Governance of

Power Platform
– as enabler,
Swatantra Kumar, M.Tech,
PGDAC, BE
is senior manager at KPMG.

not as gatekeeper
Seven layers of governing Power Platform,
not only at scale but also at speed
In today’s digital age, organizations are under immense pressure to define, ideate, build and deliver
services at consistently shortening time to market. With a demanding market, an unpredictable and
slowing economy, and a global shortage of skilled labor, low-code platforms are increasingly seen
as a boon for enterprises aiming to fuel digital transformation by building new apps, modernizing
application landscapes, or automating processes quicker and more efficiently. Low-code/no-code
(LCNC) tools have seen steady growth due to their effectiveness in addressing some of the
challenges in technology – primarily for digitizing workflows, enhancing user experiences,
promoting internal efficiency, and their ability to quickly fill the workforce gap. Low-code
application platforms are emerging as a key accelerator for app development and delivery. However,
there are still challenges ahead due to a vacuum of battle-tested IT governance for low-code
platforms. This article covers our view on the governance of one of the leading LCNC tools, Power
Platform, and why it is important while planning, securing, deploying, and supporting applications
built on the platform.

Compact 2021 4 15
 LOW-CODE – INTRODUCTION, DEMAND
AND MARKET According to Gartner, low-code application
platforms are defined as software that enables
The pandemic has brought about years of change in the rapid development and deployment of custom
way organizations across sectors and regions do busi- applications by abstracting and minimizing
ness. A study by McKinsey revealed that companies have traditional-coding, in order to develop a complete
accelerated digitization by three to four years ([LaBe20]) application consisting of user interfaces,
in just a few months’ time of the pandemic. It even found business logic, workflow, and data services. It
that the share of digital or digitally enabled products has also provides reasonable tools to properly secure
accelerated even more. The study calls out that filling and govern these platforms ([Wong21]).
the gaps for technology talent is one of the major chal-
lenges companies are facing and will continue to face: Low-code platforms change the game for building
“Respondents from the companies that have executed solutions in an enterprise. The focus shifts from IT-­
successful responses to the crisis report a range of owned projects, to democratized implementation of
technology capabilities that others don’t – most notably, apps – driven by business, domain experts, and non-IT
filling gaps for technology talent during the crisis, the use of people. Traditionally, applications were left to the IT
more advanced technologies, and speed in experimenting and departments to be developed, maintained, and sup-
innovating.” ported. As a result, a large backlog of IT projects exists,
neglecting many smaller but still valuable business
This raises the immediate question of where you can cases due to time, cost, and resource restrictions. This
find the technology talent needed to provide this results in both frustration and un-leveraged business
increasing volume of applications in a world where value.
talent shortage is already a problem.
With the low-code platforms, the IT department is no
Low-code/no-code platforms can help. One part of the answer longer in a central position as an implementing and
is that everybody in an organization is empowered to operating authority. It is, together with the whole organ-
build applications, using low-code/no-code, without the ization, the enabler for the digital savvy business users,
need for IT centralized delivery. For example, in a study the Citizen Developers (CD).
conducted by Forrester (depicted in Figure 1) for Micro-
soft’s LCNC tool, Power Platform, app development costs Given the capabilities the low-code platforms are bring-
were reduced by 74% and application management and ing to the ecosystem, it is becoming the solution of
maintenance costs by 38% ([Forr20]). Gartner states that choice for Line of Business leaders including CIOs, and
by 2025, 70% of new applications developed by enter- CTOs to fill immediate gaps in the workforce, develop-
prises will use low-code or no-code technologies, coming ment capacity and tackle IT challenges to ensure busi-
from less than 25% in 2020. ness continuity.

Figure 1. Power Platform extends your development potential.

The average cost to develop an

1,000+
app is 74% less with Power
Platform than with traditional
coding methods.
Transformation scenarios
Required skills and resources

identified but untouched

Power Platform low-code develeopment is ideal for projects

constrained by limited developer resources

Impact to the business

16 Governance of Power Platform – as enabler, not as gatekeeper

Figure 2. Low-code trends & indicators.

