SlideShare a Scribd company logo

Governance of Power Platform – As enabler, not as gatekeeper

Swatantra Kumar
Swatantra Kumar

In today’s digital age, organizations are under immense pressure to define, ideate, build and deliver services at consistently shortening time to market. With a demanding market, an unpredictable and slowing economy, and a global shortage of skilled labor, low-code platforms are increasingly seen as a boon for enterprises aiming to fuel digital transformation by building new apps, modernizing application landscapes, or automating processes quicker and more efficiently. Low-code/no-code (LCNC) tools have seen steady growth due to their effectiveness in addressing some of the challenges in technology – primarily for digitizing workflows, enhancing user experiences, promoting internal efficiency, and their ability to quickly fill the workforce gap. Low-code application platforms are emerging as a key accelerator for app development and delivery. However, there are still challenges ahead due to a vacuum of battle-tested IT governance for low-code platforms. This article covers our view on the governance of one of the leading LCNC tools, Power Platform, and why it is important while planning, securing, deploying, and supporting applications built on the platform.

Technology
1 of 9
Download to read offline
Compact 2021 4 15 Swatantra Kumar, M.Tech, PGDAC, BE is senior manager at KPMG. Seven layers of governing Power Platform, not only at scale but also at speed Governance of Power Platform – as enabler, not as gatekeeper In today’s digital age, organizations are under immense pressure to define, ideate, build and deliver services at consistently shortening time to market. With a demanding market, an unpredictable and slowing economy, and a global shortage of skilled labor, low-code platforms are increasingly seen as a boon for enterprises aiming to fuel digital transformation by building new apps, modernizing application landscapes, or automating processes quicker and more efficiently. Low-code/no-code (LCNC) tools have seen steady growth due to their effectiveness in addressing some of the challenges in technology – primarily for digitizing workflows, enhancing user experiences, promoting internal efficiency, and their ability to quickly fill the workforce gap. Low-code application platforms are emerging as a key accelerator for app development and delivery. However, there are still challenges ahead due to a vacuum of battle-tested IT governance for low-code platforms. This article covers our view on the governance of one of the leading LCNC tools, Power Platform, and why it is important while planning, securing, deploying, and supporting applications built on the platform.
Governance of Power Platform – as enabler, not as gatekeeper 16 LOW-CODE – INTRODUCTION, DEMAND AND MARKET The pandemic has brought about years of change in the way organizations across sectors and regions do busi- ness. A study by McKinsey revealed that companies have accelerated digitization by three to four years ([LaBe20]) in just a few months’ time of the pandemic. It even found that the share of digital or digitally enabled products has accelerated even more. The study calls out that filling the gaps for technology talent is one of the major chal- lenges companies are facing and will continue to face: “Respondents from the companies that have executed successful responses to the crisis report a range of technology capabilities that others don’t – most notably, filling gaps for technology talent during the crisis, the use of more advanced technologies, and speed in experimenting and innovating.” This raises the immediate question of where you can find the technology talent needed to provide this increasing volume of applications in a world where talent shortage is already a problem. Low-code/no-code platforms can help. One part of the answer is that everybody in an organization is empowered to build applications, using low-code/no-code, without the need for IT centralized delivery. For example, in a study conducted by Forrester (depicted in Figure 1) for Micro- soft’s LCNC tool, Power Platform, app development costs were reduced by 74% and application management and maintenance costs by 38% ([Forr20]). Gartner states that by 2025, 70% of new applications developed by enter- prises will use low-code or no-code technologies, coming from less than 25% in 2020. According to Gartner, low-code application platforms are defined as software that enables rapid development and deployment of custom applications by abstracting and minimizing traditional-coding, in order to develop a complete application consisting of user interfaces, business logic, workflow, and data services. It also provides reasonable tools to properly secure and govern these platforms ([Wong21]). Low-code platforms change the game for building solutions in an enterprise. The focus shifts from IT-­ owned projects, to democratized implementation of apps – driven by business, domain experts, and non-IT people. Traditionally, applications were left to the IT departments to be developed, maintained, and sup- ported. As a result, a large backlog of IT projects exists, neglecting many smaller but still valuable business cases due to time, cost, and resource restrictions. This results in both frustration and un-leveraged business value. With the low-code platforms, the IT department is no longer in a central position as an implementing and operating authority. It is, together with the whole organ- ization, the enabler for the digital savvy business users, the Citizen Developers (CD). Given the capabilities the low-code platforms are bring- ing to the ecosystem, it is becoming the solution of choice for Line of Business leaders including CIOs, and CTOs to fill immediate gaps in the workforce, develop- ment capacity and tackle IT challenges to ensure busi- ness continuity. Figure 1. Power Platform extends your development potential. 1,000+ Transformation scenarios identified but untouched The average cost to develop an app is 74% less with Power Platform than with traditional coding methods. Required skills and resources Impact to the business Power Platform low-code develeopment is ideal for projects constrained by limited developer resources
17 Compact 2022 4 Digital Trends & Compliance Figure 2. Low-code trends & indicators. CHALLENGERS LEADERS NICHE PLAYERS COMPLETENESS OF VISION As of August 2021 © Gartner, Inc VISIONARIES ABILITY TO EXECUTE Kintone Quickbase Creatio Pega Appian OutSystems Mendix Oracle Newgen Microsoft Salesforce ServiceNow 65% application development will be done in low code by 2024 Accessibility Of organizations struggle to find technical talent to build applications Gartner 86% Trends & Indicators Gen Z+ Millennials resulting in a changing workforce 43% New apps will be built in the next 5 years – more than all apps built in the past 40 years 500M Low code apps projected by market in 2023 $51b X4 RPA projected market by 2024 By 2023, the Citizen Developer population in large companies will be at least 4 times larger than Pro Developers $6b DPA projected market by 2024 $13.4b BI projected market by 2024 $8b Take a look at the key industry trends, and indicators vis-à-vis low-code/no-code (LCNC): • Forrester research said that the total spending on the low-code market will reach $21.2 billion by 2022 ([Forr20]). • According to Business Wire, the future is low-code or no-code with an expected growth rate of 44.4% by 2022 to $27.23 billion (up from $4.32 billion in 2017) ([Busi18]). • The digital world expects over 500 million apps and digital services to be built and deployed by the end of 2023, according to IDC FutureScape. That is more than all of the software solutions created in the last four decades ([IDC22]). • A report by Gartner forecasts that by 2024, low-code adoption will be so widespread that 75% of the soft- ware solutions built around the world will be made with the help of such tools ([Gart21]). The imposing numbers and claims in Figure 2 show the trends that the LCNC industry is expanding at a fast pace. Be it Digital Process Automation (DPA), Robotic Process Automation (RPA), Business Process Automation (BPA), Business Intelligence (BI), or, application development, the LCNC market and demand for the tools are growing in all these segments with very positive growth outlook. Rising low-code platforms are driving about 50% annual growth in a market populated by dozens of vendors. The Microsoft Power Platform has some unique selling point(s) USPs that give them a favorable position over other leaders in the Gartner magic quadrant for low-code applications. Given the vital importance of maintaining a single source of truth in enterprises, Power Platform brings the business process on a single platform allow- ing the full cyclical approach to Analyze (Power BI), Automate (Power Automate), Act (Power BI), Assist (Power Virtual Agents) and Assemble (Power Apps) enabling end-to-end capabilities that work together and integrate seamlessly with the Microsoft ecosystem, eliminating the need and dependency on multiple separate software tools. The cherry on the cake is its seamless integration with Azure Active Directory for a comprehensive, integrated security and a single-sign-on approach throughout your systems. Power Platform is designated for a wide range of users and use cases. It opens up the approach of building applica- tions of varying complexity, ranging from simple per- sonal productivity to more complex use cases by bringing together teams from different areas for the purpose of bringing apps to life faster, also known as the “Fusion Teams” (see Figure 3) approach. A fusion team comprises: Figure 3. Fusion teams – low-code is a team sport. Citizen Developers participate directly in the development to shorten cycles Citizens register their apps and participate in training IT governs citizen activity and nurtures the community IT grants access to resources for more advanced developers Coders manage source control and app lifecycles Coders do the “hard parts”, from data integration to custom UX controls Low- Code Business IT Developers
