14 Nov 2022

With great Power (Apps) comes great responsibility

3Kites director Jon Howells examines how to avoid making a complex web to disentangle when using Microsoft Power Platform

Shutterstock

Let’s start with a quick review, at a very high level, of the Microsoft Power Platform. Wikipedia defines it as ‘a line of business intelligence, app development and app connectivity software applications'.

So, what does this mean? Included as part of your Microsoft 365 subscription are tools which enable you to create complex reports, workflows, mobile/web applications and external portals/websites, all in a low code environment (we describe low code as a software tool that allows non-developers to create IT solutions). 

Microsoft continues to add to this platform, with PowerBI as perhaps the tool that we are more commonly aware of. 

The use of these additional products (to provide services such as mobile/web applications, client portals and workflow) is becoming more established and, importantly, third parties are looking to the Power Platform to enhance their own products' capabilities. A key feature of this platform is that it is low code, thus removing the need for a developer to create reports, applications and web pages that can easily be shared within your firm and externally. It’s this ease of creation that introduces the risk – let’s discuss this in more depth. 

Rising interest

Interest in utilising the Power Platform within professional services is on the rise and in recent months we have seen solutions expanding beyond client reporting to client portals, administrative workflows, simple databases (such as deals, deeds and wills systems) and client management systems. 

These may be standalone solutions, but additional ‘power’ comes from linking to third party systems to expand upon the functionality of a product or to pull data from multiple sources into one report/application/view. 

In recent meetings with document and practice management suppliers, the move to support and integrate with the Power Platform is evident with PowerBI increasingly being used as the approach to reporting and Power Apps providing functionality that is not available out of the box in some products. 

One practice management system provider has very recently changed its focus to PowerBI over its own purpose-built reporting tool. 

Risk factors

So, what could go wrong? As mentioned earlier, the low code functionality opens the door beyond developers, as anyone with an interest in IT can create an application or a report within the Power Platform. 

While this is a great strength, it also exposes several risks. The most common issue we have seen to date involves the ongoing management of items in the Power Platform, with multiple examples of reports that have been created without the knowledge of the IT/reporting teams.

If the original report creator leaves the firm, who then becomes responsible for maintenance of the report? This often results in a knock on the virtual door of the IT team, with the expectation that they will assume responsibility for the report without any prior knowledge of its existence.

In a number of instances, these reports have been shared with clients, putting teams under pressure to support what has become a standard report in the clients’ eyes. 

The Power Platform is open to anyone with an Office/Microsoft 365 account, and in most firms now that means pretty much anyone within the firm could start to create reports, applications or workflows. 

Awareness

We are not proposing that access to these tools is blocked, but instead awareness is raised of how they should be managed and in some cases access to certain databases blocked.

In the same way that firms have grappled with policies for the use of SharePoint and now Teams, something similar is needed with the Power Platform. Key questions to consider are: 

  • If a workflow or a report is intended for personal use, is this a problem? 
  • Should departments be responsible for maintenance of workflows they have created rather than business support teams? 
  • Should Power Platform products be shared with clients? 
  • Should a central repository of selected developed solutions be maintained? 
  • Should any Power Platform products be reviewed and signed off by a central team before they are used? 
  • If useful solutions are being built, how is knowledge of these shared to save recreating the wheel? 
  • Are new repositories of data being created which may contradict other data sources (how to ensure a single version of the truth is maintained)?  
  • If linking to data sources, are they being interpreted incorrectly? 

Whilst developers are not necessary in a low code environment, a developer (or similar) who understands the firm’s processes, data and database structures can add significant value to any solution being considered. 

Misinterpretation of the data is perhaps the biggest risk in any developed solution. Full access to all pertinent information is required to ensure correct decisions/assumptions are being made. 

Expanding functionality

Before starting to utilise any of the Power Platform products, licensing is a further consideration (which won’t come as a surprise to anyone with Microsoft Licensing experience). There are lots of components to the Power Platform and while Microsoft provides access as part of a Microsoft 365 subscription those wishing to expand functionality, for example linking to an external database, may find additional licenses or usage costs are required. 

The purpose of this article is not to cast a negative light on the Power Platform (or other low code products) if used correctly, it has the potential to enhance business processes and allow firms to utilise its data further. However, without considering how to utilise these tools responsibly it could quickly become a considerable web to disentangle.   

Jon Howells is a director of 3Kites. This is the 13th article in the series Navigating Legaltech

--------------------

About 3Kites and Kemp IT Law
3Kites is an independent consultancy, which is to say that we have no ties or arrangements with any suppliers so that we can provide our clients with unfettered advice. We have been operating since 2006 and our consultants include former law firm partners (one a managing partner), a GC, two law firm IT Directors and an owner of a practice management company. This blend of skills and experience puts us in a unique position when providing advice on IT strategy, fractional IT management, knowledge management, product selections, process review (including the legal process) and more besides. 3Kites often works closely with Kemp IT Law (KITL), a boutique law firm offering its clients advice on IT services and related areas such as GDPR. Where relevant (eg when discussing cloud computing in a future article) this column may include content from the team at KITL to provide readers with a broader perspective including any regulatory considerations.

Top