Gartner
Trends & Accessibility
43%
CHALLENGERS LEADERS
OutSystems

Indicators 65% application development will

Mendix
Salesforce
Microsoft
ServiceNow be done in low code by 2024
Appian
Oracle
Gen Z+ Millennials

$51b
Pega
Low code apps projected resulting in a
Kintone Newgen
by market in 2023 changing workforce
Quickbase
Creatio

$13.4b
ABILITY TO EXECUTE

DPA projected

86%
market by 2024

X4
NICHE PLAYERS VISIONARIES

COMPLETENESS OF VISION As of August 2021 © Gartner, Inc

500M $6b RPA projected market

by 2024 By 2023, the Citizen
Developer population in
Of organizations struggle to New apps will be built in large companies will be at
find technical talent to build
applications
the next 5 years – more
than all apps built in the
BI projected market
by 2024 $8b least 4 times larger than
Pro Developers
past 40 years

Take a look at the key industry trends, and indicators ing the full cyclical approach to Analyze (Power BI),
vis-à-vis low-code/no-code (LCNC): Automate (Power Automate), Act (Power BI), Assist
• Forrester research said that the total spending on (Power Virtual Agents) and Assemble (Power Apps)
the low-code market will reach $21.2 billion by 2022 enabling end-to-end capabilities that work together and
([Forr20]). integrate seamlessly with the Microsoft ecosystem,
• According to Business Wire, the future is low-code or eliminating the need and dependency on multiple
no-code with an expected growth rate of 44.4% by separate software tools. The cherry on the cake is its
2022 to $27.23 billion (up from $4.32 billion in 2017) seamless integration with Azure Active Directory for a
([Busi18]). comprehensive, integrated security and a single-sign-on
• The digital world expects over 500 million apps and approach throughout your systems.
digital services to be built and deployed by the end
of 2023, according to IDC FutureScape. That is more Power Platform is designated for a wide range of users and
than all of the software solutions created in the last use cases. It opens up the approach of building applica-
four decades ([IDC22]). tions of varying complexity, ranging from simple per-
• A report by Gartner forecasts that by 2024, low-code sonal productivity to more complex use cases by bringing
adoption will be so widespread that 75% of the soft- together teams from different areas for the purpose of
ware solutions built around the world will be made bringing apps to life faster, also known as the “Fusion
with the help of such tools ([Gart21]). Teams” (see Figure 3) approach. A fusion team comprises:

The imposing numbers and claims in Figure 2 show the Figure 3. Fusion teams – low-code is a team sport.
trends that the LCNC industry is expanding at a fast pace.
Citizen Developers participate Citizens register their apps
Be it Digital Process Automation (DPA), Robotic Process and participate in training
directly in the development to
Automation (RPA), Business Process Automation (BPA), shorten cycles Business
Business Intelligence (BI), or, application development,
the LCNC market and demand for the tools are growing
in all these segments with very positive growth outlook.
IT governs citizen
Rising low-code platforms are driving about 50% annual Coders do the “hard
activity and nurtures
growth in a market populated by dozens of vendors.
parts”, from data
integration to custom
Low- the community
UX controls Code
The Microsoft Power Platform has some unique selling Developers
point(s) USPs that give them a favorable position over IT
other leaders in the Gartner magic quadrant for low-code
applications. Given the vital importance of maintaining
a single source of truth in enterprises, Power Platform Coders manage source IT grants access to resources
control and app lifecycles for more advanced developers
brings the business process on a single platform allow-

Compact 2022 4 Digital Trends & Compliance 17

 Power Platform and why you should consider it
The Microsoft Power Platform is a low-code platform with a unique suite of business services that
democratizes and unifies data spanning across SharePoint, Excel, Exchange, OneDrive, Office 365 apps,
Microsoft 365, Azure, Dynamics 365, and standalone apps. It is named a leader in Gartner® Magic Quadrant™
for Enterprise Low-Code Application Platforms. Power Platform ties together some best-in-class services:
Power BI, Power Apps, Power Automate, Power Virtual Agents, and Power Pages.

