DEV Community

Cover image for The LowCode Playbook
david wyatt
david wyatt Subscriber

Posted on

The LowCode Playbook

LowCode or LowCodeNoCode is becoming more and more prevalent amongst business, from small independents to large conglomerates, LowCode appears to be the future.
But like all disruptive technologies, nothing is black or white, and so a strategy and key decisions need to be made before going on the LowCode journey.

Example Case Study - ๐Ÿฆ„ Unicorn Enterprises want to roll out LowCode

1. Who are your Makers?

This is an interesting and often neglected decision, but it sets the direction for your entire LowCode strategy.

Do you want your users to be Citizen Developers or IT professionals.

LowCode can either empower business teams to develop their own solutions, or increase productivity of your IT dept.
They both drive productivity; Citizen develops free up the IT dept to focus on big rocks by picking up the volume of small solutions, supporting IT professionals decreases front end development time and enables quicker requirement changes.

There are a couple of specific advantages to each:

Citizen Develops

  • Built by business, close to the need, the requirements are more accurate
  • Cost of development can be cheaper as no IT professional costs
  • Allows ROI on small solutions

IT Professions

  • Ensures all governance and security processes still covered
  • Increases delivery volumes without decreasing quality
  • Stability (role established and succession planning)
  • Can be cheaper (The Citizen dev could still be expensive and definitely less productive).

๐Ÿฆ„
Currently their IT dept is small and focused on migration of legacy systems. So they decide that a Citizen Developer approach is best, that way the IT department can drive innovation and improvement in core systems, with business needs covered by the business teams.

2. Where do you start?

LowCode covers more than you realise, from websites to apps, to automation and even chatbots. Before you start you need to think of future scope and where you want to start. If you want to do everything then a platform that covers it all (e.g. Microsoft Power Platform), or just apps (like Outsystems). You also have to consider what current systems you have, as you can save time, costs and training if you just extend functionality (e.g. you use Service Now for CRM and then add its LowCode platform).
The final question then is which area to start, this generally should be the area with the most value and/or minimum setup (i.e. if you already have existing team).

๐Ÿฆ„
Currently Unicorn Enterprises wanted to use Automation and Internal Applications, they currently leverage Microsoft 365 and Azure, so with some good negotiations they managed to get the Power Platform at a discount.
They also decided to focus on RPA, as the NoCode aspects of Power Automate is an easier learning curve for the business then LowCode Power Apps.

3. Environment Structure and Access

So you have your maker audience, provider and starting tech, now you need to plan environments and access. These 2 are entwined and need to be a single solution.

  • What roles are you going to have
  • How do people request/get allocated to roles
  • Business area or Geo requirements
  • Dev, Test, Prod organization

๐Ÿฆ„
Out of the box the Power Platform gives all makers (and app users) access to a default environment. You have less control over this environment and this can be a challenge to manage. So they add monitoring to flag high volume users to guide them to managed environments. For simplicity they have started with one Dev, Test, Prod environment group. This way less security groups are needed and it can be scaled out horizontally when needed.
For access they are using the platform, a MS Form for requests, to a flow with an approval workflow. Finally the automation can automatically add user to the security group.

4. Data Loss Prevention (security)

Data Loss Prevention is self explanatory, how do we protect against data loss. This is the biggest threat for LowCode platforms. In themselves they are very secure, but because its users are not as well trained they are the weakest link. Think of a bank vault, with thick walls and blast proof door, but you don't train your guards to check who is entering and what they are removing.
To fix it we must leverage the tools provided to limit what data can be moved and where it can be sent.

