processes for application lifecycle management, covering creation, updates and removal;
2.  Enforce customization guidelines and maintain version control for consistency;
3. Categorize and secure environments by purpose, ensuring compliance with data separation policies;
4. Establish regular backups and strategies for scaling resources and optimizing performance.

The basis of your governance enablement should be a Center of Excellence (CoE), which plays a pivotal role in ensuring the success of your governance practices. Here’s what your CoE should encompass:

Establishing all of these tasks can be quite challenging, making it beneficial to delegate them. At Columbus, we have developed a streamlined approach with two types of offerings designed to simplify the process for establishing Power Platform Governance and Center of Excellence.

As the first step, we run an initial discussion with our customers to understand your landscape, ambitions, and needs regarding the Power Platform. This involves strategizing and offering change management guidance to steer you in the right direction.

Following this stage, we direct our customers towards two service options: 

• The first includes providing you with knowledge through interactive workshops, helping manage Power Platform effectively.
• The second option involves taking charge of the process on your behalf, overseeing app creation, security assessments, monthly usage monitoring, and more. 

This comprehensive approach helps you to focus on the core tasks while receiving ongoing support throughout the Power Platform journey.

Find out more about how we can help with Power Platform Governance by clicking on the button below.