Governance of Power Platform – as enabler, not as gatekeeper 18 • Code-first developers (also referred to as professional developers), who can extend or build upon the plat- form using traditional code first within IT depart- ments. • Citizen Developers, who can build solutions without writing code and, most importantly, know their requirements. Operating within the business, they are experts in their domain and do not require a deep knowledge of IT. • And finally, IT professionals, who can operate as the administrator or in the governance team. GOVERNANCE OF THE POWER PLATFORM The confluence of rising IT needs, coupled with the scarcity of developers and seamless integration with the Microsoft ecosystem of products has driven an increas- ing desire and need for Power Platform. However, there are some challenges that need to be addressed to estab- lish solid confidence in adopting any low-code platform in the organization. The most common inhibitors to adoption that are observed are: • Security risks regarding Shadow IT • Business-managed IT (BMIT) • Data security concerning connectors, • App or flow ownership managed by the business • Maintaining environment health • Information security & risk management • Compliances issues • Monitoring and tracking of apps and flows, etc. To address these concerns and to leverage the full poten- tial of the platform for the benefit of an organization, it is imperative to establish a successful governance frame- work. Digital governance is the key mechanism organizations use to ensure that software development aligns with strategic objectives, business goals, commercials, data protection, maintaining compliance standards, and protecting the chain of value creation, value delivery, and value capture. It encompasses the norms and stand- ards that shape the regulation regarding the develop- ment and use of technologies by offering a formal Power Platform and why you should consider it The Microsoft Power Platform is a low-code platform with a unique suite of business services that democratizes and unifies data spanning across SharePoint, Excel, Exchange, OneDrive, Office 365 apps, Microsoft 365, Azure, Dynamics 365, and standalone apps. It is named a leader in Gartner® Magic Quadrant™ for Enterprise Low-Code Application Platforms. Power Platform ties together some best-in-class services: Power BI, Power Apps, Power Automate, Power Virtual Agents, and Power Pages. Power BI is the self-service business analytics tool that helps you discover and explore insights from your data and enables to make informed, confident business decisions. Power Apps is a LCNC app development platform that allows to turn ideas into solutions by enabling to build custom apps that solve business challenges. Power Automate, formerly known as Microsoft Flow is a component that gives the ability to business users to automate workflows that orchestrate across services using connectors within the organizations, without writing any code for the same. Power Virtual Agents is an intelligent chatbot development platform empowering business users to easily create powerful AI-driven chatbots to engage conversationally with your customers and employees using a guided, no-code graphical interface without any coding. Power Pages provides a low-code way to create, host and manage process-driven secure websites, enabling organizations delivering vital information and services to customers and external users.
19 Compact 2022 4 Digital Trends & Compliance framework for achieving measurable progress while safeguarding the value flow. While governance is important to ensure that problems are anticipated and solved early, to leverage the full potential of the Power Platform, it is important to strike a balance between the organization’s needs in terms of security, compliance, and regulations (such as GDPR, etc.), yet at the same time giving teams enough freedom to innovate and create value for themselves and the enterprise. The Microsoft Power Platform provides the necessary means to strike that balance: “long-leashing” your organization, but still enabling central governance. The central effort of CIOs and Risk departments to mitigate risks is initially contrary to the idea of the autonomy that Microsoft Power Platform requires. Governance is distinguished into the following divisions: • Proactive governance • Reactive governance Proactive governance deals with the central requirements that are defined within the platform (the so-called guardrails), ideally before it is rolled out. This includes security requirements, environment and licensing strategies, cost implications, roles, and responsibilities. Being proactive, can and should be done upfront to ensure the first level of governance and security. Reactive governance describes continuous monitoring and alerting based on standardized yet specific indicators to enable a clearer view of the Power Platform. It is used to assess adoption KPIs, as well as to respond quickly where necessary. A comprehensive governance concept is fundamental to every technology and software platform. This is espe- cially true for low-code platforms due to their democra- tized nature. Figure 4 covers the seven layers or areas as advised by Microsoft ([Pich19]) to get started, while considering using, adopting, deploying, managing Power Platform and its governance. The beauty is that each of these layers is independently manageable and gives the flexibility to choose the layers in any order. Each of these layers concerns the proactive or reactive governance or both approaches. It’s important to men- tion that the governance is not a one-off exercise, it needs to be constantly reviewed and refined based on the evolving needs of the organization itself, but also given new functionality is provided by Microsoft regularly. Platform Overview – environment, apps, platform Power Platform provides an easy interface for business users to create apps and flows while simultaneously providing robust tools for pro developers, making it possible to integrate innovative solutions across Azure, Dynamics 365, and standalone applications. A common issue that arises is the ownership status of these apps and flows. If a user creates an app and then leaves the organization, the app is left without an owner, and is unable to be edited or shared. Without governance, this problem too often becomes apparent after the fact. You should have product discovery periodically to under- stand the status and origin of apps and flows in your environments. Having a Strategy & Vision defined is fundamental for any further efforts in the Power Plat- form. For instance, as a part of the strategy, consider identifying such artifacts that are orphaned or unused, and then act according to governance policy, e.g., archiv- ing orphaned apps or changing the app ownership. The Power Platform Center of Excellence starter kit provides functionalities to identify such objects and reassign the orphaned apps by changing the app ownership or archiving the unused apps. The same applies to the platform evaluation as the Power Platform is constantly evolving, and new features must be continuously evaluated to determine how they can be used meaningfully by the organization. Figure 4. Kick-start low-code journey with the 7 layers (source: Microsoft). Platform Overview Platform Architecture Secure Monitor Alert & Act Deploy Education & Support
Governance of Power Platform – as enabler, not as gatekeeper 20 Figure 5. Example environment strategy diagram (source: Microsoft). Critical project Individual project Personal productivity apps SG = Security Group Everyone is a maker Only one user has access Dev team SG are makers Business unit dev SG (A) are makers Project dev SG (B) are makers Testing SG are users only Testing SG (A) are users only End user SG AND dev team are users All end users, projects and business units (A & B) are users only Testing SG (B) are users only Default Developer Critical Project Dev Business Unit Dev Critical Project Prod Shared Pord Critical Project Test Shared Test Important Project Dev Communicate with everyone that Default is not for development of critical apps. Developer environments are completely locked for any other user except the user who subscribed to the community plan. Applications can be moved out of the environment if needed. Dedicated dev/test/prod environments for each critical application. Developers have Environment Maker access in the dev environment, but only user access in test and prod. End users only have end user access to the production solution so no one can modify the applicatoins. Shared test/prod environments for important but medium complex apps can be shared between multiple projects or business units. Individual projects and business units should always have their own development environment to protect data. End users only have basic user access to solutions and data in production environments. Figure 5 exemplifies such an environment strategy as published by Microsoft ([Mora19]). There are multiple types of environments that all have different purposes, such as: • Default – This environment is the standard out- of-the-box environment. Each tenant has a default environment and should be used for personal produc- tivity only and should not be used for critical busi- ness applications. It is recommended to rename this environment accordingly to reflect the purpose. • Developer – These environments are intended only for use by the owner, which makes it perfect for the development teams to work in isolation on an appli- cation. • Sandbox – These environments are non-production environments, which should be used for development and testing your development before moving into a production environment. Platform architecture You must know your environment to govern it better. A Power Platform environment is a space to store, manage, and share your organization’s data, apps, chatbots, and flows, and is tied to a geographic location. Environments serve as a container that administrators can use to manage apps, flows, connections, and other assets, along with permissions to allow organization members to use the resources. Therefore, start by understanding, and developing an environment strategy. An environment strategy primarily entails environment provisioning, managing access rights and other layers of data security, and effectively organizing underlying resources in a way that supports productive develop- ment in your organization.
21 Compact 2022 4 Digital Trends & Compliance • Production – This is your environment where your solutions will be accessed by end users. It is advised that the development team does not have any admin access to this environment, and it is purely the IT team that deploys the solutions to this environment. Furthermore, assign your admins the Power Platform service admin role, which grants full access to Power Apps, Power Automate & Power BI. Restrict the creation of net-new trial and production environments to admins. Next, establish the environment management policy, and processes to request the creation of environ- ments, and request access. Clear roles and responsibili- ties across the organization on support, and ownership. Defining the tiered application models along with specific lifecycles of apps support. Besides the environment, understand your organiza- tion’s tenants to govern it better. A tenant refers to the container in which all your different environments sit. Check the tenant settings and harden them as per your organization’s requirements. Next to it are connectors and on-premise data gateways, which have a crucial role while interacting with differ- ent systems. Connectors are essentially proxy wrappers around the application programming interfaces (APIs) provided by services that allow apps and flows to easily interact with the service. On-premise data gateways enables Power Apps and Power Automate to reach back to on-premises resources to support hybrid integration scenarios. The gateway leverages Azure Service Bus relay technology to securely allow access to on-premises resources. Inside the tenant, within each database environment – there are data connectors and controls. These need to be secured with the right roles and per- missions to ensure the users have access only to the tools and environments they need. Secure A major benefit of Power Platform and its integration into the Microsoft ecosystem is that users are automatically authenticated. It is the key that enables proper govern- ance of the Power Platform. Every action maker, and Citizen Developers make, happens with an authenticated account. This means that they cannot go beyond their granted permissions on SharePoint, Teams, Dataverse (formerly, CDS, Common Data Service), or any other system where data interacts. Defining security is funda- mental to the implementation of the Power Platform within an enterprise. It contains necessary decisions on: • Azure AD conditional access at the Tenant level . • Setting up data loss prevention policies at the Environ- ment level designed to enforce rules for accessibility of connectors and access to business data. • Establishing resource permissions for apps, flows, and custom connectors at the Resource level. • Assign Dataverse security