Power Platform 101: Benefits, Risks and Governance
Paul Rutter, Technical Product Manager at ANS, gives an overview of Microsoft Power Platform and explains how it benefits organisations and the risks that come without proper governance.
When organisations face business challenges that demand new and innovative solutions, they often turn to the IT team for support, whether it’s expense management, purchase order (PO) approvals or bigger challenges like sales, marketing or field service management. Traditionally, organisations address these challenges with individual solutions; that is, they may invest in a new expense system, one for PO approval and another for sales. This ultimately leads to a complex, siloed IT landscape, with multiple solutions handling discrete parts of what is likely to be a larger business process.
Now, this leads to two problems. Their processes become scattered across multiple systems, potentially causing duplicate data entry and requiring complex integrations to solve the issue. Secondly, the management team needs end-to-end visibility of the data, so they need a complex analytics layer to stitch the data together and gain insights.
And then, of course, there are always additional complications arising from random spreadsheets or ‘off the shelf’ SaaS solutions someone bought that are now part of the critical business operations… sound familiar?
Whilst the individual users or departments may have “solved the problem”, from an organisational point of view, we are now open to a whole host of risks and business continuity challenges:
Where is the sensitive data stored? Who owns it? Is it under our control? When does it need to be destroyed? Who has access to it? How can we guarantee we aren’t going to lose the data?
This highlights the need for a centralised platform to store and manage the data in a secure, controlled and governed manner.
So, what tools and building blocks do we have to solve this problem? How do we use and protect them? Let’s look in this blog post.
What is Microsoft Power Platform?
Designed with simplicity in mind, Microsoft Power Platform is a set of applications, connectors, and a data platform that allows business users to create custom solutions without the need for extensive coding knowledge. If you can use Excel and PowerPoint, you could likely use the Power Platform to create your next solution.
At the heart of the Power Platform are some key components: Power BI, Power Apps, Power Automate and Dataverse. (There are a lot more components, but let’s start with these!!)
Power BI transforms raw data into meaningful insights through interactive and visually appealing dashboards, enabling users to make informed decisions.
Power Apps allows individuals to build custom applications tailored to their business needs, fostering innovation without relying on traditional software development timelines.
Power Automate automates repetitive tasks by linking different applications and services seamlessly to automate repetitive tasks through a multitude of connectors, enhancing efficiency and streamlining workflows.
Dataverse is the cornerstone of the Power Platform and provides a secure and scalable data platform to store your data. It enables organisations to store and manage business data in a centralised, controlled manner.
What makes Power Platform particularly appealing is its accessibility to non-technical users. With a user-friendly interface, it empowers employees across the organisation to participate in shaping solutions, breaking down silos and fostering collaboration.
This approach, known as “Low Code”, has emerged as a transformative force in recent years, allowing people from diverse backgrounds and skill levels to contribute to app development, not just those in the IT team!
What is Low Code?
Low Code isn’t a new concept; it’s been around for years! When I started my career in IT 15 years ago, I was working with the Oracle APEX platform. Whilst in its infancy then, that was, in essence, a low code platform. In fact, many platforms that we work with today, such as Mailchimp, WordPress, and Zapier, are considered “low code”.
One of the main drivers behind the surge in low code adoption is the organisational need for speed and agility in application development to solve real business problems. Unlike traditional app development, low code platforms use digital building blocks, allowing developers to visually create applications with significantly less manual coding, accelerating development cycles. If additional logic is required, this can often be achieved through “Excel-like” formulas rather than traditional code.
By using these digital building blocks, low-code platforms empower a broader audience, including business analysts and subject matter experts, not just IT, to actively build solutions to the problems they face daily. This fosters collaboration between technical and non-technical stakeholders, breaking down the traditional IT and business silos and promoting a more inclusive approach to solution creation.
When these benefits come together, we find that, in most cases, the low code approach can offer a budget-friendly solution for organisations to address their technical challenges. By enabling the business teams to build solutions for their problems themselves, we reduce the reliance on highly skilled, often expensive, developers and expedite development timelines.
Additionally, by enabling multiple problems to be solved on a single platform, we maximise the organisation’s investment in the platform, reducing the need for multiple licences for multiple problems. After all, you don’t buy Excel to create one spreadsheet!
