For many businesses, the value of Microsoft’s Power Platform is substantiated by increased productivity, reduced operational costs, and a move toward innovation. Organisations must, however, bear in mind that the Power Platform, and IT Self Service in general, lives right outside of IT governance’s traditional reach and therefore needs special attention.
Some of the most frequent questions among the teams who work with security and governance on the Power Platform and in the organisation are:
- How many app makers you have?
- How many apps and cloud flows are you aware of?
- What data is being used?
- What do these apps and flows do?
- Who has access to them?
With a new app, questions must be asked about licensing, approval procedures, security, and training. Once an app is deployed, organisations must establish practices that adhere to security and compliance measures.
Power Apps misgovernance
Implications of an ungoverned low-code app can be: broken and erroneous processes, loose permissions, cluttered data, compromised data security, and unused features.
owner, unable to be edited or shared. Without governance, this problem becomes apparent, too often, only after the fact. A complicated trail of administration and auditing follows, but this could have been avoided by a pre-emptive governance policy. When power apps are monitored, app authentications can be renegotiated before the owner leaves, and co-owners created to inherit the app.
Data breaches are another cost of Power Platform misgovernance. Unchecked and loose permissions offer up company data to unauthorized users, which puts an organization at risk of data leaks and disruption to business as usual. For apps which drive confidential business processes or contain sensitive customer data, breaches can be detrimental to operations. It is imperative that organizations implement a sturdy governance policy surrounding app permissions, ensuring that only trusted employees have access to company and customer data. Security risks are not adequately appreciated by many businesses, and, as part of a governance strategy, security reviews of apps need to become common practice.
Why is Governance so important?
A Power Platform governance strategy is required to provide visibility across apps and flows, collate data across products and enable IT operations teams to react fast. A successful governance framework will prevent data breaches and ensure that problems are anticipated and solved early, avoiding costly administration and bottlenecks in defunct flows.
Implementing a successful governance strategy is, to some extent, a process unique to each business that must take into account specific data, resourcing, and administration considerations. One company’s governance policy may not work for another, and organizations should keep this in mind when selecting a governance tool.
Microsoft’s Center of Excellence
To work alongside the Power Platform in supporting governance efforts, Microsoft established the Center of Excellence (CoE) starter kit. The CoE is a collection of tools designed for developing a governance strategy with a focus on Power Apps, Power Automate, and Power Virtual Agents. The kit provides some automation and tools for users to build the monitoring necessary and includes multiples apps and Power BI analytics to interact with data collected. The kit also provides several templates and suggested practices for implementing the CoE.
Challenges of establishing a CoE
- Requires multiple permissions and environments setup and configured correctly, implementing such policies such as Data Loss Prevention (DLP).
- Striking the right balance between freedom and control can be difficult.
- Lack of internal CoE and Power Platform experience and knowledge can make the setup process lengthy and draw out the return on investment and value realisation.
- Cultivating buy-in from users is tricky as governance is often perceived as a barrier to adoption.
Power Platform - Health Check and Audit
This service helps your business understand where you might have application configuration issues or where you Development practice need alignment to the Microsoft Application Life Cycle (ALM) framework. We will create a MoSCoW rated recommendations and Application Lifecycle Management (ALM) guidelines for your organisation.
This engagement could cover the following services: Power BI, Power Automate, Power Apps and Power Virtual Agents, Azure, Dynamics, Microsoft Dataverse we audit your current environment setup and deliver a documented assessment via a workshop session which highlights where you need to make improvements to the security, business and technology to be ready for a Power Platform implementation.