roles. • Defining Cross-tenant inbound and outbound security and compliance concepts, detailing access from and to the data sources. These belong to the proactive governance area; it is important to have these defined and implemented properly before the rollout of the platform. Monitor Monitor is the reactive area of the governance approach. It is important to monitor who is accessing your apps and flows and how these are being used to ensure secu- rity policies are effective. The Security & Compliance Center can be used to review out-of-box activity logs and analytics. Configure audit logs and make use of APIs to access logs and leverage management connectors for powerful reporting. Alert & Act Alert & Act too are the reactive area of the governance approach. It is advised to automate your audit and alert process using Power Automate. It deals with ongoing monitoring of standard and specific KPIs of your apps and flows across the enterprise to gain meaningful insights into adoption. This greatly helps in discovering any risks early in the process, identifying and empower- ing champions, welcoming new makers, and fostering the best practices. With the digital innovation and enablement, the Power Platform brings to the organization – both the IT and risk management functions are quickly overwhelmed by the number of apps that are built. It is no longer about one app at a time that undergoes a development lifecy- cle. Therefore, it is important to automate the policies outlined, have alerting mechanisms in place, necessary actions defined and applied to remediate the potential risks with the growing number of apps. As an example, create workflows using management connectors that either permit or restrict behavior based on your organi- zation’s Data Loss Prevention (DLP) policies.
Governance of Power Platform – as enabler, not as gatekeeper 22 Deploy The application lifecycle includes governance, develop- ment, and maintenance. In Power Platform, with Appli- cation Lifecycle Management (ALM), you get a bird’s eye view of your projects including requirements manage- ment, resource management, nurturing and system administration such as data security, user access, change tracking, review, audit, deployment control, and rollback in a way that other approaches fail to deliver. You get increased visibility into workflow, enhanced compli- ance, faster deployments, and higher quality products. Learn and facilitate the ALM toolset and best practices. Solutions are the mechanism for implementing and deploying ALM in Power Apps and Power Automate. A solution is either managed or unmanaged. The begin- ning state of solution is the unmanaged solution. Unmanaged solutions are used in development environ- ments while you make changes to your application. Managed solutions are used to deploy to any environ- ment that isn’t a development environment for that solution. It is a finalized solution that can be distributed and installed. Educate & Support An overarching aspect of managing Power Platform is nurturing the continued growth and onboarding of makers and driving your organization to adopt a digital culture. A maker is someone who creates and enforces business processes, structures the digital collection of information, improves the efficiency of repeatable tasks, and automates business processes. Evangelism, commu- nity, and training are proven ways to create awareness of the platform’s capability and provide support within an organization. At the same time, it is an integral part for people in an organization to understand concerns, and regulations that they need to respect. Therefore, it is vital to provide well explained, persona-based entry points into the Power Platform. That can be done through central communication, as well as providing specific information to new makers to ensure they have the resources they need to be productive and successful with these tools. To enable people, clear and concise communication is crucial. EXPERIENCE FROM THE PRACTICE When approached by organizations who struggle with leveraging the full potential of the Power Platform within their organization, the following patterns are usually observed: • The adoption of the Power Platform is either minimal or cannot be assessed at all. Key indicators are not regularly reviewed. • The fear of security breaches or of not being compli- ant with regulations results in a reduced, half-hearted implementation of the Power Platform. • Regular review and adjustment of the strategy & vision, governance, and assessment of new features of the Power Platform are not conducted. • Transparent internal communication that provides guidance and information on guardrails and assists Citizen Developers is missing. • The need for proactive governance is usually known but is only partially implemented and followed. Based on our experience, organizations are mostly aware of proactive governance requirements. Along with IT, Security, and Risk departments, they usually have restricted access according to best practices before rolling out the platform. One common mistake is that the IT department continues to be put in control of app requests and creation. Low-code platforms, therefore, require a clear commit- ment and investment from the whole organization, ensuring that the topics described above are not only implemented “once” and therefore half-heartedly, but also continue to be developed further. This is the only way to keep leveraging the full value of the use cases over time. ESTABLISH A CENTER OF EXCELLENCE To improve business agility, and productivity in a governed, secure, auditable, and manageable way, while being compliant with regulatory requirements as well as reducing costs, and empowering makers, organizations should establish a Center of Excellence (CoE). A CoE helps organizations focus and align their resources and exper- tise regarding a specific capability to accomplish and sustain performance and value. CoE is designed to drive innovation and improvement, and as a central function it can break down geographic and organizational silos. In our view, a Center of Excellence encompasses the below key areas in the context of Power Platform. • Vision & Strategy • Administration & Governance • Business Value & Onboarding • Nurture, Change & Adoption • Automation We advise businesses to start with a set of workshops to identify the current state and maturity level of the Power Platform within their organization. Post assess- ment – set the target level and define how to go further on the CoE journey, in a phased approach to realize the value sooner. Our consulting approach covers all the key
23 Compact 2022 4 areas and aims to increase the maturity level of each of them separately. Administration & Governance is one of the key areas in the Power Platform journey. Depending on the size of your organization, consider installing the Power Platform Center of Excellence Starter Kit (Starter Kit) instead of starting from scratch. The Starter Kit should not be misun- derstood by CoE. The Power Platform Center of Excellence Starter Kit is a collection of the below set of components, tools, and templatized best practices designed with the Administration & Governance area in mind. a. Core components – Catalog tenant resources, DLP Strategy & Visibility, Change app ownership b. Compliance components – Sample App audit process, Archive unused apps, Act based on certain connector usage c. Nurture components – Onboard new makers, provide training and share best practices, and encourage adoption The Power Platform Center of Excellence starter kit acts as a foundation element and kick-starts the Power Platform admin & governance journey. There are a few caveats to be mindful of: • It needs to be separately installed and maintained. • The kit itself is not supported by Microsoft. • Multi-tenant setups need to be planned thoroughly with the starter kit. • It is a generic template that might not match every organization’s requirements. Therefore, it is recommended that once the starter kit is installed and configured within your environment you should consider extending and personalizing it to fit your organization’s requirements as defined by CoE. CONCLUSION With each passing day, the boundaries between business and IT are blurring at an accelerated rate. Business users, in many cases without formal programming experience, but with the help of low-code/no-code platforms, are building applications with increasing frequency. This growth can have an impact on organizations – both positive and negative. In the absence of proper govern- ance, this can lead to a large number of unmonitored applications operating across an organization, poten- tially compromising data, security, risk, and compliance. Solid governance serves as a firm foundation to enable a safe and secure backbone for the digital journey, and to drive innovation and improvement. References [Busi18] Business Wire (2018, January 16). $27.2 Billion Global Low-Code Development Platform Market 2017-2022 by Component, Deployment Mode, Organization Size, and Vertical. Retrieved from: https://www.businesswire.com/news/ home/20180116006370/en/27.2-Billion-Global-Low-Code- Development-Platform-Market [Forr20] Forrester (2020). The Total Economic Impact™ of Power Apps. Forrester TEI Report | Microsoft Power Apps. Retrieved from: https://info.microsoft.com/ww-Landing-Power-­Apps- Forrester-TEI-Report.html [Gart21] Gartner (2021, February 16). Gartner Forecasts Worldwide Low-Code Development Technologies Market to Grow 23% in 2021. Retrieved from: https://www.gartner.com/ en/newsroom/press-releases/2021-02-15-gartner-forecasts- worldwide-low-code-development-technologies-market-to- grow-23-percent-in-2021 [IDC22] IDC FutureScape (2022). IDC FutureScape: Worldwide IT Industry 2020 Predictions. Retrieved from: https://www.idc. com/research/viewtoc.jsp?containerId=US45599219 [LaBe20] LaBerge, L. et al. (2020, October 5). How COVID-19 has pushed companies over the technology tipping point – and transformed business forever. McKinsey. Retrieved from: https://www.mckinsey.com/capabilities/strategy-and-­ corporate-finance/our-insights/how-covid-19-has-pushed- companies-over-the-technology-tipping-point-and- transformed-­business-forever [Mora19] Moran, D. (2019, October 30). Establishing an Environment Strategy for Microsoft Power Platform. Microsoft. Retrieved from: https://powerapps.microsoft.com/en-au/ blog/establishing-an-environment-strategy-for-microsoft-­ power-platform/ [Pich19] Pichler, M. (2019, December 19). Update to the Power Apps and Power Automate Administration and Governance Whitepaper is now available. Microsoft. Retrieved from: https://powerapps.microsoft.com/en-us/blog/update-to- the-power-apps-and-power-automate-­administration-and- governance-whitepaper-is-now-available/ [Wong21] Wong, J. et al. (2021, September 20). Magic Quadrant for Enterprise Low-Code Application Platforms. Gartner. Retrieved from: https://www.gartner.com/doc/reprints?id=1- 275QSBDL&ct=210813&st=sb About the author Swatantra Kumar MTech, PGDAC, BE is senior manager at KPMG. He has over a decade of experience in software development & delivery, application performance, and solution architecture design. Swatantra has been involved in digital transformation, DevOps, IT strategy, SaaS & cloud consulting for various organizations in the BFSI and SMEs sector, and carried out numerous assignments with a wide range of clients around the globe helping them meet the challenges of the ever-changing IT landscape. Swatantra heads the solution design and development function and is responsible for citizen development proposition, low-code services, and Trust by Design framework. 23 Digital Trends & Compliance