Power BI is the self-service business analytics tool that helps you discover and explore
insights from your data and enables to make informed, confident business decisions.

Power Apps is a LCNC app development platform that allows to turn ideas into solutions
by enabling to build custom apps that solve business challenges.

Power Automate, formerly known as Microsoft Flow is a component that gives the
ability to business users to automate workflows that orchestrate across services using
connectors within the organizations, without writing any code for the same.

Power Virtual Agents is an intelligent chatbot development platform empowering

business users to easily create powerful AI-driven chatbots to engage conversationally
with your customers and employees using a guided, no-code graphical interface without
any coding.

Power Pages provides a low-code way to create, host and manage process-driven secure
websites, enabling organizations delivering vital information and services to customers
and external users.

• Code-first developers (also referred to as professional • Security risks regarding Shadow IT

developers), who can extend or build upon the plat- • Business-managed IT (BMIT)
form using traditional code first within IT depart- • Data security concerning connectors,
ments. • App or flow ownership managed by the business
• Citizen Developers, who can build solutions without • Maintaining environment health
writing code and, most importantly, know their • Information security & risk management
requirements. Operating within the business, they • Compliances issues
are experts in their domain and do not require a deep • Monitoring and tracking of apps and flows, etc.
knowledge of IT.
• And finally, IT professionals, who can operate as the To address these concerns and to leverage the full poten-
administrator or in the governance team. tial of the platform for the benefit of an organization, it is
imperative to establish a successful governance frame-
work.
GOVERNANCE OF THE POWER PLATFORM
Digital governance is the key mechanism organizations
The confluence of rising IT needs, coupled with the use to ensure that software development aligns with
scarcity of developers and seamless integration with the strategic objectives, business goals, commercials, data
Microsoft ecosystem of products has driven an increas- protection, maintaining compliance standards, and
ing desire and need for Power Platform. However, there protecting the chain of value creation, value delivery,
are some challenges that need to be addressed to estab- and value capture. It encompasses the norms and stand-
lish solid confidence in adopting any low-code platform ards that shape the regulation regarding the develop-
in the organization. The most common inhibitors to ment and use of technologies by offering a formal
adoption that are observed are:

18 Governance of Power Platform – as enabler, not as gatekeeper

framework for achieving measurable progress while Figure 4. Kick-start low-code journey with the 7 layers
safeguarding the value flow. (source: Microsoft).

While governance is important to ensure that problems Platform Overview

are anticipated and solved early, to leverage the full
potential of the Power Platform, it is important to strike
Platform Architecture
a balance between the organization’s needs in terms of
security, compliance, and regulations (such as GDPR,
etc.), yet at the same time giving teams enough freedom Secure
to innovate and create value for themselves and the
enterprise.
Monitor

The Microsoft Power Platform provides the necessary

means to strike that balance: “long-leashing” your Alert & Act
organization, but still enabling central governance. The
central effort of CIOs and Risk departments to mitigate
risks is initially contrary to the idea of the autonomy Deploy
that Microsoft Power Platform requires. Governance is
distinguished into the following divisions: Education & Support
• Proactive governance
• Reactive governance
Proactive governance deals with the central requirements Platform Overview – environment, apps,
that are defined within the platform (the so-called platform
guardrails), ideally before it is rolled out. This includes
security requirements, environment and licensing Power Platform provides an easy interface for business
strategies, cost implications, roles, and responsibilities. users to create apps and flows while simultaneously
Being proactive, can and should be done upfront to providing robust tools for pro developers, making it
ensure the first level of governance and security. possible to integrate innovative solutions across Azure,
Dynamics 365, and standalone applications. A common
Reactive governance describes continuous monitoring and issue that arises is the ownership status of these apps
alerting based on standardized yet specific indicators to and flows. If a user creates an app and then leaves the
enable a clearer view of the Power Platform. It is used to organization, the app is left without an owner, and is
assess adoption KPIs, as well as to respond quickly where unable to be edited or shared. Without governance, this
necessary. problem too often becomes apparent after the fact.

