Categories
No-code governance

Microsoft Power Apps Leak Exemplifies Why Low-Code/No-Code Governance Is So Important

Share on twitter
Share on facebook
Share on linkedin

No-code technology is not just an exciting innovation—it’s also the engine for a new generation of enterprise tools which are already playing a role in shaping a better, more efficient, and more enjoyable future of workBut no-code is not a silver bullet, and companies will not be able to realize its potential by deploying it as if it were just another app—which is to say, without a comprehensive, holistic implementation strategy that includes no-code governance.

In fact, when companies do try using no-code as just another app—purchasing a no-code tool for a specific set of business users, for example, and then allowing them to use it as they please, independently of IT—they can cause more harm than good. 

The danger was exemplified recently by the report of multiple data leaks from low-code apps built inside Microsoft Power Apps. The leaks exposed sensitive information from at least 47 government and private organizations, according to Silicon Republic.

Power Apps is Microsoft’s low-code software solution. UpGuard, a cybersecurity firm, reported that the leaks sprung from a misconfiguration in the way certain apps inside Power Apps had been configured.

No-code platforms such as Tonkean ensure organizations avoid such situations by putting governance controls in the hands not of business users composing workflow solutions, but of IT professionals defining what capabilities to make available to business users—and how.

But haphazard deployment of no-code tools, conducted without the partnership of IT, doesn’t just compromise IT’s governance over the company tech stack. It also risks the proliferation of shadow IT

Effective no-code deployment strategies must be holistic—which is to say, implemented with the needs of both the business and IT in mind. It must serve not only to enable the business, but to guarantee that IT maintains full governance over your company’s technological infrastructure. Only then will your use of no-code succeed in empowering your organization to the game-changing extent it is capable of. Conversely, if the importance of governance is overlooked, no-code’s potential value will remain limited. More likely, its use over time will further encumber both business and IT’s ability to do its job effectively. 

Here’s why. 

Governance in no-code deployment protects against operational debt, risk, and shadow IT.

When individual teams use no-code to create apps without input or oversight from IT—apps that are unvetted and ultimately unsupportable—they risk exposing sensitive data and creating internal vulnerabilities. This, of course, encompasses much of what IT fears about shadow IT. 

But creating shadow IT and implementing no-code tools without IT governance can also be remarkably inefficient, resulting in team members duplicating each other’s efforts, as well as in the creation of operational debt, which can be understood as the amount of time and money required to divorce employees from the imperfect processes employees adopt when left to their own devices over time. Every time we add a new piece of technology to our operations—a new app that employees need to mold their behavior around, that IT needs to monitor, and whose limitations must be compensated for—we add to our ledger of operational debt. The more apps, systems, and human inputs involved in a process, the more operational debt that process produces. Horror stories abound of enterprises equipping business teams with no-code tools without the input or oversight of IT, only to see those teams create hundreds or even thousands of no-code apps… each of which inevitably become the responsibility of an already overburdened IT department.

Additionally, without IT input, business teams often select the wrong no-code platform. Specifically, no-code platforms that lack the functionality the business actually needs. This leaves the business implementing (yet another) half-adequate tool—and doesn’t satisfy their needs any more effectively than off-the-shelf solutions. 

Including IT as a partner and stakeholder in no-code selection and deployment from Day One—as well as grounding all aspects of your company’s no-code use in the context of IT-managed governance structures—protects against that… and protects you against other vulnerabilities, as well. 

In essence, it ensures that your use of no-code does not inadvertently injure your company in a manner that outweighs the benefits. 

Bottom line: when implementing no-code in the enterprise, the no-code tool itself should lend business teams access to technology and enable them to be technologically creative.

But it must also exist under the governing authority of IT, just like any other piece of enterprise technology. An IT-governed no-code platform can empower the business to move fast and operate self-sufficiently—can turn business users into citizen developers—while at the same time maintaining the sanctity of IT’s authority over and standardization of the tech stack.

Governance ensures no-code creates holistic value—meaning, it can be a boon for IT, too.

Mandating IT governance over no-code deployment is not only safer, however; it also ensures that IT benefits from your company’s use of no-code, too. 

See, IT has a tough job. It needs to preserve the integrity (and compliance) of the tech stack and of company data, but it also needs to enable the business to operate efficiently and creatively across functions and processes. Today, IT lacks either the resources or the bandwidth to do the latter effectively. The options at their disposal remain limited. When the business needs a solution to a business problem, for example, IT has two options: either 1) buy packaged, task-specific apps for the business; or 2) develop custom solutions themselves. Both options are costly and inadequate. Purchased apps don’t always solve process challenges or increase efficiency, because they’re too functionally specific. And custom solutions can take 6–9 months (or more) to build, and require long-term maintenance after deployment — which, all told, is a massive expenditure of IT time and energy.

But that’s where no-code comes in. Used correctly, it affords IT a more efficient option for enabling the business, namely by allowing IT to provide the business a scalable, safe, and accessible structure for creating their own workflow solutions. (Tonkean operates in this manner.) 

In practice, using no-code specifically for means of safe, governable business enablement elevates IT from mere implementers of technology to architects of technological strategy—and frees them up to focus more completely on initiatives that will truly move the needle, such as delivering SLAs or improving your product. 

Finally, using no-code platforms such as Tonkean enables IT to standardize their companies on a single (yet flexible) technology platform, enabling them to more easily facilitate cross-functional collaboration and holistic process improvement. (The IT teams we work with have found that this—compared to having to play technological whack-a-mole across hundreds of different apps and systems—far more preferable.) Governance is much less stressful when all your employees and all the tools they use can be managed from one source of truth. 

Governance is the only way to realize no-code’s true potential. 

Some think the preeminent goal of no-code is to win the business independence from IT—or to replace IT altogether. This couldn’t be further from the truth. The real value-add of no-code is the way it allows IT to more efficiently and strategically enable the business—to build a bridge between the business and IT that allows both their needs—business agility and organization-wide governance—to be met. It’s a vehicle for delivering a standardized and exponentially more scalable model for continual, powerful enablement, complete with capabilities that bridge user applications and data sources, and help users facilitate processes end-to-end. 

But no-code can only be used to this end—safely, efficiently, effectively—if IT is involved, and governance guaranteed, throughout the deployment process. 

When it is, you can be confident that your investment in no-code technology will serve to improve your operations holistically—empowering the business and IT alike, and in a manner that both enables your people and protects your data. 

Want to learn more about why IT should love no-code? Click here.

Get expert articles & updates in your inbox

Popular articles

legal intake
Blog
Ben Wallace

How Tonkean Makes Legal Intake Easy

Legal intake is a common pain point for law firms, legal departments, and legal operations teams alike. Legal has to field initial outreach via loads