Recommended

Breaking the deadlock for LOW-CODE on the Dutch market | Swatantra Kumar
Breaking the deadlock for LOW-CODE on the Dutch market | Swatantra KumarBreaking the deadlock for LOW-CODE on the Dutch market | Swatantra Kumar
Breaking the deadlock for LOW-CODE on the Dutch market | Swatantra KumarSwatantra Kumar
 
Low code - empower the capability to accelerate | Swatantra Kumar
Low code - empower the capability to accelerate | Swatantra KumarLow code - empower the capability to accelerate | Swatantra Kumar
Low code - empower the capability to accelerate | Swatantra KumarSwatantra Kumar
 
Shrinking the Custom Application Development Cycle with Low-Code Platforms
Shrinking the Custom Application Development Cycle with Low-Code PlatformsShrinking the Custom Application Development Cycle with Low-Code Platforms
Shrinking the Custom Application Development Cycle with Low-Code PlatformsQuickBase, Inc.
 
AppAgile PaaS Whitepaper (ENG)
AppAgile PaaS Whitepaper (ENG)AppAgile PaaS Whitepaper (ENG)
AppAgile PaaS Whitepaper (ENG)Stefan Zosel
 
Low-code Platform: Tìm hiểu về nền tảng ít lập trình
Low-code Platform: Tìm hiểu về nền tảng ít lập trìnhLow-code Platform: Tìm hiểu về nền tảng ít lập trình
Low-code Platform: Tìm hiểu về nền tảng ít lập trìnhHo Quang Thanh
 
Low Code Platforms - Ebook
Low Code Platforms - EbookLow Code Platforms - Ebook
Low Code Platforms - EbookWaveMaker, Inc.
 
Overview of Low-code
Overview of Low-code Overview of Low-code
Overview of Low-code KyanonDigitalOfficia
 
Addressing Common Misconceptions About Low-Code Platforms
Addressing Common Misconceptions About Low-Code PlatformsAddressing Common Misconceptions About Low-Code Platforms
Addressing Common Misconceptions About Low-Code Platformsamogaio2023
 

Recommended

Breaking the deadlock for LOW-CODE on the Dutch market | Swatantra Kumar
Breaking the deadlock for LOW-CODE on the Dutch market | Swatantra KumarBreaking the deadlock for LOW-CODE on the Dutch market | Swatantra Kumar
Breaking the deadlock for LOW-CODE on the Dutch market | Swatantra KumarSwatantra Kumar
 
Low code - empower the capability to accelerate | Swatantra Kumar
Low code - empower the capability to accelerate | Swatantra KumarLow code - empower the capability to accelerate | Swatantra Kumar
Low code - empower the capability to accelerate | Swatantra KumarSwatantra Kumar
 
Shrinking the Custom Application Development Cycle with Low-Code Platforms
Shrinking the Custom Application Development Cycle with Low-Code PlatformsShrinking the Custom Application Development Cycle with Low-Code Platforms
Shrinking the Custom Application Development Cycle with Low-Code PlatformsQuickBase, Inc.
 
AppAgile PaaS Whitepaper (ENG)
AppAgile PaaS Whitepaper (ENG)AppAgile PaaS Whitepaper (ENG)
AppAgile PaaS Whitepaper (ENG)Stefan Zosel
 
Low-code Platform: Tìm hiểu về nền tảng ít lập trình
Low-code Platform: Tìm hiểu về nền tảng ít lập trìnhLow-code Platform: Tìm hiểu về nền tảng ít lập trình
Low-code Platform: Tìm hiểu về nền tảng ít lập trìnhHo Quang Thanh
 
Low Code Platforms - Ebook
Low Code Platforms - EbookLow Code Platforms - Ebook
Low Code Platforms - EbookWaveMaker, Inc.
 
Overview of Low-code
Overview of Low-code Overview of Low-code
Overview of Low-code KyanonDigitalOfficia
 
Addressing Common Misconceptions About Low-Code Platforms
Addressing Common Misconceptions About Low-Code PlatformsAddressing Common Misconceptions About Low-Code Platforms
Addressing Common Misconceptions About Low-Code Platformsamogaio2023
 
Low-Code Development Platform.pdf
Low-Code Development Platform.pdfLow-Code Development Platform.pdf
Low-Code Development Platform.pdfAshutosh Kalbande
 
HokuApps | Why Your Organisation Should Leverage a Rapid Application Developm...
HokuApps | Why Your Organisation Should Leverage a Rapid Application Developm...HokuApps | Why Your Organisation Should Leverage a Rapid Application Developm...
HokuApps | Why Your Organisation Should Leverage a Rapid Application Developm...HokuApps
 
Digital Engineering: Top 5 Imperatives for Communications, Media and Technolo...
Digital Engineering: Top 5 Imperatives for Communications, Media and Technolo...Digital Engineering: Top 5 Imperatives for Communications, Media and Technolo...
Digital Engineering: Top 5 Imperatives for Communications, Media and Technolo...Cognizant
 
Micro focus visual cobol & mainframe solution information
Micro focus visual cobol & mainframe solution informationMicro focus visual cobol & mainframe solution information
Micro focus visual cobol & mainframe solution informationMicro Focus
 
Low-Code & No-Code: A Code-Free Revolution in Software Development
Low-Code & No-Code: A Code-Free Revolution in Software DevelopmentLow-Code & No-Code: A Code-Free Revolution in Software Development
Low-Code & No-Code: A Code-Free Revolution in Software DevelopmentAtharva System
 
QOTEQ Investment Deck
QOTEQ Investment DeckQOTEQ Investment Deck
QOTEQ Investment DeckUcluster
 
The People's Innovation Platform - Microsoft Power Platform
The People's Innovation Platform - Microsoft Power Platform The People's Innovation Platform - Microsoft Power Platform
The People's Innovation Platform - Microsoft Power PlatformKorcomptenz Inc
 
The People's Innovation Platform - Microsoft Power Platform
The People's Innovation Platform - Microsoft Power Platform The People's Innovation Platform - Microsoft Power Platform
The People's Innovation Platform - Microsoft Power PlatformKorcomptenz Inc
 
Best of tech 16 - presentation
Best of tech 16 - presentationBest of tech 16 - presentation
Best of tech 16 - presentationKapil Dev Singh
 
Elemzy is a Cloud-based Educational Management System for Institutions
Elemzy is a Cloud-based Educational Management System for InstitutionsElemzy is a Cloud-based Educational Management System for Institutions
Elemzy is a Cloud-based Educational Management System for Institutionsramraju99900999
 
Business Processes, The Enanlers Of Innovation
Business Processes, The Enanlers Of InnovationBusiness Processes, The Enanlers Of Innovation
Business Processes, The Enanlers Of Innovationtradepl
 
McKinsey | When Things Get Complex: Complex Systems, Challenges and Where to ...
McKinsey | When Things Get Complex: Complex Systems, Challenges and Where to ...McKinsey | When Things Get Complex: Complex Systems, Challenges and Where to ...
McKinsey | When Things Get Complex: Complex Systems, Challenges and Where to ...Intland Software GmbH
 
OPEN SOURCE BPM vs. Programación (RED HAT)
OPEN SOURCE BPM vs. Programación (RED HAT)OPEN SOURCE BPM vs. Programación (RED HAT)
OPEN SOURCE BPM vs. Programación (RED HAT)Kay Winkler
 
ca-and-microsoft-are-collaborating-to-enable-the-iot-driven-application-economy
ca-and-microsoft-are-collaborating-to-enable-the-iot-driven-application-economyca-and-microsoft-are-collaborating-to-enable-the-iot-driven-application-economy
ca-and-microsoft-are-collaborating-to-enable-the-iot-driven-application-economyDoug Antaya
 
Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...
Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...
Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...Cognizant
 
Foundation for accelerating digital development—Two-speed IT
Foundation for accelerating digital development—Two-speed ITFoundation for accelerating digital development—Two-speed IT
Foundation for accelerating digital development—Two-speed ITApigee | Google Cloud
 
Market landscape how pervasive technology has changed the game
Market landscape how pervasive technology has changed the gameMarket landscape how pervasive technology has changed the game
Market landscape how pervasive technology has changed the gameDennis Stoutjesdijk
 
Software Engineering: Designing a Better Experience for Communications, Media...
Software Engineering: Designing a Better Experience for Communications, Media...Software Engineering: Designing a Better Experience for Communications, Media...
Software Engineering: Designing a Better Experience for Communications, Media...Cognizant
 
Pitch Deck Teardown: Nokod Security's $8M Seed deck
Pitch Deck Teardown: Nokod Security's $8M Seed deckPitch Deck Teardown: Nokod Security's $8M Seed deck
Pitch Deck Teardown: Nokod Security's $8M Seed deckHajeJanKamps
 