A comprehensive governance concept is fundamental to You should have product discovery periodically to under-
every technology and software platform. This is espe- stand the status and origin of apps and flows in your
cially true for low-code platforms due to their democra- environments. Having a Strategy & Vision defined is
tized nature. Figure 4 covers the seven layers or areas as fundamental for any further efforts in the Power Plat-
advised by Microsoft ([Pich19]) to get started, while form. For instance, as a part of the strategy, consider
considering using, adopting, deploying, managing identifying such artifacts that are orphaned or unused,
Power Platform and its governance. The beauty is that and then act according to governance policy, e.g., archiv-
each of these layers is independently manageable and ing orphaned apps or changing the app ownership. The
gives the flexibility to choose the layers in any order. Power Platform Center of Excellence starter kit provides
Each of these layers concerns the proactive or reactive functionalities to identify such objects and reassign the
governance or both approaches. It’s important to men- orphaned apps by changing the app ownership or
tion that the governance is not a one-off exercise, it archiving the unused apps.
needs to be constantly reviewed and refined based on the
evolving needs of the organization itself, but also given The same applies to the platform evaluation as the Power
new functionality is provided by Microsoft regularly. Platform is constantly evolving, and new features must
be continuously evaluated to determine how they can be
used meaningfully by the organization.

Compact 2022 4 Digital Trends & Compliance 19

 Platform architecture Figure 5 exemplifies such an environment strategy as
published by Microsoft ([Mora19]). There are multiple
You must know your environment to govern it better. A types of environments that all have different purposes,
Power Platform environment is a space to store, manage, such as:
and share your organization’s data, apps, chatbots, and • Default – This environment is the standard out-
flows, and is tied to a geographic location. Environments of-the-box environment. Each tenant has a default
serve as a container that administrators can use to environment and should be used for personal produc-
manage apps, flows, connections, and other assets, along tivity only and should not be used for critical busi-
with permissions to allow organization members to use ness applications. It is recommended to rename this
the resources. Therefore, start by understanding, and environment accordingly to reflect the purpose.
developing an environment strategy. • Developer – These environments are intended only
for use by the owner, which makes it perfect for the
An environment strategy primarily entails environment development teams to work in isolation on an appli-
provisioning, managing access rights and other layers of cation.
data security, and effectively organizing underlying • Sandbox – These environments are non-production
resources in a way that supports productive develop- environments, which should be used for development
ment in your organization. and testing your development before moving into a
production environment.

Figure 5. Example environment strategy diagram (source: Microsoft).

Communicate with everyone that

Default is not for development of
Everyone critical apps.
Default
is a maker

Developer environments are completely

locked for any other user except the user
Only one user who subscribed to the community plan.
has access Developer Applications can be moved out of the
environment if needed.

Dedicated dev/test/prod environments

for each critical application. Developers
Critical Critical Critical have Environment Maker access in the
Dev team SG Project Project Project dev environment, but only user access in
are makers Dev Testing SG Test End user SG Prod test and prod. End users only have end
are users AND dev team user access to the production solution
only are users so no one can modify the applicatoins.

Shared test/prod environments for

important but medium complex apps can be
Business Shared Shared shared between multiple projects or
Business unit Unit Test Pord business units.
Testing SG All end users,
dev SG (A) Dev Individual projects and business units
(A) are users projects and should always have their own development
are makers
only business units environment to protect data. End users only
(A & B) have basic user access to solutions and
data in production environments.
Testing SG are users only
Important (B) are users
Project dev Project Critical project
only
SG (B) Dev
are makers
Individual project
Personal productivity apps
SG = Security Group