The net effect is that low-code platforms enable businesses to adapt to changing market conditions by iterating and innovating rapidly. All of this sounds amazing… so there must be a downside… right?
Have we just moved the problems with Excel to the cloud?
I have spent much of my career advising customers on moving their data and processes out of spreadsheets stored in a network drive to a more governed environment.
How many spreadsheets are there in your organisation with critically sensitive data? Can you truly say you know where every spreadsheet is stored, what it contains and that you have the right security to stop data leaks? Very few organisations have a true handle on this. Yes, there are technologies in the Microsoft 365 ecosystem to help with this, but they only work if implemented correctly.
Essentially, if we give the users powerful tools, we need to ensure we empower them and give them (and our organisation) the confidence they are building in a safe space. There are huge benefits for businesses using the Power Platform, but as with anything, if the tools are not used correctly, serious risks can arise.
What are the risks of Power Platform?
Like Excel, Power Platform carries risks of data inconsistency and security vulnerabilities. Much like spreadsheets, allowing users to develop solutions within the Power Platform without proper governance will likely result in disparate data sources, inconsistencies, and integrity issues. Moreover, the security risks are huge without a structured governance framework, specifically from unauthorised access or data breaches.
Establishing clear guidelines regarding data access, permissions, and application lifecycle management is essential to prevent the creation of unregulated solutions that might compromise data security or violate regulatory compliance.
Additionally, the scalability and sustainability of solutions created within the Power Platform also echo concerns similar to uncontrolled spreadsheet usage. We’ve all seen examples where a spreadsheet is critical to the business process, but one day, the owner retires or moves on, and nobody knows how that critical spreadsheet works. We have exactly the same challenges in the Power Platform. Organisations need to understand who is building the solutions, what they are building, and where they are building them.
Only once we truly understand these factors can we ensure Power Platform solutions are developed and managed in a controlled manner.
How do we govern the Power Platform?
To govern the Power Platform effectively, organisations need to establish foundational guardrails so that we can enable our makers to build solutions while retaining governance over the ecosystem. Governance, in this context, refers to the establishment of policies, processes, and controls that guide the usage and development within the Power Platform.
One approach to achieving this is through a Power Platform Landing Zone, which is a structured, well-architected environment within a Microsoft Azure Tenant that is specifically designed for deploying and managing a Power Platform ecosystem in line with best practices.
Some of the key reasons as to why you should deploy a Power Platform Landing Zone are:
Scalability and Consistency:
A Power Platform Landing Zone enables organisations to grow their usage of Power Platform services without encountering common scalability challenges. It allows Power Platform administrators to ensure that the correct guidance is in place and that makers are directed towards the appropriate environment to build their solutions. This allows the IT team to retain oversight into who is building solutions and where they are building them.
Security and Compliance:
A Landing Zone offers a predefined architecture incorporating security best practices, helping protect sensitive data and ensure compliance with industry regulations. By adhering to a standardised landing zone, organisations can implement access controls, encryption, data loss prevention policies, and other security measures consistently across their Power Platform ecosystem, mitigating the risk of accidental or intentional data leaks.
Governance and Control:
A Landing Zone helps to establish governance policies and practices and enforce compliance through additional tooling, such as the CoE Toolkit. The CoE Toolkit enables organisations to centrally surface the Who, Where and What so that Power Platform solutions can be developed and maintained in a controlled and accountable manner.
Cost Management:
Efficient cost management is facilitated through a Power Platform Landing Zone by providing a pre-defined environment architecture that ensures only specific security groups have access to them. Additionally, core guardrails are enabled by default so that users cannot inadvertently spin up new environments and consume additional capacity outside of what has been allocated.
Operational Excellence:
Ultimately, the Landing Zone provides the foundation for operational excellence by allowing central IT teams to take control of the Power Platform ecosystem whilst enabling makers to build solutions in a controlled manner. Using this foundation and the tools provided in the CoE Toolkit, an organisation can build its own internal Centre of Excellence strategy around the Power Platform to enable its makers to promote the Low Code ethos.
If you are looking to harness the benefits of Power Platform but need assistance building the right guardrails to ensure scalability, security and compliance, you’re in the right place. At ANS, we help you create solutions quickly and safely and enable people with the right skills to solve more business problems on their own in the future. Please get in touch with us to understand what we can do for you on Power Platform and low code.