Part 1: Recognizing Risks
As any Microsoft 365 IT leader or platform owner knows, Microsoft 365 is constantly evolving with new features and products made available on a routine and rapid basis. The Power Platform is one such suite of tools that was announced and released in 2017. Originally, there were no additional licensing costs, and citizen developers and technologists alike were encouraged to try to build out some automations. And they did.
In Company X, the usage of Power Apps, Power Automate, Power Virtual Agents, and Power BI took off much faster than had been anticipated. Folks throughout the organization of more than 200,000 employees, working in diverse business units and departments across the globe, were creating apps and automations for personal productivity and more, in record numbers. Given the low barrier to entry for anyone with a desire to automate and enterprise licensing, usage of the Power Platform took off like wildfire throughout the organization.
Recognizing the risks
While self-service innovation is appreciated and encouraged at Company X, of equally high importance are security and governance. IT leadership very quickly recognized the potential security risks associated with having 10,000+ citizen developers, or makers, creating solutions. A Power Platform maker may be a non-IT professional with deep expertise in a business process who builds custom apps for their team to simplify, automate or transform tasks and processes. Makers help businesses become more productive and innovative and accelerate transformation. However, building apps, bots, and workflows with little to no oversight in a non-enterprise-grade fashion and environment presents a governance challenge. Recognizing that the Power Platform is here to stay and highly valued as a productivity tool in Company X, IT leadership and platform owners began to raise the alarm of potential risks with accelerated usage of the Power Platform by the maker community. In addition to security risks, there’s also the issue of having an operational structure and process in place to support the multitude of apps, flows, and bots being created.
Some of the areas of concern for IT leaders included:
- How many apps do we have? What and where are they?
- Are apps being built in a sustainable manner?
- What data sources are being accessed?
- Are the apps compliant with security and data loss policies?
- Are environments being used?
- What happens if someone leaves?
- What about Application Lifecycle Management?
- Do we have the proper people, processes, and methods to support these apps?
For Company X, one highly sensitive risk is the use of confidential data (PII, HIPPA, or other restricted data) in the apps being built by the makers. IT leadership asked, “Who is monitoring the use of this data and its adherence to security and DLP policies?” Other key areas of risk are the usage of a single default environment to build, test, run and modify apps and the open use of connectors (services used to enable connections to other apps, data, and devices in the cloud). By this time, there were over 30,000 assets (apps, flows, bots) in active use, and it was clear that a governance strategy needed to be put in place or that makers’ access to the tool would need to be limited or removed.
Committing to the process
Fueled by passion and real-world data to support their case, as well as a leadership team willing to listen, the Microsoft 365 and Power Platform owners were able to gain a commitment from management to address this growing concern. As a result, Company X chose to invest the time, money, and resources to create a Power Platform Governance Program to support their growing demand for productivity solutions, beginning with the exploration of the Microsoft Power Platform Center of Excellence (CoE) Starter Kit to fit their needs.
Read more about the Power Platform CoE Starter Kit, what it provides, and what work was needed to fully enable governance for Company X in our Real-World Governance Journey Part 2: Leveraging and Building Upon the Power Platform CoE Starter Kit.
Begin your Power Platform CoE Journey
If you are ready to empower your citizen developers in a safe, secure, operationally efficient way, our Power Platform Center of Excellence program is for you. If you would like to learn more about services to get your Power Platform Center of Excellence up and running, please contact us to arrange a complimentary consultation.
Compass365, a Microsoft Gold Partner, delivers SharePoint, Microsoft Teams, and Power Platform solutions that help IT and business leaders improve how their organizations operate and their employees work.