20 Governance of Power Platform – as enabler, not as gatekeeper

• Production – This is your environment where your • Establishing resource permissions for apps, flows,
solutions will be accessed by end users. It is advised and custom connectors at the Resource level.
that the development team does not have any admin • Assign Dataverse security roles.
access to this environment, and it is purely the IT • Defining Cross-tenant inbound and outbound security
team that deploys the solutions to this environment. and compliance concepts, detailing access from and
to the data sources.
Furthermore, assign your admins the Power Platform
service admin role, which grants full access to Power These belong to the proactive governance area; it is
Apps, Power Automate & Power BI. Restrict the creation important to have these defined and implemented
of net-new trial and production environments to properly before the rollout of the platform.
admins. Next, establish the environment management
policy, and processes to request the creation of environ- Monitor
ments, and request access. Clear roles and responsibili-
ties across the organization on support, and ownership. Monitor is the reactive area of the governance approach.
Defining the tiered application models along with It is important to monitor who is accessing your apps
specific lifecycles of apps support. and flows and how these are being used to ensure secu-
rity policies are effective. The Security & Compliance
Besides the environment, understand your organiza- Center can be used to review out-of-box activity logs and
tion’s tenants to govern it better. A tenant refers to the analytics. Configure audit logs and make use of APIs to
container in which all your different environments sit. access logs and leverage management connectors for
Check the tenant settings and harden them as per your powerful reporting.
organization’s requirements.
Alert & Act
Next to it are connectors and on-premise data gateways,
which have a crucial role while interacting with differ- Alert & Act too are the reactive area of the governance
ent systems. Connectors are essentially proxy wrappers approach. It is advised to automate your audit and alert
around the application programming interfaces (APIs) process using Power Automate. It deals with ongoing
provided by services that allow apps and flows to easily monitoring of standard and specific KPIs of your apps
interact with the service. On-premise data gateways and flows across the enterprise to gain meaningful
enables Power Apps and Power Automate to reach back insights into adoption. This greatly helps in discovering
to on-premises resources to support hybrid integration any risks early in the process, identifying and empower-
scenarios. The gateway leverages Azure Service Bus relay ing champions, welcoming new makers, and fostering
technology to securely allow access to on-premises the best practices.
resources. Inside the tenant, within each database
environment – there are data connectors and controls. With the digital innovation and enablement, the Power
These need to be secured with the right roles and per- Platform brings to the organization – both the IT and
missions to ensure the users have access only to the tools risk management functions are quickly overwhelmed
and environments they need. by the number of apps that are built. It is no longer about
one app at a time that undergoes a development lifecy-
Secure cle. Therefore, it is important to automate the policies
outlined, have alerting mechanisms in place, necessary
A major benefit of Power Platform and its integration into actions defined and applied to remediate the potential
the Microsoft ecosystem is that users are automatically risks with the growing number of apps. As an example,
authenticated. It is the key that enables proper govern- create workflows using management connectors that
ance of the Power Platform. Every action maker, and either permit or restrict behavior based on your organi-
Citizen Developers make, happens with an authenticated zation’s Data Loss Prevention (DLP) policies.
account. This means that they cannot go beyond their
granted permissions on SharePoint, Teams, Dataverse
(formerly, CDS, Common Data Service), or any other
system where data interacts. Defining security is funda-
mental to the implementation of the Power Platform
within an enterprise. It contains necessary decisions on:
• Azure AD conditional access at the Tenant level .
• Setting up data loss prevention policies at the Environ-
ment level designed to enforce rules for accessibility of
connectors and access to business data.