๐Ÿฆ„
Data Loss Prevention in the Power Platform is mainly handled by the DLP Policy. This allows you to control what connectors (which is actually url end points) from working at all or working only with other connectors. We can classify each connector as either Business, Non business, or Blocked. Business connectors only work with other business connectors. So Unicorn Enterprise decide to have 5 polices.
Default - very limited with most connectors blocked
Dev - standard connectors with a few in the non business. Customer connector end points only to dev instances of an api.
Test - same as dev but test instances of the api
Prod - same as dev but prod instances of the api
Innovation - all connectors but only used for trial environments doing exploration

5. Integrations

There is a saying, no man is an island, and its the same with software, no system is an island. Everything needs to connect with other systems, it's why we have api's. But you will also find more and more out of the box solutions have built in integrations. A common one is single sign on, with access to system a controlled by another system (Sign in with Microsoft or Google as example). Understanding those integrations and building strong communication between depts is key.

๐Ÿฆ„
To drive adoption the Power Platform is in entwined with Microsoft's other products. SharePoint and Teams use the Power Platform, license provided by Microsoft 365, and access by Azure Active Directory & Security Groups. Each are ran by different teams and each can impact each other by changing and admin setting. To rectify this they are bi monthly meetings to discuss upcoming changes, triage teams on standby for any critical issues. Finally annual meetings around projected growth to support teams budgets and any big projects that may impact other depts.

6. Training and Certification

For LowCodeNoCode its biggest strength is its easy learning curve, with anyone with any background can spin up powerful solutions. But that is also it's biggest weakness, as already mentioned in Data Loss Prevention section, the makers if not trained can expose data. A key part of any role out should be training and certification paths, there are many benefits but the key ones are:

  • Data Loss Prevention - e.g. handle sensitive data correctly
  • Best Practices - improve efficiency
  • Sustainability - build to last
  • Transferability - build to handover
  • Drive adoption - reward top performers

๐Ÿฆ„
Although there are out of the box Microsoft certification for Power Platform Unicorn Enterprises believe it doesn't meat their needs. A times it can push adoption in areas the business is not ready for, it doesn't cover their best practices and there processes. But they do not want to invest in fully replicating the training material so they create a hybrid approach. Microsoft Learn has great material, and what's better its broken up into small modules. Unicorn Enterprises creates its own list of required modules from Microsoft Learn, it then adds it's own supplementary modules for Best Practices, security, documentation and business processes.

7. Intake and Reviews

Its LowCode, with Citizen developers, so why do we need Intake and Reviews? Well actually Intake and Reviews are even more critical, and thats because LowCode isn't one size, its a scale. A Citizen Develope can easily spin up an enterprise level solution, with all the exposure it can cause. But there has to be balance, as the usp of LowCode is democratising development, if we enforce too many controls/processes we may lose that magic.

๐Ÿฆ„
As citizen development is key to their strategy Unicorn Enterprises goes for a 3 tier approach in line with their environment strategy. Below certain use and sharing thresholds the solution stays within the default environment with no review. As soon as they go above and need to go to a managed environment they complete a pre-intake form with key details. It is then decided if they need a full intake or if low risk and complexity continue without. Either way both complete documentation and have a code review to ensure best standard practices and is actually what they say it was

8. Support

Support is key to growing adoption of your solutions, and it covers 3 main areas:

  1. Guides and manuals
  2. Service Desk
  3. Developer time

The best investment should always be in good guides and manuals, as this will decrease the volume of support requests and ensure quicker resolution
A service desk is often forgotten, as its just LowCode, but service requests work by users not tech, the more users the more tickets, so you need an efficient process to gather and track support tickets.
Finally developer time is critical, do you have resources on standby for bugs and support tickets, as a Citizen developer a app is often thought of as an project. It starts and finishes, but software support never ends, so resources need to be available and maintained.

๐Ÿฆ„
As fully invested in Microsoft Unicorn Enterprises decided to leverage the rest of the services available. The guides are all setup on a SharePoint site, with a comments section where people can get community support. They considered making their own ticket system in MS Forms and Power Automate, but they have Dynamics CRM for customers so leverage that for internal tickets too. The support team are given up skilling training to help deal with quick fixes and triaging. To ensure they have developer support they set up a Center Of Excellence, this small team is able to support critical bugs, the rest of the time they drive training, large projects and innovation of the LowCode platform.

Top comments (0)