For many state and local governments, migrating IT resources and workloads to the cloud can yield tangible benefits: flexibility, scalability, resource management, cost savings, simplified budgeting, ease of deployment and enhanced updating and patching.
The cloud can deliver Software, Platform or Infrastructure as a Service, and agencies or departments can turn to the cloud to instantly spin up machines for temporary projects and seasonal workloads, to test and develop new applications, and to provide email without having to manage on-premises equipment.
But failure to manage a cloud environment effectively can cause new headaches.
The same ease of deployment that makes the cloud so attractive can create problems, especially if an organization lacks effective policies and guidelines. Take, for instance, the hypothetical example of a department that invests in Office 365, Microsoft’s popular suite of productivity software. The IT department no longer has to manage on-premises email, and users gain access to cloud tools such as Skype for Business and OneDrive for Business. The move has the potential to be a clear win-win.
But in reality, some users may never use — or even know they have access to — the other cloud tools beyond email. When government staff need to collaborate on documents, they may instead use a company credit card to purchase a consumer license for a stand-alone cloud file-sharing program, rather than using OneDrive.
Then, inevitably, some of these users will leave the department or agency. Without tools and practices to ensure proper management and visibility, the IT shop may never know that government data is sitting on a consumer cloud application — placed there by someone who no longer even works for the organization — creating an unnecessary monthly expense and, potentially, compliance and security issues.
Multiply these problems by the hundreds or thousands of users in a large enterprise — and by the myriad cloud tools at their disposal — and it’s easy to see why cloud sprawl can be such a large problem for organizations.
Some of the chief risks associated with cloud sprawl include the following:
1. State and Local Security Is at Stake
Until recently, IT teams maintained rigid control over access to computing resources and were able to exercise management and visibility over sensitive data with relative ease. The cloud, along with several other significant developments in IT, has dramatically changed this situation.
In one recent survey by Forcepoint, 21 percent of cybersecurity professionals said critical data and intellectual property from their organizations were stored with public cloud services.
Perhaps most worrying, only 7 percent of respondents said they had “extremely good” visibility into how users handle critical data on enterprise and user-owned devices, as well as on applications. Sprawling cloud environments in which IT teams have limited visibility and management capabilities leave organizations vulnerable to attacks and data leaks.
2. Opaque Operations Can Lead to Overpsending
When it’s easy to purchase new software or services, it’s easy for spending to increase, and when this spending isn’t managed effectively, it can spin quickly into overspending. State and local governments spend more than necessary on their cloud deployments, as a result of both initial overprovisioning and abandoned, unused resources that suck up dollars without providing any value.
Too often, departments or agencies purchase cloud resources without taking the time to accurately estimate the amount of computing, data analytics and storage resources they need.
Perhaps just as frequently, these departments spin up resources for temporary projects and then fail to pull back the resources when those projects are complete. Overspending can also happen across an entire organization — with the full backing of the IT shop — when cloud resources aren’t matched appropriately with user roles.
For example, government IT teams often pay for the “pro” or “plus” versions of software suites without realizing that many users only need basic functionality.
3. Lack of Control Means a Lack of Optimization
When IT staff doesn’t have full control of the cloud software and services being purchased throughout a state or city government, they can’t connect users with the IT assets that best meet their needs and, thus, ensure that these resources are being used optimally.
Lack of optimization is closely related to overspending, but may also include scenarios in which organizations invest in the appropriate amount of cloud resources but then simply fail to provide access to these resources to the employees best positioned to use them.
An department or agency with a well-managed cloud environment will often have a library where users can see which resources are available and then request temporary access. In contrast, in an organization with sprawling clouds, users often have no way of knowing which cloud resources are available.
4. Control the Cloud to Stay on Top of Compliance
It was easy enough for governments to lose track of software licenses before the emergence of the cloud. Now, with users able to subscribe to cloud software and spin up resources in an instant, it’s nearly impossible for IT teams to stay in compliance with software licensing agreements unless they appropriately manage their cloud environments.
When vendors audit agencies with cloud sprawl problems, the result is often a hefty bill — an outcome that is even tougher to swallow when many of the resources causing noncompliance are “zombie” instances that no one in the organization is using anyway. With software management tools, state and local governments can ensure constant compliance, taking the sting out of vendor audits.
Looking to tap the advantages of cutting back on cloud sprawl? Check out our white paper on keeping the cloud in check.