Top Software Development Trends For Your Business
Top Software Development Trends For Your BusinessTop Software Development Trends For Your Business
Top Software Development Trends For Your BusinessAlbiorix Technology
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 

More Related Content

Similar to Governance of Power Platform – As enabler, not as gatekeeper

Low-Code Development Platform.pdf
Low-Code Development Platform.pdfLow-Code Development Platform.pdf
Low-Code Development Platform.pdfAshutosh Kalbande
 
HokuApps | Why Your Organisation Should Leverage a Rapid Application Developm...
HokuApps | Why Your Organisation Should Leverage a Rapid Application Developm...HokuApps | Why Your Organisation Should Leverage a Rapid Application Developm...
HokuApps | Why Your Organisation Should Leverage a Rapid Application Developm...HokuApps
 
Digital Engineering: Top 5 Imperatives for Communications, Media and Technolo...
Digital Engineering: Top 5 Imperatives for Communications, Media and Technolo...Digital Engineering: Top 5 Imperatives for Communications, Media and Technolo...
Digital Engineering: Top 5 Imperatives for Communications, Media and Technolo...Cognizant
 
Micro focus visual cobol & mainframe solution information
Micro focus visual cobol & mainframe solution informationMicro focus visual cobol & mainframe solution information
Micro focus visual cobol & mainframe solution informationMicro Focus
 
Low-Code & No-Code: A Code-Free Revolution in Software Development
Low-Code & No-Code: A Code-Free Revolution in Software DevelopmentLow-Code & No-Code: A Code-Free Revolution in Software Development
Low-Code & No-Code: A Code-Free Revolution in Software DevelopmentAtharva System
 
QOTEQ Investment Deck
QOTEQ Investment DeckQOTEQ Investment Deck
QOTEQ Investment DeckUcluster
 
The People's Innovation Platform - Microsoft Power Platform
The People's Innovation Platform - Microsoft Power Platform The People's Innovation Platform - Microsoft Power Platform
The People's Innovation Platform - Microsoft Power PlatformKorcomptenz Inc
 
The People's Innovation Platform - Microsoft Power Platform
The People's Innovation Platform - Microsoft Power Platform The People's Innovation Platform - Microsoft Power Platform
The People's Innovation Platform - Microsoft Power PlatformKorcomptenz Inc
 
Best of tech 16 - presentation
Best of tech 16 - presentationBest of tech 16 - presentation
Best of tech 16 - presentationKapil Dev Singh
 
Elemzy is a Cloud-based Educational Management System for Institutions
Elemzy is a Cloud-based Educational Management System for InstitutionsElemzy is a Cloud-based Educational Management System for Institutions
Elemzy is a Cloud-based Educational Management System for Institutionsramraju99900999
 
Business Processes, The Enanlers Of Innovation
Business Processes, The Enanlers Of InnovationBusiness Processes, The Enanlers Of Innovation
Business Processes, The Enanlers Of Innovationtradepl
 
McKinsey | When Things Get Complex: Complex Systems, Challenges and Where to ...
McKinsey | When Things Get Complex: Complex Systems, Challenges and Where to ...McKinsey | When Things Get Complex: Complex Systems, Challenges and Where to ...
McKinsey | When Things Get Complex: Complex Systems, Challenges and Where to ...Intland Software GmbH
 
OPEN SOURCE BPM vs. Programación (RED HAT)
OPEN SOURCE BPM vs. Programación (RED HAT)OPEN SOURCE BPM vs. Programación (RED HAT)
OPEN SOURCE BPM vs. Programación (RED HAT)Kay Winkler
 
ca-and-microsoft-are-collaborating-to-enable-the-iot-driven-application-economy
ca-and-microsoft-are-collaborating-to-enable-the-iot-driven-application-economyca-and-microsoft-are-collaborating-to-enable-the-iot-driven-application-economy
ca-and-microsoft-are-collaborating-to-enable-the-iot-driven-application-economyDoug Antaya
 
Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...
Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...
Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...Cognizant
 
Foundation for accelerating digital development—Two-speed IT
Foundation for accelerating digital development—Two-speed ITFoundation for accelerating digital development—Two-speed IT
Foundation for accelerating digital development—Two-speed ITApigee | Google Cloud
 
Market landscape how pervasive technology has changed the game
Market landscape how pervasive technology has changed the gameMarket landscape how pervasive technology has changed the game
Market landscape how pervasive technology has changed the gameDennis Stoutjesdijk
 
Software Engineering: Designing a Better Experience for Communications, Media...
Software Engineering: Designing a Better Experience for Communications, Media...Software Engineering: Designing a Better Experience for Communications, Media...
Software Engineering: Designing a Better Experience for Communications, Media...Cognizant
 
Pitch Deck Teardown: Nokod Security's $8M Seed deck
Pitch Deck Teardown: Nokod Security's $8M Seed deckPitch Deck Teardown: Nokod Security's $8M Seed deck
Pitch Deck Teardown: Nokod Security's $8M Seed deckHajeJanKamps
 
Top Software Development Trends For Your Business
Top Software Development Trends For Your BusinessTop Software Development Trends For Your Business
Top Software Development Trends For Your BusinessAlbiorix Technology
 

Similar to Governance of Power Platform – As enabler, not as gatekeeper (20)

Low-Code Development Platform.pdf
Low-Code Development Platform.pdfLow-Code Development Platform.pdf
Low-Code Development Platform.pdf
 
HokuApps | Why Your Organisation Should Leverage a Rapid Application Developm...
HokuApps | Why Your Organisation Should Leverage a Rapid Application Developm...HokuApps | Why Your Organisation Should Leverage a Rapid Application Developm...
HokuApps | Why Your Organisation Should Leverage a Rapid Application Developm...
 
Digital Engineering: Top 5 Imperatives for Communications, Media and Technolo...
Digital Engineering: Top 5 Imperatives for Communications, Media and Technolo...Digital Engineering: Top 5 Imperatives for Communications, Media and Technolo...
Digital Engineering: Top 5 Imperatives for Communications, Media and Technolo...
 
Micro focus visual cobol & mainframe solution information
Micro focus visual cobol & mainframe solution informationMicro focus visual cobol & mainframe solution information
Micro focus visual cobol & mainframe solution information
 
Low-Code & No-Code: A Code-Free Revolution in Software Development
Low-Code & No-Code: A Code-Free Revolution in Software DevelopmentLow-Code & No-Code: A Code-Free Revolution in Software Development
Low-Code & No-Code: A Code-Free Revolution in Software Development
 
QOTEQ Investment Deck
QOTEQ Investment DeckQOTEQ Investment Deck
QOTEQ Investment Deck
 
The People's Innovation Platform - Microsoft Power Platform
The People's Innovation Platform - Microsoft Power Platform The People's Innovation Platform - Microsoft Power Platform
The People's Innovation Platform - Microsoft Power Platform
 
The People's Innovation Platform - Microsoft Power Platform
The People's Innovation Platform - Microsoft Power Platform The People's Innovation Platform - Microsoft Power Platform
The People's Innovation Platform - Microsoft Power Platform
 
Best of tech 16 - presentation
Best of tech 16 - presentationBest of tech 16 - presentation
Best of tech 16 - presentation
 
Elemzy is a Cloud-based Educational Management System for Institutions
Elemzy is a Cloud-based Educational Management System for InstitutionsElemzy is a Cloud-based Educational Management System for Institutions
Elemzy is a Cloud-based Educational Management System for Institutions
 
Business Processes, The Enanlers Of Innovation
Business Processes, The Enanlers Of InnovationBusiness Processes, The Enanlers Of Innovation
Business Processes, The Enanlers Of Innovation
 
McKinsey | When Things Get Complex: Complex Systems, Challenges and Where to ...
McKinsey | When Things Get Complex: Complex Systems, Challenges and Where to ...McKinsey | When Things Get Complex: Complex Systems, Challenges and Where to ...
McKinsey | When Things Get Complex: Complex Systems, Challenges and Where to ...
 
OPEN SOURCE BPM vs. Programación (RED HAT)
OPEN SOURCE BPM vs. Programación (RED HAT)OPEN SOURCE BPM vs. Programación (RED HAT)
OPEN SOURCE BPM vs. Programación (RED HAT)
 
ca-and-microsoft-are-collaborating-to-enable-the-iot-driven-application-economy
ca-and-microsoft-are-collaborating-to-enable-the-iot-driven-application-economyca-and-microsoft-are-collaborating-to-enable-the-iot-driven-application-economy
ca-and-microsoft-are-collaborating-to-enable-the-iot-driven-application-economy
 
Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...
Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...
Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...
 
Foundation for accelerating digital development—Two-speed IT
Foundation for accelerating digital development—Two-speed ITFoundation for accelerating digital development—Two-speed IT
Foundation for accelerating digital development—Two-speed IT
 
Market landscape how pervasive technology has changed the game
Market landscape how pervasive technology has changed the gameMarket landscape how pervasive technology has changed the game
Market landscape how pervasive technology has changed the game
 
Software Engineering: Designing a Better Experience for Communications, Media...
Software Engineering: Designing a Better Experience for Communications, Media...Software Engineering: Designing a Better Experience for Communications, Media...
Software Engineering: Designing a Better Experience for Communications, Media...
 
