Cloud computing can save businesses capital and make their operations more agile. But cloud sprawl, which is what happens when a business lets its cloud workloads multiply without oversight, can negate the whole point of moving to the cloud in the first place. Here’s how to stop it.
It’s no mystery why cloud computing has taken the business world by storm. Moving key infrastructure components and applications into the cloud can free a business from the burdens of purchasing and maintaining legacy hardware, such as on-premises servers, reducing costs and making operations more efficient. As a result, about three in four Canadian enterprises have adopted some kind of cloud service.1 But what does remain a mystery for many businesses is how to manage all these services, which if left to multiply unchecked, can all but nullify the benefits they’re supposed to yield.
This phenomenon is called cloud sprawl, and about 90% of organizations are bound to be impacted by it.1 One of its major causes is the popularity of public cloud services, which allow you to use cloud computing resources available over the internet on a pay-as-you-go basis. This makes it convenient for you to spin up a virtual server or some other workload whenever you need it without worrying about scalability.
But all too often, workloads are forgotten after they’re used—and they don’t just disappear. You’re going to keep paying for that workload whether you’re using it or not, and chances are very few of your staff will even know about it. In fact, some of these workloads will have been created without your IT department’s knowledge. It’s even possible for individuals on different teams to sign up for cloud services from different providers without sharing what they’ve done, causing even more confusion.
This means cloud sprawl, the consequences of which are typically thought of as purely financial, can be the result of another phenomenon with even more serious consequences: Shadow IT.
Cloud sprawl and shadow IT
“Shadow IT” refers to employees’ use of applications, be it cloud computing resources or any unvetted software, that hasn’t been authorized by IT, and it can pose regulatory compliance and security issues—and that’s on top of certain compliance and security issues already inherent in public cloud services.
In terms of compliance, many companies actually cite changing governance requirements, including issues around data sovereignty, for why they finally decided to diversify their cloud solutions rather than simply rely on a public cloud.2 Public clouds generally fall short of meeting such requirements. When employees engage in shadow IT, creating cloud sprawl, they can only undermine this diversification and the compliance it seeks to achieve.
In terms of security, any application with access to your business’s data puts that data at risk if the application doesn’t do enough to keep the data secure. This is all too often the case with any shadow IT endeavour, but the blame shouldn’t sit squarely with the employees carrying it out; IT departments themselves are also to blame. First, one of the main drivers of shadow IT is that the employees who engage in it do so because they don’t feel their IT needs are being met by the business. Second, too many IT departments try to mitigate shadow IT reactively instead of proactively, blocking unauthorized applications as they become of aware of them, which often prompts employees to engage in even more shadow IT, adopting potentially riskier applications and services.
And unfortunately, this approach highlights a greater issue separate from shadow IT—that too many IT departments treat security as an afterthought when moving workloads into the cloud often because, not unlike what probably goes through the minds of those who engage in shadow IT, they assume security rests with the cloud provider. But that’s simply not the case as many users of Microsoft 365 have learned.
Preventing cloud sprawl requires having a cloud strategy
As of 2018, 65% of Canadian enterprises have adopted a multi-cloud and/or a hybrid cloud strategy.3 Multi-cloud refers to having more than one public cloud provider to reduce reliance on any one them, whether it’s because you need to ensure your workloads stay up and running if one of them experiences an outage or if the relationship with one of them sours. Hybrid cloud refers to having a mix of different cloud deployment models, such as a private cloud and virtual private cloud (VPC).
How do these diversified cloud options stop cloud sprawl? It seems counterintuitive that the answer to too much cloud would be more cloud. But stopping cloud sprawl isn’t strictly about reducing quantity; it’s about managing quantity. Private clouds and VPCs are dedicated cloud computing environments that offer more control and more predictable billing than public clouds, making it inherently easier to keep track of your cloud usage.
However, that’s not to say that “private cloud sprawl” doesn’t exist. It does, especially in larger enterprises. That’s why preventing cloud sprawl isn’t just about adopting private cloud models. Rather, recognizing them as alternatives to or companions of public clouds is just the first step. The next steps include identifying your current cloud services, creating a cloud-transparency team to stay on top of how many cloud workloads you have at any given time, figuring out your anticipated cloud spend, and finally optimizing your usage.
A cloud strategy is only part of a larger IT infrastructure strategy
Ultimately, your cloud strategy is a subset of your overall IT infrastructure strategy because, believe it or not, you might not want to use cloud computing for certain workloads. Perhaps you have proprietary applications that you want to keep literally as close to home as possible. Physical servers still have their place, and you can either keep them on your own premises or, for added safety and security, house them in a third-party data centre, a.k.a., colocation.
If this all sounds like a lot to figure out, that’s because it is. But it is crucial, and that’s why selecting the right cloud providers—or preferably one provider—is just as crucial. Ideally, you want a single provider that will not only offer you all the cloud and non-cloud infrastructure options you may need, but who can assess your business’s needs, advise you on the right mix of solutions that will work best for your business, and help execute on the strategy, including migration, configuration, monitoring, reporting and more.
To learn how Rogers for Business can help your business eliminate cloud sprawl and adopt a cloud strategy that works for you, contact a representative today. You can also learn more about our data centre and cloud solutions here.