Governance should be a priority for any no-code/low-code deployment. Power Platform makes that much easier for any organization. Microsoft promotes the development and strategy of how an organization can manage an IT environment that includes citizen developers along with pro developers.
But apart from that, successful deployment requires an ongoing focus on security, monitoring, and application lifecycle management. Meanwhile, many companies that provide little oversight over employee-developed apps risk a lot. This article will tell you why governance should always be a priority for any business.
With great power, comes great responsibility.
According to Gartner, there will be four times as many citizen developers than experienced developers within companies by 2023. While low-code/no-code is clearly the future, this growing trend doesn’t come without challenges. In a lot of cases, governance has not kept up with the rapid rise in citizen developers within companies, leaving security holes.
Governance is the practice of evaluating and directing technological investments to ensure they support an organization’s goals. It also involves aligning technology with a company’s internal policies and strategy. A governance practice asks:
- What does this application do? What problem does it solve?
- What tools or technology are being used to build this app?
- Who owns this app? Who is responsible for it going forward?
- How does the app work?
- Was the app tested? How?
- Who will maintain the app?
- Is the app secure, including the right levels of control for access by different users
- Does the app comply with the necessary regulations such as GDPR?
- Is the company branding applied to the app?
When it comes to governance, companies should prioritize applications that are most critical to their businesses, and deprioritize applications that may have narrower impact, such as simpler productivity-based apps.
For example, a manager may want to remember team members’ birthdays. Instead of setting a reminder on Outlook, they may create a Power App to send an email 14 days ahead of each birthday. That has very little impact on overall business applications. On the other end of the spectrum, a Power App that’s integrated into a company’s ERP or CRM is business critical because it touches far more systems. That means that app is exchanging data with those applications and must follow important data and security standards.
What You Risk with Ineffective Governance Over Citizen-Developed Apps
In many companies, governance over business-critical citizen-developed apps has fallen through the cracks. If a company doesn’t integrate governance into its no-code/low-code development process, what do they risk?
- Security risks related to “shadow IT”, or IT solutions deployed by employees outside the central IT function. IT should know what’s being built and should approve platforms that citizen developers can build on. For example, safeguards are built into Microsoft’s Power Platform. Any no- or low-code platform should keep business users from building applications that are unsafe. Microsoft details its approach in this overview of its policies, as well as its documentation around application lifecycle management.
- Data security concerns regarding connectors with business-critical systems. Any application could tap into sensitive data in the organization, such as business data, customer data or even data that must be protected due to industry regulations. IT should have visibility into where critical data within your systems is being used. Companies should also know who is using each platform and what they’re able to do with it. Microsoft’s Power Platform includes role-based access control, data-loss control policies, data encryption and data exfiltration controls. Learn more about security and governance considerations from Microsoft.
- Compliance issues regarding GDPR or other regulations. If data is not managed correctly, you could face fines and legal penalties.
- Quality-control challenges. Without a Quality Assurance (QA) process in place, a small mistake could quickly escalate to a breach that could have serious financial implications.
- Downtime. SLAs are important for business-critical applications, even those built using low-code and no-code platforms.
- Application Lifecycle Management (ALM) support. Application Lifecycle Management is a proactive approach to checking in on an app throughout its lifecycle. This might include updates to ensure that the application remains protected even through modifications or additions to its functionality.
- Environment health. Organizations need an environment strategy where they can proactively standardize processes around testing and product setup, as well as control permissions for access. This includes trial environments where you can try out new features and solutions. Learn more from Microsoft about trial environments.
- Maintenance challenges around Apps and Flows (now Power Automate). Maintenance ensures timely database and application updates, as well as any new features and functionality from the platform.
- Staff turnover challenges related to app or flow ownership. As team members come and go, you may lose important knowledge in the transition on how an app was built and how it should be maintained. With oversight, IT can ensure that business-critical apps aren’t abandoned.
What is Good Governance for No-Code/Low-Code Apps?
Governance isn’t one-and-done. As mentioned above, it requires an ongoing focus on security, monitoring, and management practices. Of course, Power Platform offers capabilities in each of these areas to ensure a successful, secure and sustainable deployment. These tools reduce the complexity of governing your environment and empower your team to make the most of the Power Platform.
Along with this built-in support from Microsoft, you can benefit from developing solid processes and planning the right resources to ensure governance. A smart decision would be to learn from those who have already been through this journey. At Columbus, we can help you on your no-code/low-code journey. Because of our extensive experience, we can help you build the right structure from the start of an app’s life to its ongoing management. But we can also help customers that are already well down the road take a breather and bring in governance mid-journey.