Compact 2022 4 Digital Trends & Compliance 21

 Deploy • The fear of security breaches or of not being compli-
ant with regulations results in a reduced, half-hearted
The application lifecycle includes governance, develop- implementation of the Power Platform.
ment, and maintenance. In Power Platform, with Appli- • Regular review and adjustment of the strategy &
cation Lifecycle Management (ALM), you get a bird’s eye vision, governance, and assessment of new features of
view of your projects including requirements manage- the Power Platform are not conducted.
ment, resource management, nurturing and system • Transparent internal communication that provides
administration such as data security, user access, change guidance and information on guardrails and assists
tracking, review, audit, deployment control, and rollback Citizen Developers is missing.
in a way that other approaches fail to deliver. You get • The need for proactive governance is usually known
increased visibility into workflow, enhanced compli- but is only partially implemented and followed.
ance, faster deployments, and higher quality products.
Learn and facilitate the ALM toolset and best practices. Based on our experience, organizations are mostly aware
Solutions are the mechanism for implementing and of proactive governance requirements. Along with IT,
deploying ALM in Power Apps and Power Automate. A Security, and Risk departments, they usually have
solution is either managed or unmanaged. The begin- restricted access according to best practices before
ning state of solution is the unmanaged solution. rolling out the platform. One common mistake is that
Unmanaged solutions are used in development environ- the IT department continues to be put in control of app
ments while you make changes to your application. requests and creation.
Managed solutions are used to deploy to any environ-
ment that isn’t a development environment for that Low-code platforms, therefore, require a clear commit-
solution. It is a finalized solution that can be distributed ment and investment from the whole organization,
and installed. ensuring that the topics described above are not only
implemented “once” and therefore half-heartedly, but
Educate & Support also continue to be developed further. This is the only
way to keep leveraging the full value of the use cases
An overarching aspect of managing Power Platform is over time.
nurturing the continued growth and onboarding of
makers and driving your organization to adopt a digital
culture. A maker is someone who creates and enforces ESTABLISH A CENTER OF EXCELLENCE
business processes, structures the digital collection of
information, improves the efficiency of repeatable tasks, To improve business agility, and productivity in a
and automates business processes. Evangelism, commu- governed, secure, auditable, and manageable way, while
nity, and training are proven ways to create awareness of being compliant with regulatory requirements as well as
the platform’s capability and provide support within an reducing costs, and empowering makers, organizations
organization. At the same time, it is an integral part for should establish a Center of Excellence (CoE). A CoE helps
people in an organization to understand concerns, and organizations focus and align their resources and exper-
regulations that they need to respect. Therefore, it is tise regarding a specific capability to accomplish and
vital to provide well explained, persona-based entry sustain performance and value. CoE is designed to drive
points into the Power Platform. That can be done innovation and improvement, and as a central function
through central communication, as well as providing it can break down geographic and organizational silos.
specific information to new makers to ensure they have
the resources they need to be productive and successful In our view, a Center of Excellence encompasses the
with these tools. To enable people, clear and concise below key areas in the context of Power Platform.
communication is crucial. • Vision & Strategy
• Administration & Governance
• Business Value & Onboarding
EXPERIENCE FROM THE PRACTICE • Nurture, Change & Adoption
• Automation
When approached by organizations who struggle with
leveraging the full potential of the Power Platform We advise businesses to start with a set of workshops to
within their organization, the following patterns are identify the current state and maturity level of the
usually observed: Power Platform within their organization. Post assess-
• The adoption of the Power Platform is either minimal ment – set the target level and define how to go further
or cannot be assessed at all. Key indicators are not on the CoE journey, in a phased approach to realize the
regularly reviewed. value sooner. Our consulting approach covers all the key

