IT governance urgently requires a seismic shift in its approach to overseeing technology adoption to protect and deliver value in today’s transformed, digital-first enterprises, according to Mendix and leading research firms and business experts.
A recent Gartner survey found that 70 per cent of cross-functional leaders say their companies’ governance models are not designed to fit the needs of digital business teams.
Additional reports by the Harvard Business Review, MIS Quarterly, and IGI Global pulled no punches, flatly stating that widely practiced governance protocols are “failing”, “killing innovation”, and “delivering substandard results” when measured against enterprise KPIs and mission-critical business goals.
The concept of IT governance emerged in the early 1990s. Initially, IT governance had three key objectives: Make certain that technology generates business value, oversee management’s performance, and mitigate risk associated with technology use.
Over time, the standard governance models have become bloated and heavily weighted toward risk mitigation, to the detriment of other goals. “More often than not, teams following legacy policy and procedures run into roadblocks. Even though well-intentioned, at scale these governance models are causing procedural knots, delays, and denial of resources,” said Jon Scolamiero, Mendix’s manager of architecture & governance. “The results speak for themselves — IT governance, as it currently operates, isn’t working. We must dramatically change how we construct and apply these models, especially in light of the exponential rate of technological change we face daily in IT.”
The past 18 months have seen a radical shift in technology priorities, largely catalysed by the pandemic. The goals and tools have changed and governance needs to catch up. Restrictive governance guidelines conceived before the ascent of today’s digital-first economy can hamper business value and productivity and threaten the sustainability of enterprises seeking competitive advantage in an economy characterised by accelerated digitalisation, a shortage of developer talent, and new automation and low-code platforms that empower citizen developers who may or may not have sufficient IT oversight.
This push for rapid digitalisation has fueled widespread adoption of automation platforms, including low-code application development platforms, by global enterprises. Forrester analysts expect that, by year’s end, 75 per cent of all enterprise apps will be built with low-code.
For organisations to remain viable and competitive, a transformed IT governance model that goes back to the initial goals of IT governance and adopts core principles of expanded collaboration, communication, abstraction, and automation needs to be the foundation for high performance digital solutions — solutions that are force multipliers driving increased business value and market standing.
Switching from mandated to embedded governance
Simply put, IT governance is the agreed-upon framework an enterprise adopts to solve a specific set of business problems using information technology. While such frameworks should embody the values and goals of an entire organization, in practice, the research shows they typically emerge as a top-down series of mandates issued by departments according to reporting lines of authority.
This may have been useful when IT professionals were the sole developers of digital solutions. However, as Gartner reported in Balancing Autonomy With Control: New Governance Models for Digital Businesses, there are now more technology partners creating applications who are outside of IT.
Gartner documents this changing nature of work, in which 41 per cent of technology producers are citizen developers in business units creating new applications and custom integrations for their teams, departments, and other end-users; just 10 per cent of technology producers work in either central or business unit IT.
Truly enterprise-ready all-in-one low-code development platforms should be explicitly designed to address and support this transformation in business operations and processes, returning the focus back to delivering value. They can do this by embedding governance capabilities so that the work of business experts, developers, and BizDevOps is not impeded as they plan, build, test, deploy, and maintain digital solutions, while still being transparent & manageable.
Embedded platform tools provide administrators with real-time control over the entire landscape without inhibiting productivity. These tools can include system-wide alerts, observability and monitoring dashboards, permission settings and project role configuration.
More advanced options such as AI-assisted software development, automated testing, customisable workflows/pipelines, and automated portfolio quality and performance monitoring also contribute, creating a series of automated governance guardrails customized for each organizational initiative.
This “shift-left” approach keeps people, processes, portfolios, and platforms all pushing in the same direction, ensuring IT’s standards for quality assurance and performance management are made automatic for the expanded pool of citizen developers.
“The process of portfolio rationalisation is streamlined when a platform embeds expected value and compliance during application development,” said Scolamiero. “For example, the business manager does not need to worry if an application follows OWASP standards for web security or GDPR regulations, because those questions were automatically and rigorously vetted as part of its build-out. Even better is having the portfolio-wide business value, solution quality, and business capabilities surfaced. In this way, embedding modern governance models grant technology producers the permission to operate.”
Additionally, these modern governance models elegantly remove the risks posed by shadow IT. They surface data to evaluate and prioritize projects, resources, and budgets. They provide enterprises with the framework to scale, speeding ROI and time-to-market for secure digital solutions. Moreover, they support a whole new level of collaboration across silos, oriented around business results.
Fortifying security and compliance while enabling resilience and agility
Security measures, while often confused as synonymous with governance, remain essential components of every digital operation.
Vertical sectors, such as insurance, healthcare, banking, and finance, have compliance requirements specific to their industry needs. Businesses are subject to local data privacy requirements in the jurisdictions in which they operate.
Also Read: Top 3 Big Data Challenges For Enterprises
And, as more consumer-facing services are digitalised, private and public sector organisations are increasingly vulnerable to cyber hacking; the recent data breach of Microsoft’s Power Platform exposed more than 38 million government and corporate records. “Such news underscores the essential role of governance to secure and deliver high-performance outcomes across the technology stack by participating teams of developers and end users,” says Frank Baalbergen, chief information security officer at Mendix.
By “shifting left” third-party validation, security settings, and data privacy requirements for software developers and BizDevOps managers alike, these new governance models bridge the seemingly disparate priorities of risk mitigation and rapid adoption of next-generation technology. Enterprise-ready all-in-one low-code development platforms can make this effortless through seamlessly enabling vulnerability assessments, penetration testing, and logging audits to make deployment pipelines flexible and seamless.
“I firmly believe, and our customer’s experiences show, that this new approach to governance enables everyone working under its principles to be happier and more productive,” Scolamiero said, “because so much red tape has been removed from their lives. They are empowered to achieve results and measure outcomes in nearly real time, which just feels good.”