Pitch Deck Teardown: Nokod Security's $8M Seed deck
Pitch Deck Teardown: Nokod Security's $8M Seed deckPitch Deck Teardown: Nokod Security's $8M Seed deck
Pitch Deck Teardown: Nokod Security's $8M Seed deck
 
Top Software Development Trends For Your Business
Top Software Development Trends For Your BusinessTop Software Development Trends For Your Business
Top Software Development Trends For Your Business
 

Recently uploaded

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 

Recently uploaded (20)

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 

Governance of Power Platform – As enabler, not as gatekeeper

  • 1. Compact 2021 4 15 Swatantra Kumar, M.Tech, PGDAC, BE is senior manager at KPMG. Seven layers of governing Power Platform, not only at scale but also at speed Governance of Power Platform – as enabler, not as gatekeeper In today’s digital age, organizations are under immense pressure to define, ideate, build and deliver services at consistently shortening time to market. With a demanding market, an unpredictable and slowing economy, and a global shortage of skilled labor, low-code platforms are increasingly seen as a boon for enterprises aiming to fuel digital transformation by building new apps, modernizing application landscapes, or automating processes quicker and more efficiently. Low-code/no-code (LCNC) tools have seen steady growth due to their effectiveness in addressing some of the challenges in technology – primarily for digitizing workflows, enhancing user experiences, promoting internal efficiency, and their ability to quickly fill the workforce gap. Low-code application platforms are emerging as a key accelerator for app development and delivery. However, there are still challenges ahead due to a vacuum of battle-tested IT governance for low-code platforms. This article covers our view on the governance of one of the leading LCNC tools, Power Platform, and why it is important while planning, securing, deploying, and supporting applications built on the platform.
  • 2. Governance of Power Platform – as enabler, not as gatekeeper 16 LOW-CODE – INTRODUCTION, DEMAND AND MARKET The pandemic has brought about years of change in the way organizations across sectors and regions do busi- ness. A study by McKinsey revealed that companies have accelerated digitization by three to four years ([LaBe20]) in just a few months’ time of the pandemic. It even found that the share of digital or digitally enabled products has accelerated even more. The study calls out that filling the gaps for technology talent is one of the major chal- lenges companies are facing and will continue to face: “Respondents from the companies that have executed successful responses to the crisis report a range of technology capabilities that others don’t – most notably, filling gaps for technology talent during the crisis, the use of more advanced technologies, and speed in experimenting and innovating.” This raises the immediate question of where you can find the technology talent needed to provide this increasing volume of applications in a world where talent shortage is already a problem. Low-code/no-code platforms can help. One part of the answer is that everybody in an organization is empowered to build applications, using low-code/no-code, without the need for IT centralized delivery. For example, in a study conducted by Forrester (depicted in Figure 1) for Micro- soft’s LCNC tool, Power Platform, app development costs were reduced by 74% and application management and maintenance costs by 38% ([Forr20]). Gartner states that by 2025, 70% of new applications developed by enter- prises will use low-code or no-code technologies, coming from less than 25% in 2020. According to Gartner, low-code application platforms are defined as software that enables rapid development and deployment of custom applications by abstracting and minimizing traditional-coding, in order to develop a complete application consisting of user interfaces, business logic, workflow, and data services. It also provides reasonable tools to properly secure and govern these platforms ([Wong21]). Low-code platforms change the game for building solutions in an enterprise. The focus shifts from IT-­ owned projects, to democratized implementation of apps – driven by business, domain experts, and non-IT people. Traditionally, applications were left to the IT departments to be developed, maintained, and sup- ported. As a result, a large backlog of IT projects exists, neglecting many smaller but still valuable business cases due to time, cost, and resource restrictions. This results in both frustration and un-leveraged business value. With the low-code platforms, the IT department is no longer in a central position as an implementing and operating authority. It is, together with the whole organ- ization, the enabler for the digital savvy business users, the Citizen Developers (CD). Given the capabilities the low-code platforms are bring- ing to the ecosystem, it is becoming the solution of choice for Line of Business leaders including CIOs, and CTOs to fill immediate gaps in the workforce, develop- ment capacity and tackle IT challenges to ensure busi- ness continuity. Figure 1. Power Platform extends your development potential. 1,000+ Transformation scenarios identified but untouched The average cost to develop an app is 74% less with Power Platform than with traditional coding methods. Required skills and resources Impact to the business Power Platform low-code develeopment is ideal for projects constrained by limited developer resources
  • 3. 17 Compact 2022 4 Digital Trends & Compliance Figure 2. Low-code trends & indicators. CHALLENGERS LEADERS NICHE PLAYERS COMPLETENESS OF VISION As of August 2021 © Gartner, Inc VISIONARIES ABILITY TO EXECUTE Kintone Quickbase Creatio Pega Appian OutSystems Mendix Oracle Newgen Microsoft Salesforce ServiceNow 65% application development will be done in low code by 2024 Accessibility Of organizations struggle to find technical talent to build applications Gartner 86% Trends & Indicators Gen Z+ Millennials resulting in a changing workforce 43% New apps will be built in the next 5 years – more than all apps built in the past 40 years 500M Low code apps projected by market in 2023 $51b X4 RPA projected market by 2024 By 2023, the Citizen Developer population in large companies will be at least 4 times larger than Pro Developers $6b DPA projected market by 2024 $13.4b BI projected market by 2024 $8b Take a look at the key industry trends, and indicators vis-à-vis low-code/no-code (LCNC): • Forrester research said that the total spending on the low-code market will reach $21.2 billion by 2022 ([Forr20]). • According to Business Wire, the future is low-code or no-code with an expected growth rate of 44.4% by 2022 to $27.23 billion (up from $4.32 billion in 2017) ([Busi18]). • The digital world expects over 500 million apps and digital services to be built and deployed by the end of 2023, according to IDC FutureScape. That is more than all of the software solutions created in the last four decades ([IDC22]). • A report by Gartner forecasts that by 2024, low-code adoption will be so widespread that 75% of the soft- ware solutions built around the world will be made with the help of such tools ([Gart21]). The imposing numbers and claims in Figure 2 show the trends that the LCNC industry is expanding at a fast pace. Be it Digital Process Automation (DPA), Robotic Process Automation (RPA), Business Process Automation (BPA), Business Intelligence (BI), or, application development, the LCNC market and demand for the tools are growing in all these segments with very positive growth outlook. Rising low-code platforms are driving about 50% annual growth in a market populated by dozens of vendors. The Microsoft Power Platform has some unique selling point(s) USPs that give them a favorable position over other leaders in the Gartner magic quadrant for low-code applications. Given the vital importance of maintaining a single source of truth in enterprises, Power Platform brings the business process on a single platform allow- ing the full cyclical approach to Analyze (Power BI), Automate (Power Automate), Act (Power BI), Assist (Power Virtual Agents) and Assemble (Power Apps) enabling end-to-end capabilities that work together and integrate seamlessly with the Microsoft ecosystem, eliminating the need and dependency on multiple separate software tools. The cherry on the cake is its seamless integration with Azure Active Directory for a comprehensive, integrated security and a single-sign-on approach throughout your systems. Power Platform is designated for a wide range of users and use cases. It opens up the approach of building applica- tions of varying complexity, ranging from simple per- sonal productivity to more complex use cases by bringing together teams from different areas for the purpose of bringing apps to life faster, also known as the “Fusion Teams” (see Figure 3) approach. A fusion team comprises: Figure 3. Fusion teams – low-code is a team sport. Citizen Developers participate directly in the development to shorten cycles Citizens register their apps and participate in training IT governs citizen activity and nurtures the community IT grants access to resources for more advanced developers Coders manage source control and app lifecycles Coders do the “hard parts”, from data integration to custom UX controls Low- Code Business IT Developers
  • 4. Governance of Power Platform – as enabler, not as gatekeeper 18 • Code-first developers (also referred to as professional developers), who can extend or build upon the plat- form using traditional code first within IT depart- ments. • Citizen Developers, who can build solutions without writing code and, most importantly, know their requirements. Operating within the business, they are experts in their domain and do not require a deep knowledge of IT. • And finally, IT professionals, who can operate as the administrator or in the governance team. GOVERNANCE OF THE POWER PLATFORM The confluence of rising IT needs, coupled with the scarcity of developers and seamless integration with the Microsoft ecosystem of products has driven an increas- ing desire and need for Power Platform. However, there are some challenges that need to be addressed to estab- lish solid confidence in adopting any low-code platform in the organization. The most common inhibitors to adoption that are observed are: • Security risks regarding Shadow IT • Business-managed IT (BMIT) • Data security concerning connectors, • App or flow ownership managed by the business • Maintaining environment health • Information security & risk management • Compliances issues • Monitoring and tracking of apps and flows, etc. To address these concerns and to leverage the full poten- tial of the platform for the benefit of an organization, it is imperative to establish a successful governance frame- work. Digital governance is the key mechanism organizations use to ensure that software development aligns with strategic objectives, business goals, commercials, data protection, maintaining compliance standards, and protecting the chain of value creation, value delivery, and value capture. It encompasses the norms and stand- ards that shape the regulation regarding the develop- ment and use of technologies by offering a formal Power Platform and why you should consider it The Microsoft Power Platform is a low-code platform with a unique suite of business services that democratizes and unifies data spanning across SharePoint, Excel, Exchange, OneDrive, Office 365 apps, Microsoft 365, Azure, Dynamics 365, and standalone apps. It is named a leader in Gartner® Magic Quadrant™ for Enterprise Low-Code Application Platforms. Power Platform ties together some best-in-class services: Power BI, Power Apps, Power Automate, Power Virtual Agents, and Power Pages. Power BI is the self-service business analytics tool that helps you discover and explore insights from your data and enables to make informed, confident business decisions. Power Apps is a LCNC app development platform that allows to turn ideas into solutions by enabling to build custom apps that solve business challenges. Power Automate, formerly known as Microsoft Flow is a component that gives the ability to business users to automate workflows that orchestrate across services using connectors within the organizations, without writing any code for the same. Power Virtual Agents is an intelligent chatbot development platform empowering business users to easily create powerful AI-driven chatbots to engage conversationally with your customers and employees using a guided, no-code graphical interface without any coding. Power Pages provides a low-code way to create, host and manage process-driven secure websites, enabling organizations delivering vital information and services to customers and external users.
