Ty Shewmake, CTO at VeilSun, discusses the final installment of his approach to no/low-code governance, and how to establish an effective no/low-code governance framework in this three-part series.
In part 1 of this blog, I talked a little bit about what’s new and exciting in the no/low-code development world. Part 2 was all about how to think about and shape your organization’s right-sized governance. In this final installment, we’ll put it all together—creating a governance framework and transformation plan.
Many IT organizations, used to their traditional and comfortable Systems Development Life Cycle (SDLC), are resistant to no/low-code. I believe they think no/low-code lacks the governance required to consistently produce quality web software.
Nothing could be further from the truth.
There, I said it. As someone developing and managing software development for more than 20 years, I believe out of the box, no/low-code apps (at least those built in Quick Base) are far more governed and secure than traditionally-developed web software.
So, what’s going on here with IT?
In many cases, IT’s problem with the no/low-code world is that they perceive there’s a lack of a no/low-code development governance process. Assuming this is correct, and that governance is important, let’s explore what no/low-code governance can be.
At a very high level, most organizations’ software quality goals aim to satisfy these 5 key software quality goals:
You may have more goals. You may have fewer goals. However, if you nail these 5, you should be in good shape. So, where do we begin with no/low-code? We’ll begin with a concept called the “LCSDLC”.
As a developer, I’m pretty used to the good old traditional Systems Development Life Cycle (SDLC). It really did help IT developers crank out reliable and secure software for more than 20 years. It’s structured, understandable, and auditable. It’s been what IT has hung its hat on for a long, long time. Developers are schooled on it. Managers are certified in it. It’s the way IT does software.
However, I don’t think the old SDLC quite fits the new no/low-code world, “as is”.
The traditional IT SDLC assumes a consistent level of expertise, training, certification, and experience across developers—something not always present in the no/low-code world. So a bit more oversight is probably in order.
The traditional SDLC process looks something like this, as it applies to a professional IT developer developing an online application:
Makes sense, right? There are various versions of this SDLC, but you probably get the gist.
The SDLC is a powerful tool. As part of a wider quality framework it should be part of your no/low-code world, it’s the centerpiece of quality assurance.
“But, ‘Low-code is not traditional web development’,” you say. Yep, you’re right.
Unlike traditional IT web development, no/low-code development moves at the speed of thought. So, the question is, can we adapt the traditional SDLC, pare it down here, bulk it up there, and dust it off for no/low-code success? Yes. Because software quality is all about process, we can create a new LCSDLC (Low-code Systems Development Life Cycle).
So, at VeilSun we’ve done this—and at 10,000 feet it looks something like this:
Though we’ve added 3 (audit) LCSDLC steps, we’ve also drastically reduced the depth of detail of the original 6 SDLC steps to require far less effort. Low-code builders won’t go as deep—nor do they need to.
In practice, your LCSDLC process should be lightweight and nimble. It should never slow progress and should result in Web software quality that far exceeds the quality of traditional development. Whether it’s 3 steps or 12, it should be template-driven, and easy to use.
So, how do you get there? In a nutshell, it’s very difficult to manage governance without using a Quick Base governance application to direct your LCSDLC development process workflow.
Every builder (IT or otherwise) embarking on the development of a no/low-code app should be required to begin a workflow event in your governance app that overlays a best practice governance template to their development initiative.
Simple apps use simple templates. More complex apps (or those that access corporate or external data) are necessarily more detailed.
The driving principle is the fact that all no/low-code development work should be a governed process.
At the end of the day, the organization’s governance application should accomplish the following as development of a new app begins:
Your compliance app directs effort, educates builders, promulgates and documents standards, and measures compliance against standards—while at the same time allowing no/low-code development to move at its own blinding speed.
A governance application should be the cornerstone of every no/low-code governance process—for organizations using builders, vendors, or internal IT developers. Again, governance should not be an onerous process, and by using Quick Base’s incredible workflow capabilities, governance can be extremely lightweight.
It’s 8:00AM on a Saturday morning. After you get a cup of coffee, you log in and the first thing you see in Yahoo News is a piece talking about yesterday’s EasyMerge.io creds hack (not the real name). In the back of your mind, you know that some of your 45 Quick Base apps connect to EasyMerge.io but you can’t remember which ones. You call your lead developer but can’t reach her. Five minutes later, your boss calls and asks, “Do we connect any apps to EasyMerge.io?”
When all your no/low-code apps are cataloged and described in your governance app (along with all external connections and dependencies), you can instantly assess and mitigate risk without having to ask questions.
Smart organizations leverage no/low-code builders—people from diverse backgrounds, jobs, and experience levels to build their Web apps. Internal business people and vendors, along with traditionally-trained IT developers, can all successfully build secure, maintainable, and high-performance no/low-code apps in a governed environment.
While the LCSDLC governs development, the way you implement no/low-code transformation can dramatically affect your no/low-code ROI.
Your LCSDLC is important, but it’s only part of your wider no/low-code governance framework. Whether your organization has 1 or 1,000 Quick Base apps, you’ll want to implement your LCSDLC as a part of your holistic governance process.
As a process, it should be treated as a project. The typical VeilSun governance framework project process includes these 8 phases:
During Discovery/Inventory, the organization inventories/identifies:
At VeilSun, during Discovery we’ll typically install our “VeilSun Enabled Framework” Quick Base governance application to manage the no/low-code transformation process.
This governance application helps us (and the organization) closely manage and monitor each phase of its low-code transformation, and subsequently, each low-code development project.
Every organization’s governance program is different. During Governance Design, the organization works with stakeholders to develop right-sized governance standards required by the business while designing governance review and audit processes that enforce those standards.
Governance Design includes:
This phase defines the basics of the organization’s LCSDLC framework and produces app development governance process templates.
During the Blueprint Phase key users and leadership collaborate to create, review, approve, and resource a comprehensively written enterprise low-code development/redevelopment plan containing:
VeilSun typically develops and deploys one small “Killer App” to help the enterprise embrace the vision of its low-code future (if required).
During this phase, the organization trains and certifies the following positions in their relevant aspects of low-code development:
A development production schedule is established, and development assigned based on complexity and risk. As training is completed and governance is established, VeilSun typically coaches and mentors developers (IT, vendor, and citizen) throughout application design and development as required. VeilSun also provides development/integration expertise.
VeilSun trains selected, talented individuals on more complex development strategies and integration methodologies.
Establish an Ongoing Development Program to provide additional development resources, training, and oversight.
The SDLC that served IT so well for so long can be adapted to assure quality in your governed no/low-code transformation by becoming a lightweight, understandable, check-the-box process.
An optimal LCSDLC provides a common frame of reference for new builders, IT, security people, and management. It bridges the gap between IT and builders and removes barriers to no/low-code adoption.
If your organization already has a ton of Quick Base apps, all is not lost. You can always retrofit governance standards and begin the march toward a more managed no/low-code world.
Governance should never be too much work. The alternative is far worse.
VeilSun is a professional services firm that has helped hundreds of organizations over the last 12 years successfully navigate their no / low-code transformations. VeilSun Low-Code Enterprise (VLE) service is a new framework that provides a quick-start to small and large organizations embarking on (or enmeshed in) their transformation.
Contact us any time to chat about your organization’s no / low-code transformation.