Overviewing SAP Build Governance Capabilities

Objectives

After completing this lesson, you will be able to:

Explain the need for governance during citizen development
Describe the governance triad
Identify the governance capabilities of SAP Build

Governance and Citizen Development

Good governance of citizen development is essential for low-code success. While low-code tools revolutionize the application and process development experience, they also introduce new challenges for IT and business leaders. The IT organization must ensure that no shadow-IT arises and that citizen developers are enabled to build applications that are secure, scalable, and compliant with corporate standards. This enablement not only includes early stakeholder involvement, but also specific training and certification programs targeted at citizen developers with robust and concise documentation and guidelines. These are the essential elements on the pathway to successful citizen development.

Good Governance of citizen development is essential for low-code success.

Shadow-IT is a known topic among corporate IT professionals. It is frequently used when employees, seeking to address specific needs or improve efficiency, bypass official channels and use unsanctioned software. Shadow-IT can also occur when sanctioned low-code tools are used without any oversight. While it is tempting to quickly start building with low-code when you realize how fast it is possible to create solutions, an ungoverned environment can pose several risks and challenges, including:

Security risks
Compliance issues
Lack of integration
Inefficient resource utilization/risk of proliferation and redundancy
Unsupported solutions
Loss of control

Governance of low-code platforms and citizen development can mitigate these risks by establishing clear policies and processes for technology usage, communication channels, and providing user enablement.

The Governance Triad at a Glance

Let's look at what governance consists of by looking at the Governance Triad:

The Governance Triad:

People: This element represents the roles and personas involved in your organization. It includes IT professionals, line of business contributors, and other key players that form fusion teams. These fusion teams are typically cross-functional and can involve both technical and non technical members such as a professional developer and a business person aspiring to be a citizen developer. In this context, the establishment of a low-code Center of Excellence (CoE) is essential. The CoE provides guidance, oversight, and support to teams developing with tools like SAP Build and is responsible for overall governance, training and development, quality assurance, and solution lifecycle management. It ensures that low-code innovation aligns with your business needs and priorities.
Process: The Process element of the Governance Triad involves the creation of an IT Trust Blueprint. This blueprint sets out the rules, processes, and guidelines for using low-code tools and methods, ensuring that innovation efforts align with IT policies and procedures. It defines processes for data security, compliance, and governance, and establishes clear roles and responsibilities for IT and business stakeholders. Also, discovering, sharing, and implementing best practices should form part of your process. This could include defining standards for solution architecture, testing, and deployment, and ensuring that these practices are consistently applied. Training for citizen developers and professional developers alike will also be important to improve the building experience and handle more complex use cases.
Tools and Technologies: The final aspect of the triad encompasses tools and technology. This element focuses on adopting extensible DevOps practices, curating APIs, managing access and authorization, lifecycle management, testing, and monitoring. These practices ensure that low-code solutions are scalable, secure, and effective. The usage of tools such as continuous integration and delivery (CI/CD), version control, and automated testing support rapid prototyping, testing, and deployment, and ongoing management. For secure and effective API utilization, establishing clear standards for API development and use is vital. To meet data privacy requirements, access and authorization management are diligently enforced. Lifecycle management involves setting clear rules and processes for solution development, testing, deployment, and maintenance. To identify and address issues quickly, regular testing and monitoring are key, with tools such as log monitoring and real-time analytics enhancing solution performance.

Governance in SAP Build

All three elements of the governance triad (people, processes, technology) are ultimately governed by the IT organization. SAP envisions that a successful scaling of SAP Build across the enterprise can be best supported by installing an IT-led Center of Excellence (CoE).

Scaling SAP Build across the organization can only be achieved in a governed approach, and it applies both to citizen and professional developers. The SAP Build Center of Excellence is responsible for the following tasks:

Scale Development Safely: This aspect involves implementing guardrails with built-in security, curated APIs, and Action Projects, in addition to using prebuilt artifacts and use case content packages. It also includes the configuration of policies, approvals, and development processes. All these elements are crucial to safe scale development within an organization while maintaining security and efficiency.
Low-Code DevOps: Low-Code DevOps is about integrating enterprise-class DevOps into your processes. This involves incorporating use-case-appropriate project lifecycle management capabilities and CI/CD into your development cycle. This holistic approach ensures efficient development and deployment of solutions across your organization.
IT and LoB Collaboration (Fusion Development): Fusion development focuses on fostering dynamic collaboration among different players within the organization. This means creating cocreation models and capabilities that promote collaboration between IT, Line of Business (LoB) developers, and citizen developers. This collaborative approach maximizes the utility and applicability of the solutions developed.
Governance Operations: This facet of the CoE responsibility is about operationalizing governance. It involves establishing and leveraging CoE and Community of Practice (CoP) frameworks, and using methods and toolkits to effectively enable builders of all skill levels. This approach ensures that everyone in the organization is enabled and the governance strategy is effectively operationalized.

Introducing the Prebuilt Digital Center of Excellence Toolkit for SAP Build

For simply jump-starting a governance program and a SAP Build CoE, SAP provides a prebuilt Digital Center of Excellence toolkit for SAP Build. This toolkit is a set of prebuilt artifacts that can be used to quickly establish a governance program and a SAP Build CoE, by leveraging a SAP Build Work Zone. The toolkit helps IT admins to manage and collaborate with citizen developers and to create an entry point for everything low-code builders need to be successful. The toolkit includes.

Summary

Governance is crucial to successful citizen development, preventing the rise of shadow-IT and ensuring applications are secure, scalable, and compliant with corporate standards. The governance model revolves around the "Governance Triad", comprising people, processes, and technology. The SAP Build platform supports this governance with features such as the IT-led Center of Excellence (CoE), which aids in safe scaling of development, integration of Low-Code DevOps, fusion development, and operationalized governance. In addition, the prebuilt Digital CoE toolkit for SAP Build facilitates a swift setup of a governance program and a SAP Build CoE, further promoting efficient and effective low-code development.