  • 5. 19 Compact 2022 4 Digital Trends & Compliance framework for achieving measurable progress while safeguarding the value flow. While governance is important to ensure that problems are anticipated and solved early, to leverage the full potential of the Power Platform, it is important to strike a balance between the organization’s needs in terms of security, compliance, and regulations (such as GDPR, etc.), yet at the same time giving teams enough freedom to innovate and create value for themselves and the enterprise. The Microsoft Power Platform provides the necessary means to strike that balance: “long-leashing” your organization, but still enabling central governance. The central effort of CIOs and Risk departments to mitigate risks is initially contrary to the idea of the autonomy that Microsoft Power Platform requires. Governance is distinguished into the following divisions: • Proactive governance • Reactive governance Proactive governance deals with the central requirements that are defined within the platform (the so-called guardrails), ideally before it is rolled out. This includes security requirements, environment and licensing strategies, cost implications, roles, and responsibilities. Being proactive, can and should be done upfront to ensure the first level of governance and security. Reactive governance describes continuous monitoring and alerting based on standardized yet specific indicators to enable a clearer view of the Power Platform. It is used to assess adoption KPIs, as well as to respond quickly where necessary. A comprehensive governance concept is fundamental to every technology and software platform. This is espe- cially true for low-code platforms due to their democra- tized nature. Figure 4 covers the seven layers or areas as advised by Microsoft ([Pich19]) to get started, while considering using, adopting, deploying, managing Power Platform and its governance. The beauty is that each of these layers is independently manageable and gives the flexibility to choose the layers in any order. Each of these layers concerns the proactive or reactive governance or both approaches. It’s important to men- tion that the governance is not a one-off exercise, it needs to be constantly reviewed and refined based on the evolving needs of the organization itself, but also given new functionality is provided by Microsoft regularly. Platform Overview – environment, apps, platform Power Platform provides an easy interface for business users to create apps and flows while simultaneously providing robust tools for pro developers, making it possible to integrate innovative solutions across Azure, Dynamics 365, and standalone applications. A common issue that arises is the ownership status of these apps and flows. If a user creates an app and then leaves the organization, the app is left without an owner, and is unable to be edited or shared. Without governance, this problem too often becomes apparent after the fact. You should have product discovery periodically to under- stand the status and origin of apps and flows in your environments. Having a Strategy & Vision defined is fundamental for any further efforts in the Power Plat- form. For instance, as a part of the strategy, consider identifying such artifacts that are orphaned or unused, and then act according to governance policy, e.g., archiv- ing orphaned apps or changing the app ownership. The Power Platform Center of Excellence starter kit provides functionalities to identify such objects and reassign the orphaned apps by changing the app ownership or archiving the unused apps. The same applies to the platform evaluation as the Power Platform is constantly evolving, and new features must be continuously evaluated to determine how they can be used meaningfully by the organization. Figure 4. Kick-start low-code journey with the 7 layers (source: Microsoft). Platform Overview Platform Architecture Secure Monitor Alert & Act Deploy Education & Support
  • 6. Governance of Power Platform – as enabler, not as gatekeeper 20 Figure 5. Example environment strategy diagram (source: Microsoft). Critical project Individual project Personal productivity apps SG = Security Group Everyone is a maker Only one user has access Dev team SG are makers Business unit dev SG (A) are makers Project dev SG (B) are makers Testing SG are users only Testing SG (A) are users only End user SG AND dev team are users All end users, projects and business units (A & B) are users only Testing SG (B) are users only Default Developer Critical Project Dev Business Unit Dev Critical Project Prod Shared Pord Critical Project Test Shared Test Important Project Dev Communicate with everyone that Default is not for development of critical apps. Developer environments are completely locked for any other user except the user who subscribed to the community plan. Applications can be moved out of the environment if needed. Dedicated dev/test/prod environments for each critical application. Developers have Environment Maker access in the dev environment, but only user access in test and prod. End users only have end user access to the production solution so no one can modify the applicatoins. Shared test/prod environments for important but medium complex apps can be shared between multiple projects or business units. Individual projects and business units should always have their own development environment to protect data. End users only have basic user access to solutions and data in production environments. Figure 5 exemplifies such an environment strategy as published by Microsoft ([Mora19]). There are multiple types of environments that all have different purposes, such as: • Default – This environment is the standard out- of-the-box environment. Each tenant has a default environment and should be used for personal produc- tivity only and should not be used for critical busi- ness applications. It is recommended to rename this environment accordingly to reflect the purpose. • Developer – These environments are intended only for use by the owner, which makes it perfect for the development teams to work in isolation on an appli- cation. • Sandbox – These environments are non-production environments, which should be used for development and testing your development before moving into a production environment. Platform architecture You must know your environment to govern it better. A Power Platform environment is a space to store, manage, and share your organization’s data, apps, chatbots, and flows, and is tied to a geographic location. Environments serve as a container that administrators can use to manage apps, flows, connections, and other assets, along with permissions to allow organization members to use the resources. Therefore, start by understanding, and developing an environment strategy. An environment strategy primarily entails environment provisioning, managing access rights and other layers of data security, and effectively organizing underlying resources in a way that supports productive develop- ment in your organization.
  • 7. 21 Compact 2022 4 Digital Trends & Compliance • Production – This is your environment where your solutions will be accessed by end users. It is advised that the development team does not have any admin access to this environment, and it is purely the IT team that deploys the solutions to this environment. Furthermore, assign your admins the Power Platform service admin role, which grants full access to Power Apps, Power Automate & Power BI. Restrict the creation of net-new trial and production environments to admins. Next, establish the environment management policy, and processes to request the creation of environ- ments, and request access. Clear roles and responsibili- ties across the organization on support, and ownership. Defining the tiered application models along with specific lifecycles of apps support. Besides the environment, understand your organiza- tion’s tenants to govern it better. A tenant refers to the container in which all your different environments sit. Check the tenant settings and harden them as per your organization’s requirements. Next to it are connectors and on-premise data gateways, which have a crucial role while interacting with differ- ent systems. Connectors are essentially proxy wrappers around the application programming interfaces (APIs) provided by services that allow apps and flows to easily interact with the service. On-premise data gateways enables Power Apps and Power Automate to reach back to on-premises resources to support hybrid integration scenarios. The gateway leverages Azure Service Bus relay technology to securely allow access to on-premises resources. Inside the tenant, within each database environment – there are data connectors and controls. These need to be secured with the right roles and per- missions to ensure the users have access only to the tools and environments they need. Secure A major benefit of Power Platform and its integration into the Microsoft ecosystem is that users are automatically authenticated. It is the key that enables proper govern- ance of the Power Platform. Every action maker, and Citizen Developers make, happens with an authenticated account. This means that they cannot go beyond their granted permissions on SharePoint, Teams, Dataverse (formerly, CDS, Common Data Service), or any other system where data interacts. Defining security is funda- mental to the implementation of the Power Platform within an enterprise. It contains necessary decisions on: • Azure AD conditional access at the Tenant level . • Setting up data loss prevention policies at the Environ- ment level designed to enforce rules for accessibility of connectors and access to business data. • Establishing resource permissions for apps, flows, and custom connectors at the Resource level. • Assign Dataverse security roles. • Defining Cross-tenant inbound and outbound security and compliance concepts, detailing access from and to the data sources. These belong to the proactive governance area; it is important to have these defined and implemented properly before the rollout of the platform. Monitor Monitor is the reactive area of the governance approach. It is important to monitor who is accessing your apps and flows and how these are being used to ensure secu- rity policies are effective. The Security & Compliance Center can be used to review out-of-box activity logs and analytics. Configure audit logs and make use of APIs to access logs and leverage management connectors for powerful reporting. Alert & Act Alert & Act too are the reactive area of the governance approach. It is advised to automate your audit and alert process using Power Automate. It deals with ongoing monitoring of standard and specific KPIs of your apps and flows across the enterprise to gain meaningful insights into adoption. This greatly helps in discovering any risks early in the process, identifying and empower- ing champions, welcoming new makers, and fostering the best practices. With the digital innovation and enablement, the Power Platform brings to the organization – both the IT and risk management functions are quickly overwhelmed by the number of apps that are built. It is no longer about one app at a time that undergoes a development lifecy- cle. Therefore, it is important to automate the policies outlined, have alerting mechanisms in place, necessary actions defined and applied to remediate the potential risks with the growing number of apps. As an example, create workflows using management connectors that either permit or restrict behavior based on your organi- zation’s Data Loss Prevention (DLP) policies.
