Enterprise Governance Needs Urgent Transformation to Support the Digital-First Economy and Move to Low-Code

  • Accelerated embrace of digital channels and workflows prompts need to revisit governance strategies and systems
  • Automation and low-code platforms support key goals of governance while freeing a broad spectrum of developers and business experts to pursue innovation
  • Third-party experts say existing governance models are “failing,” “killing innovation,” and “delivering substandard results”

BOSTON – October 27, 2021 — IT governance urgently requires a seismic shift in its approach to overseeing technology adoption to protect and deliver value in today’s transformed, digital-first enterprises, according to Mendix and leading research firms and business experts. A recent Gartner survey[1] found that 70% of cross-functional leaders say their companies’ governance models are not designed to fit the needs of digital business teams. Additional reports by the Harvard Business Review, MIS Quarterly, and IGI Global pulled no punches, flatly stating that widely practiced governance protocols are “failing,” “killing innovation,” and “delivering substandard results” when measured against enterprise KPIs and mission-critical business goals.

The concept of IT governance emerged in the early 1990s. Initially, IT governance had three key objectives: Make certain that technology generates business value, oversee management’s performance, and mitigate risk associated with technology use.

Over time, the standard governance models have become bloated and heavily weighted toward risk mitigation, to the detriment of other goals. “More often than not, teams following legacy policy and procedures run into roadblocks. Even though well-intentioned, at scale these governance models are causing procedural knots, delays, and denial of resources,” said Jon Scolamiero, Mendix’s manager of architecture & governance. “The results speak for themselves — IT governance, as it currently operates, isn’t working. We must dramatically change how we construct and apply these models, especially in light of the exponential rate of technological change we face daily in IT.”

The past 18 months have seen a radical shift in technology priorities, largely catalyzed by the pandemic. The goals and tools have changed and governance needs to catch up.  Restrictive governance guidelines conceived before the ascent of today’s digital-first economy can

hamper business value and productivity and threaten the sustainability of enterprises seeking competitive advantage in an economy characterized by accelerated digitalization, a shortage of developer talent, and new automation and low-code platforms that empower citizen developers who may or may not have sufficient IT oversight.

This push for rapid digitalization has fueled widespread adoption of automation platforms, including low-code application development platforms, by global enterprises. Forrester analysts expect that, by year’s end, 75% of all enterprise apps will be built with low-code. For organizations to remain viable and competitive, a transformed IT governance model that goes back to the initial goals of IT governance and adopts core principles of expanded collaboration, communication, abstraction, and automation needs to be the foundation for high performance digital solutions— solutions that are force multipliers driving increased business value and market standing.

Switching from mandated to embedded governance

Simply put, IT governance is the agreed-upon framework an enterprise adopts to solve a specific set of business problems using information technology. While such frameworks should embody the values and goals of an entire organization, in practice, the research shows they typically emerge as a top-down series of mandates issued by departments according to reporting lines of authority.

This may have been useful when IT professionals were the sole developers of digital solutions. However, as Gartner reported in “Balancing Autonomy With Control: New Governance Models for Digital Businesses,” there are now more technology partners creating applications who are outside of IT. Gartner documents this changing nature of work, in which 41% of technology producers are citizen developers in business units creating new applications and custom integrations for their teams, departments, and other end-users; just 10% of technology producers work in either central or business unit IT.

Truly enterprise-ready all-in-one low-code development platforms should be explicitly designed to address and support this transformation in business operations and processes, returning the focus back to delivering value. They can do this by embedding governance capabilities so that the work of business experts, developers, and BizDevOps is not impeded as they plan, build, test, deploy, and maintain digital solutions, while still being transparent & manageable.

