The democratization of the cloud within the enterprise has freed operational costs, productivity, and innovative possibilities across departments that have formed the basis for digital transformation. The downside is, that freedom has led to unchecked cloud sprawl that is hampering security and cost containment. In fact, 53 percent of all cloud users and 64 percent of mature cloud users estimate that 30 percent of cloud spend is wasted, according to the RightScale 2017 State of the Cloud Report.
Cloud sprawl is the unchecked growth of cloud-based computing resources at a rate that surpasses the requirements of the existing user base. When cloud sprawl is left unchecked, it can cause problems for the organization in question. For this reason, properly managing and controlling cloud sprawl is a necessary part of a comprehensive IT strategy. Use the checklist below to develop an actionable plan for managing and controlling cloud sprawl at your organization:
1. Clearly Define and Communicate the Cloud Strategy
Before you can address cloud sprawl, you must first create an implementation plan and communicate the details, associated costs, and benefits to end users and stakeholders alike. This means managing migration and use policies, role-based access control, and much more. Establishing accurate expectations upfront will help ensure a seamless implementation process.
CISOs must explain the elements of risk-based granular security policies/enforcement to business managers to define how business processes should and shouldn’t work.
The CFO and IT department must have ongoing communication about protocols for funding that clearly defines mission-critical investments from executives who support innovation and growth.
Lastly, managers and department heads should be involved in defining the cloud strategy. They must then receive clear communication on defined policies and protocols that must be communicated to employees in writing. These are critical aspects of a successful strategy in an age where businesses must find ways to optimize their hybrid cloud architecture.
2. Develop a Cloud Migration Strategy
In many ways, the cloud migration strategy will pave the way for safeguards against cloud sprawl if handled correctly. Cloud migrations have many moving parts, so the strategy has to be carefully planned up front. That means having a thorough understanding of which workloads to move where and why they should be moved, as well as when and how.
3. Conduct Regular Cloud Audits
Cloud services health checks are a major key to curbing cloud sprawl, as they cover all aspects of cloud services, including:
- VM instances
- All other infrastructure components
A cloud audit involves locating potential risks, accounting for updated security requirements and policies, finding weaknesses and vulnerabilities, evaluating controls, and creating a risk assessment plan to address all these factors. This helps ensure that any proposed cloud changes are in-line with the company’s overarching security policies, compliance standards, and user needs.
4. Implement Role-Based, Automated Identity Management
Based on the cloud strategy and policies, businesses should enact a strong governance framework for provisioning and consuming cloud services based on roles within the company. That means establishing role-based access control policies that clearly articulate who has the authority to create new VMs.
It is also important to have identity access management in place based on roles for apps and services. This will enable staff onboarding as well as cloud services and access provisioning across the organization. By making these practices part of the BYOD policy for secure access, organizations can balance security, productivity, and agility while reinforcing policies that help prevent cloud sprawl.
5. Develop Cloud Policy and Protocol Triggers
In the digital business, cloud policies are fundamental to controlling cloud sprawl. These can include:
- Controls that enable automatic shutdown and de-provisioning of workloads and unnecessary VMs after a certain time.
- BYOD policies that govern how devices are used to access applications and other cloud services.
- VPN use policies for remote workers accessing SaaS solutions.
Whether it is developer groups, departments, or even individual employees, the ease with which anyone in the enterprise can utilize cloud services via the enterprise network continues to increase shadow IT challenges. A recent IT decision maker survey from web gateway platform provider iBoss shows that 87 percent believe that employees are accessing cloud applications without informing IT.
These are just some of the triggers that show how demands for greater access, agility, and collaboration in the modern enterprise will continue to make cloud sprawl a growing problem over time. The best solution for these seemingly disparate problems that all connect to the cloud is to create a holistic approach to cloud management. The ideal scenario is to bring together discovery, education, technology, protocols, and governance so that cloud management can adapt to the changing needs of the organization.
Creating a Holistic Approach to Cloud Management
While all of these policies and protocols go a long way toward preventing cloud sprawl, they all must be backed by a platform that makes it possible to manage numerous cloud providers holistically. FNTS’s Navigator is a solution for businesses that uses a streamlined single-pane-of-glass approach to managing and standardizing security policies and controls across hybrid and multi-cloud strategies.
Navigator provides an approach for ensuring the standardization of policies, procedures, governance, and cybersecurity workflows and controls. This includes the ability to collect, analyze, consolidate, and report performance and utilization metrics for better usage and cost transparency.
Cloud sprawl is actually a symptom of a much larger challenge: the lack of a unified approach to providing transparency, communication, monitoring, and governance of all aspects of cloud use across the business. The goal is to create a cloud strategy that incorporates all five of these individual strategies into a holistic approach governed by an end-to-end solution like Navigator. This enables businesses to enact multi-cloud management best practices that make the most of cloud resources while minimizing costs and waste.