  • 8. Governance of Power Platform – as enabler, not as gatekeeper 22 Deploy The application lifecycle includes governance, develop- ment, and maintenance. In Power Platform, with Appli- cation Lifecycle Management (ALM), you get a bird’s eye view of your projects including requirements manage- ment, resource management, nurturing and system administration such as data security, user access, change tracking, review, audit, deployment control, and rollback in a way that other approaches fail to deliver. You get increased visibility into workflow, enhanced compli- ance, faster deployments, and higher quality products. Learn and facilitate the ALM toolset and best practices. Solutions are the mechanism for implementing and deploying ALM in Power Apps and Power Automate. A solution is either managed or unmanaged. The begin- ning state of solution is the unmanaged solution. Unmanaged solutions are used in development environ- ments while you make changes to your application. Managed solutions are used to deploy to any environ- ment that isn’t a development environment for that solution. It is a finalized solution that can be distributed and installed. Educate & Support An overarching aspect of managing Power Platform is nurturing the continued growth and onboarding of makers and driving your organization to adopt a digital culture. A maker is someone who creates and enforces business processes, structures the digital collection of information, improves the efficiency of repeatable tasks, and automates business processes. Evangelism, commu- nity, and training are proven ways to create awareness of the platform’s capability and provide support within an organization. At the same time, it is an integral part for people in an organization to understand concerns, and regulations that they need to respect. Therefore, it is vital to provide well explained, persona-based entry points into the Power Platform. That can be done through central communication, as well as providing specific information to new makers to ensure they have the resources they need to be productive and successful with these tools. To enable people, clear and concise communication is crucial. EXPERIENCE FROM THE PRACTICE When approached by organizations who struggle with leveraging the full potential of the Power Platform within their organization, the following patterns are usually observed: • The adoption of the Power Platform is either minimal or cannot be assessed at all. Key indicators are not regularly reviewed. • The fear of security breaches or of not being compli- ant with regulations results in a reduced, half-hearted implementation of the Power Platform. • Regular review and adjustment of the strategy & vision, governance, and assessment of new features of the Power Platform are not conducted. • Transparent internal communication that provides guidance and information on guardrails and assists Citizen Developers is missing. • The need for proactive governance is usually known but is only partially implemented and followed. Based on our experience, organizations are mostly aware of proactive governance requirements. Along with IT, Security, and Risk departments, they usually have restricted access according to best practices before rolling out the platform. One common mistake is that the IT department continues to be put in control of app requests and creation. Low-code platforms, therefore, require a clear commit- ment and investment from the whole organization, ensuring that the topics described above are not only implemented “once” and therefore half-heartedly, but also continue to be developed further. This is the only way to keep leveraging the full value of the use cases over time. ESTABLISH A CENTER OF EXCELLENCE To improve business agility, and productivity in a governed, secure, auditable, and manageable way, while being compliant with regulatory requirements as well as reducing costs, and empowering makers, organizations should establish a Center of Excellence (CoE). A CoE helps organizations focus and align their resources and exper- tise regarding a specific capability to accomplish and sustain performance and value. CoE is designed to drive innovation and improvement, and as a central function it can break down geographic and organizational silos. In our view, a Center of Excellence encompasses the below key areas in the context of Power Platform. • Vision & Strategy • Administration & Governance • Business Value & Onboarding • Nurture, Change & Adoption • Automation We advise businesses to start with a set of workshops to identify the current state and maturity level of the Power Platform within their organization. Post assess- ment – set the target level and define how to go further on the CoE journey, in a phased approach to realize the value sooner. Our consulting approach covers all the key
  • 9. 23 Compact 2022 4 areas and aims to increase the maturity level of each of them separately. Administration & Governance is one of the key areas in the Power Platform journey. Depending on the size of your organization, consider installing the Power Platform Center of Excellence Starter Kit (Starter Kit) instead of starting from scratch. The Starter Kit should not be misun- derstood by CoE. The Power Platform Center of Excellence Starter Kit is a collection of the below set of components, tools, and templatized best practices designed with the Administration & Governance area in mind. a. Core components – Catalog tenant resources, DLP Strategy & Visibility, Change app ownership b. Compliance components – Sample App audit process, Archive unused apps, Act based on certain connector usage c. Nurture components – Onboard new makers, provide training and share best practices, and encourage adoption The Power Platform Center of Excellence starter kit acts as a foundation element and kick-starts the Power Platform admin & governance journey. There are a few caveats to be mindful of: • It needs to be separately installed and maintained. • The kit itself is not supported by Microsoft. • Multi-tenant setups need to be planned thoroughly with the starter kit. • It is a generic template that might not match every organization’s requirements. Therefore, it is recommended that once the starter kit is installed and configured within your environment you should consider extending and personalizing it to fit your organization’s requirements as defined by CoE. CONCLUSION With each passing day, the boundaries between business and IT are blurring at an accelerated rate. Business users, in many cases without formal programming experience, but with the help of low-code/no-code platforms, are building applications with increasing frequency. This growth can have an impact on organizations – both positive and negative. In the absence of proper govern- ance, this can lead to a large number of unmonitored applications operating across an organization, poten- tially compromising data, security, risk, and compliance. Solid governance serves as a firm foundation to enable a safe and secure backbone for the digital journey, and to drive innovation and improvement. References [Busi18] Business Wire (2018, January 16). $27.2 Billion Global Low-Code Development Platform Market 2017-2022 by Component, Deployment Mode, Organization Size, and Vertical. Retrieved from: https://www.businesswire.com/news/ home/20180116006370/en/27.2-Billion-Global-Low-Code- Development-Platform-Market [Forr20] Forrester (2020). The Total Economic Impact™ of Power Apps. Forrester TEI Report | Microsoft Power Apps. Retrieved from: https://info.microsoft.com/ww-Landing-Power-­Apps- Forrester-TEI-Report.html [Gart21] Gartner (2021, February 16). Gartner Forecasts Worldwide Low-Code Development Technologies Market to Grow 23% in 2021. Retrieved from: https://www.gartner.com/ en/newsroom/press-releases/2021-02-15-gartner-forecasts- worldwide-low-code-development-technologies-market-to- grow-23-percent-in-2021 [IDC22] IDC FutureScape (2022). IDC FutureScape: Worldwide IT Industry 2020 Predictions. Retrieved from: https://www.idc. com/research/viewtoc.jsp?containerId=US45599219 [LaBe20] LaBerge, L. et al. (2020, October 5). How COVID-19 has pushed companies over the technology tipping point – and transformed business forever. McKinsey. Retrieved from: https://www.mckinsey.com/capabilities/strategy-and-­ corporate-finance/our-insights/how-covid-19-has-pushed- companies-over-the-technology-tipping-point-and- transformed-­business-forever [Mora19] Moran, D. (2019, October 30). Establishing an Environment Strategy for Microsoft Power Platform. Microsoft. Retrieved from: https://powerapps.microsoft.com/en-au/ blog/establishing-an-environment-strategy-for-microsoft-­ power-platform/ [Pich19] Pichler, M. (2019, December 19). Update to the Power Apps and Power Automate Administration and Governance Whitepaper is now available. Microsoft. Retrieved from: https://powerapps.microsoft.com/en-us/blog/update-to- the-power-apps-and-power-automate-­administration-and- governance-whitepaper-is-now-available/ [Wong21] Wong, J. et al. (2021, September 20). Magic Quadrant for Enterprise Low-Code Application Platforms. Gartner. Retrieved from: https://www.gartner.com/doc/reprints?id=1- 275QSBDL&ct=210813&st=sb About the author Swatantra Kumar MTech, PGDAC, BE is senior manager at KPMG. He has over a decade of experience in software development & delivery, application performance, and solution architecture design. Swatantra has been involved in digital transformation, DevOps, IT strategy, SaaS & cloud consulting for various organizations in the BFSI and SMEs sector, and carried out numerous assignments with a wide range of clients around the globe helping them meet the challenges of the ever-changing IT landscape. Swatantra heads the solution design and development function and is responsible for citizen development proposition, low-code services, and Trust by Design framework. 23 Digital Trends & Compliance