What Can You Do About Cloud Sprawl?
The proliferation of cloud services has helped many IT pros spin up capacity on demand. But one consequence of the growth of these services is cloud sprawl.
That was the conclusion of a study released earlier this month by global integrator Avanade. Based on a survey of 573 C-level execs, 60 percent were worried about cloud sprawl. Twenty percent said it's impossible to manage all of the cloud services today and 25 percent said they have no central system to track and identify the cloud services that are in their organizations.
"It's causing some growing pains," said Larry Beck, senior director of cloud strategy at Avanade. "As the public cloud services are getting faster and easier and cheaper to provision, in a lot of cases, it's outpacing IT's ability to manage and control those things."
Twenty-seven percent reported that their companies' cloud policies already prohibit the use of cloud services but people are using them anyway. Yet there's no real deterrent to using cloud services. Twenty-nine percent said there are no ramifications to violating that policy and an additional 48 percent said they give nothing more than a warning for violating the policy. And a quarter of the executives said they don't really have an open line of communication with the departments and the business unit leaders.
"This is creating a bit of a chasm between them," Beck said. "In some cases, it might be IT managers' biggest nightmare -- where there is a path, an unchecked and unmanaged path to procuring IT services around the IT department."
Beck offered some guidance for managing this cloud sprawl:
First you need to define and communicate a very clear cloud strategy and one that is user-centric. As the shape of the workforce changes and employees become tech-savvy, more people than ever are able -- and determined -- to accomplish their tasks with or without the help of IT.
Once IT has communicated a strategy, organizations need to go out into the lines of business and conduct an audit and look for all of the cloud services being used. "They need to have a clear message, which is to say, 'We will not, as a result of this effort, shut off any of the things you are doing. But we need to know what they are. We need to be able to inventory those things, be able to ensure that we're not violating any laws or any governance requirements that we have. And even if we find those things, we're not going to shut you down right away but we will at least make you aware of them.'"
Next, organizations need to create a roadmap. A migration path will be required and there will be some consolidation. Consider those that have a number of file-sharing technologies, perhaps departmental applications all the way up to things like CRM systems, BI solutions and others. "There will probably need to be an IT consolidation of those things, again staying very user-centric," Beck said. "And if it makes sense for groups to have different tools then maybe they should maintain that."
Once the roadmap has been created, it is necessary to communicate the strategy in a positive manner -- "being able to be the hero, frankly, as opposed to being the villain."
Finally, enforce the policies you've created. "You have to enforce them. Otherwise, you may as well not have the policy," Beck said. "But you also, we believe, need to be on a path of refining that policy on a regular basis," considering the rapid pace of changes to cloud technologies. Hence, according to Beck, these polices should be revisited more frequently than on an annual basis.
Posted by Jeffrey Schwartz on June 30, 2011 at 11:58 AM