Power apps and governance
The Power Platform is wide-open, meaning it’s easy for employees to start using it. But it comes with great risk - data security.
In our second article by Tasman Bleechmore, Senior Consultant at Simplitize, following on from our look at how Power Apps can help businesses, Tasman discusses the importance of, and need for, governance – and how the Power App platform and its connectors need careful consideration.
Different experiences using the power platform
I see many companies at different points in their maturity using the Power Platform. Commonly, they’ve had some in-house users that have developed simple applications for themselves or departments and teams. Some have created enterprise applications on the platform and started using it.
But what we typically see are that these companies now want to get more control of the platform. It’s understandable as the first step is easy to take. But the platform is wide-open, meaning it’s easy for employees to start using it, which comes with great risk. In a word, data.
For example, one customer realized they had users installing gateways to connect with virtually any on-prem data sources — pulling all data into the platform. While that can be great, it can also be a security risk. What kind of data was it? Is it confidential, or is it not to be mixed with other data? Such questions can pose great challenges because it’s not always easy to overview these things.
The risk of connectors
When talking about governance and compliance, we mean in reference to the data ecosystem. The Power App platform connects to the likes of Salesforce and Dropbox and countless others. A user can set up a flow, connecting to a SharePoint document library. Then that user can install a connector to Dropbox, taking documents from a business location with confidential information and storing it on Dropbox.
From a governance perspective, it’s not a great situation to be in. Part of ensuring governance and setting up guidelines is looking at all the different connectors. The risk is that many users are unsure what it connects to and what relevance it has for the business. If the user has a license, they can start using Power Apps immediately, including the connectors.
To ensure security, you need to implement policies to create following your governance plan, so you can enjoy the full benefits of the platform without creating risks or issues.
At Simplitize, we provide that guidance as a service.
Start thinking 'environments'
With Microsoft, you can split up your platform into environments. That allows you to start thinking about environment management rather than managing one massive platform. For example, you can start by looking at hobby applications that are not business-critical, don’t need support, and can exist in a default environment.
And when you start building more mature apps with certain amounts of uptime and needs for support, you need a different environment. Getting a smoothly running architecture that allows organizations to leverage these applications requires a lot of thought and planning.
Furthermore, there’s a whole other discussion of security, including policies to protect the data sources put in place. There’s also platform management, meaning who owns the platform and knowing who ensures that the platform is living up to the governance role of the organization.
WorkPoint is a great platform to leverage Power Apps further. We do that for customers as well, meaning we extend their installation using actions that WorkPoint provides to further provide integration and automation. Many automations can go behind the scenes. For example, flows that react to WorkPoint events, digital signatures in combination with the document handling built-in to WorkPoint.
The structure that WorkPoint provides on SharePoint is great. And by creating custom Power Apps solutions, you can take your platform to the next level.