Embedded platform tools provide administrators with real-time control over the entire landscape without inhibiting productivity. These tools can include system-wide alerts, observability and monitoring dashboards, permission settings and project role configuration.   More advanced options such as AI-assisted software development, automated testing, customizable workflows/pipelines, and automated portfolio quality and performance monitoring also contribute, creating a series of automated governance guardrails customized for each organizational initiative.  This “shift-left” approach keeps people, processes, portfolios, and platforms all pushing in the same direction, ensuring IT’s standards for quality assurance and performance management are made automatic for the expanded pool of citizen developers.

“The process of portfolio rationalization is streamlined when a platform embeds expected value and compliance during application development,” said Scolamiero. “For example, the business manager does not need to worry if an application follows OWASP standards for web security or GDPR regulations, because those questions were automatically and rigorously vetted as part of its build-out.  Even better is having the portfolio-wide business value, solution quality, and business capabilities surfaced. In this way, embedding modern governance models grant technology producers the permission to operate.”

Additionally, these modern governance models elegantly remove the risks posed by shadow IT.  They surface data to evaluate and prioritize projects, resources, and budgets. They provide enterprises with the framework to scale, speeding ROI and time-to-market for secure digital solutions. Moreover, they support a whole new level of collaboration across silos, oriented around business results.

Fortifying security and compliance while enabling resilience and agility

Security measures, while often confused as synonymous with governance, remain essential components of every digital operation. Vertical sectors, such as insurance, healthcare, banking, and finance, have compliance requirements specific to their industry needs. Businesses are subject to local data privacy requirements in the jurisdictions in which they operate. And, as more consumer-facing services are digitalized, private and public sector organizations are increasingly vulnerable to cyber hacking; the recent data breach of Microsoft’s Power Platform exposed more than 38 million government and corporate records. “Such news underscores the essential role of governance to secure and deliver high-performance outcomes across the technology stack by participating teams of developers and end users,” says Frank Baalbergen, chief information security officer at Mendix.

By “shifting left” third-party validation, security settings, and data privacy requirements for software developers and BizDevOps managers alike, these new  governance models bridge the seemingly disparate priorities of risk mitigation and rapid adoption of next-generation technology. Enterprise-ready all-in-one low-code development platforms can make this effortless through seamlessly enabling vulnerability assessments, penetration testing, and logging audits to make deployment pipelines flexible and seamless.

“I firmly believe, and our customer’s experiences show, that this new approach to governance enables everyone working under its principles to be happier and more productive,” Scolamiero concludes, “because so much red tape has been removed from their lives. They are empowered to achieve results and measure outcomes in nearly real time, which just feels good.”

Additional Resources

To further explore the issues raised by current IT Governance models, please see Mendix’s five-part blog series by Jon Scolamiero, beginning with IT: Governance — Why it Needs to Change. For a detailed blueprint on how to change governance models for the enterprise, download the Mendix eBook, “Your New Governance Framework.

In Case You Missed Mendix World 2021

Mendix World 2021 was the largest gathering of low-code technologists, practitioners, and fans ever. If you missed it, you can still view the must-see keynotes, get briefed on all the powerful new low-code capabilities that are transforming the digital landscape, and watch the  [90+] sessions and demos presented by development experts, customers, and partners on every important low-code technology and topic. Register and view the Mendix World 2021 archive.

[1] Balancing Autonomy With Control: New Governance Models for Digital Businesses – Gartner, 2020

    About Mendix

    Mendix, a Siemens business, is the only low-code platform designed to address the full complexity of enterprise software development challenges. Deploying point solutions to departmental problems solves things at a micro level—but if you want to make a significant impact on your business, you need to go bigger and build powerful portfolios that move the needle sustainably and strategically.

    With Mendix, enterprises can take on more complex, transformational initiatives by engaging everyone in capturing requirements, forming ideas, and embedding value assessment throughout the lifecycle of the software portfolio.

    Focus on the right problems while relying on governance and control to avoid unnecessary risk. Mobilize your organization. Build the change readiness muscle. And when the next big idea drops, turn it into an outcome quicker.

    More than 4,000 organizations in 46 countries use the Mendix low-code platform. An active community of over 300,000 developers has created over 950,000 applications – and counting.