22 Governance of Power Platform – as enabler, not as gatekeeper

areas and aims to increase the maturity level of each of References
them separately. [Busi18] Business Wire (2018, January 16). $27.2 Billion
Global Low-Code Development Platform Market 2017-2022 by
Component, Deployment Mode, Organization Size, and Vertical.
Administration & Governance is one of the key areas in the Retrieved from: https://www.businesswire.com/news/
Power Platform journey. Depending on the size of your home/20180116006370/en/27.2-Billion-Global-Low-Code-
organization, consider installing the Power Platform Development-Platform-Market
Center of Excellence Starter Kit (Starter Kit) instead of [Forr20] Forrester (2020). The Total Economic Impact™ of Power
starting from scratch. The Starter Kit should not be misun- Apps. Forrester TEI Report | Microsoft Power Apps. Retrieved
derstood by CoE. The Power Platform Center of Excellence from: https://info.microsoft.com/ww-Landing-Power-­Apps-
Forrester-TEI-Report.html
Starter Kit is a collection of the below set of components,
tools, and templatized best practices designed with the [Gart21] Gartner (2021, February 16). Gartner Forecasts
Worldwide Low-Code Development Technologies Market to Grow
Administration & Governance area in mind. 23% in 2021. Retrieved from: https://www.gartner.com/
a. Core components – Catalog tenant resources, DLP en/newsroom/press-releases/2021-02-15-gartner-forecasts-
Strategy & Visibility, Change app ownership worldwide-low-code-development-technologies-market-to-
b. Compliance components – Sample App audit process, grow-23-percent-in-2021
Archive unused apps, Act based on certain connector [IDC22] IDC FutureScape (2022). IDC FutureScape: Worldwide
usage IT Industry 2020 Predictions. Retrieved from: https://www.idc.
com/research/viewtoc.jsp?containerId=US45599219
c. Nurture components – Onboard new makers, provide
training and share best practices, and encourage [LaBe20] LaBerge, L. et al. (2020, October 5). How COVID-19
has pushed companies over the technology tipping point – and
adoption
transformed business forever. McKinsey. Retrieved from:
https://www.mckinsey.com/capabilities/strategy-and-­
The Power Platform Center of Excellence starter kit acts corporate-finance/our-insights/how-covid-19-has-pushed-
as a foundation element and kick-starts the Power companies-over-the-technology-tipping-point-and-
transformed-­business-forever
Platform admin & governance journey. There are a few
caveats to be mindful of: [Mora19] Moran, D. (2019, October 30). Establishing an
Environment Strategy for Microsoft Power Platform. Microsoft.
• It needs to be separately installed and maintained. Retrieved from: https://powerapps.microsoft.com/en-au/
• The kit itself is not supported by Microsoft. blog/establishing-an-environment-strategy-for-microsoft-­
• Multi-tenant setups need to be planned thoroughly power-platform/
with the starter kit. [Pich19] Pichler, M. (2019, December 19). Update to the Power
• It is a generic template that might not match every Apps and Power Automate Administration and Governance
organization’s requirements. Whitepaper is now available. Microsoft. Retrieved from:
https://powerapps.microsoft.com/en-us/blog/update-to-
the-power-apps-and-power-automate-­administration-and-
Therefore, it is recommended that once the starter kit is governance-whitepaper-is-now-available/
installed and configured within your environment you
[Wong21] Wong, J. et al. (2021, September 20). Magic Quadrant
should consider extending and personalizing it to fit for Enterprise Low-Code Application Platforms. Gartner.
your organization’s requirements as defined by CoE. Retrieved from: https://www.gartner.com/doc/reprints?id=1-
275QSBDL&ct=210813&st=sb

CONCLUSION About the author

Swatantra Kumar MTech, PGDAC, BE is senior manager
With each passing day, the boundaries between business at KPMG. He has over a decade of experience in software
development & delivery, application performance, and
and IT are blurring at an accelerated rate. Business users, solution architecture design. Swatantra has been involved
in many cases without formal programming experience, in digital transformation, DevOps, IT strategy, SaaS & cloud
but with the help of low-code/no-code platforms, are consulting for various organizations in the BFSI and SMEs
building applications with increasing frequency. This sector, and carried out numerous assignments with a wide
range of clients around the globe helping them meet the
growth can have an impact on organizations – both challenges of the ever-changing IT landscape. Swatantra
positive and negative. In the absence of proper govern- heads the solution design and development function and is
ance, this can lead to a large number of unmonitored responsible for citizen development proposition, low-code
applications operating across an organization, poten- services, and Trust by Design framework.
tially compromising data, security, risk, and compliance.
Solid governance serves as a firm foundation to enable a
safe and secure backbone for the digital journey, and to
drive innovation and improvement.

Compact 2022 4 Digital Trends & Compliance 23