December 9, 2021
Low-code, citizen app-building is an excellent way to meet your organization’s mobile and desktop app requirements while alleviating the strain on IT. In this three-part series, we explore how Microsoft Power Platforms can streamline your efforts—and how to deploy the solution effectively. You can find the first article of the series here.
In our last article about the Microsoft Power Platform, we spoke about how Power Apps can empower citizen developers across your organization to build their very own apps. Perhaps by now you’ve done some additional research, weighed the benefits and decided you’d like to streamline your organizational app-building efforts with the help of Microsoft Power Platform’s Power Apps.
The question now is: how do you get started? This is what we call the “deployment paradox”. While it may be possible to simply turn on the tools, and allow members of your organization to just start building, that approach comes with some hefty risks. For instance, it could create a “wild west scenario” that results in the development of apps that lack effective security, fail to integrate essential KPIs or violate company policies. Not surprisingly, this approach isn’t exactly optimal.
Ruling that option out, then, you’re essentially left with three other routes of deployment:
The Centre of Enablement is an organizational structure that enables the distributed development of applications. It centralizes in-house development skills, talent and expertise in a way that makes this information more accessible to citizen developers, while enhancing clarity, focus and consistency around the organization’s app-building goals.
Specifically, the COE works by creating a simple and streamlined support structure for business units, as well as by providing opportunities for teams to develop their expertise and skills. It also offers enhanced visibility into company-wide app-building efforts and activities—to create a more coordinated digital framework.
Building a COE typically occurs in two phases. The first involves developing a clear app classification and compliance framework, while the second step is spent building a multi-disciplinary COE team.
Every app created by your organization must meet all compliance and security standards—and, depending on what type of app you’re creating, those standards will likely vary from app to app. For this reason, one of the first things you must do before opening the doors to citizen-led app-building is to have a method for defining the risk profile of every app.
This first stage in the app-building process will encourage developers to ask a series of questions to clarify the potential compliance requirements of an app by making note of the amount of sensitive data used (e.g., personal, strategic, financial, operational), the potential risks of security and data breaches, and the business risks if the app is, for some reason, not available.
Ideally, an organization will put together between eight and 10 controls that will help developers automatically classify their respective apps and move seamlessly into the compliance framework.
Once a developer has a sound understanding of whether they’re building a high-, medium- or low-risk app, they’ll move into the compliance framework—and follow a series of mandatory, compliance-related processes outlined by the organization. These processes will vary depending on the app’s classification level.
So, for example, if an app is determined to be reasonably high-risk in regard to, say, data privacy breaches, the compliance framework may require the citizen developer to first engage relevant organizational teams to help conduct a design review. From there, the citizen developer may be free to develop the app, but, once again, have to engage other team members to conduct a pre-deployment review. After the app is up and running, the compliance framework may mandate ongoing post-deployment check-ups.
A high-profile application central to business operations could warrant a different compliance process. In this case, the app might have to undergo a technical review, in-depth user-training and—if it’s going to be rolled out enterprise-wide—widespread rollout.
Check out our “5 Power Platform apps that are changing the public sector” on-demand webinar.
Once you have the right app classification system and compliance framework in place, it’s time to build your Centre of Enablement team. The purpose of the team is to educate and support your citizen developers. Additionally, its aim is to create a community of users, enforce standards and compliance, provide data stewardship and simply preserve the overall health of the platform.
This team will be central to your Power App deployment—and make sure it reflects the culture and scale of your organization. Depending on your needs, your COE team may include the following roles:
As we mentioned above, every organization is different. Depending on your size and scale, you may not find it necessary to fill every one of these positions.
While an app classification system, compliance framework and Centre of Enablement team are all elements of a sound governance framework—and integral for the effective deployment of Microsoft Power Apps across your organization—the Microsoft Centre of Excellence can help you truly empower your governing body and take your app-building efforts to the next level.
We’ll explain how the Centre of Excellence can help increase visibility into your app-building efforts in our third and final installment of this Microsoft Power Platform series. In the meantime, if you have additional questions about how to deploy Power Apps in your organization—or if you’d like to learn more about the solution’s capabilities—contact the MNP Digital team.
To learn more about how you can get support throughout the cyber insurance process, contact our team of experts today.