cloud sprawl





The multitude of cloud services now available has resulted in the increasing adoption of multi-cloud strategies by businesses of all sizes. IT departments are now working in conjunction with several cloud providers to construct tailor-made cloud solutions that fit the needs of the business.  


But trying to manage and integrate large numbers of different cloud services is not easy. IT departments may begin to feel like they are “spinning plates” in an effort to keep operations running smoothly. This increased strain on the IT department can lead to inefficiencies and perhaps more worryingly, security weaknesses.


The scale of the problem


A survey conducted by NTT communications found that among a group of 500 senior IT decision makers, 73% reported that they find it difficult to manage their organisations cloud platforms. Three-quarters said that departments within their organisation have commissioned a cloud service without the involvement of the IT department.  


Furthermore, 83% of respondents use the free versions of Dropbox and Google Drive to store company information without prior approval which raises clear security and data compliance issues. This is often referred to as shadow IT or cloud sprawl, where excess workloads are being run without the company’s knowledge. As an example,  a developer may test a portion of an application in AWS but forget to delete the workload. This leaves the workload left running, which costs money.


Another commonly cited danger is when an employee uses a personal Dropbox account to store company documents. The IT department has no way of keeping track or ensuring the security of these documents. In 2016, Dropbox was subject to a major security breach in which lead to 68m user passwords being leaked on the internet. This event really highlighted the risks posed by cloud sprawl and shadow IT.


The picture becomes more complicated when considering the issue of data management. When companies have no information on a portion of incoming traffic to their app, or when unsanctioned apps are being used by staff, it makes it impossible to tell where data is being stored. Even the most secure cloud offerings don’t protect against company information being stored in browser caches.



Addressing the issue


Current solutions to the problem of cloud sprawl are simplistic. They monitor, regulate or deny certain cloud services to employees. But this is not ideal as it hinders all the benefits that can be gained from rapid cloud adoption. It shouldn’t be a matter of ignoring employee needs and requests, companies should work to build a strategy around those needs. By building a comprehensive understanding of user requirements, the company can then construct a well thought-out product roadmap which accounts for the needs of all staff and departments.


IT departments saying ‘no’ to new technology on the basis that it poses some risk can put the brakes on company growth.  Refusing to use an effective technology poses a business risk in itself as competitors may use it to gain an advantage in the marketplace. Establishing clear policies for employees on using the cloud, and working across departments to understand business needs, is a good first step to managing cloud sprawl.