When an IT team plans a cloud implementation, it's usually in a careful and organized way.
But because of cloud's on-demand self-service model, it's common for other parts of the business to spin up new services and leave IT in the dark. This potentially increases cloud costs and risks. An internal cloud audit can help IT teams identify the rogue cloud services that run within their organization and regain control.
Multicloud management -- or lack thereof -- is a big problem, according to Lauren Nelson, an analyst at Forrester Research in Cambridge, Mass. Most of the bloat is actually on the SaaS side.
"Often, users start with a free version and then end up paying for it, and it starts to grow," Nelson said. At one manufacturing firm, IT eventually tracked down 500 cloud instances, though only 10 were infrastructure as a service, she continued. Still, there was plenty of resource redundancy within those 10 instances.
Get started with cloud inventory management
There are two basic approaches to minimize on-demand self-service risks and regain control over cloud deployments, Nelson said. The first option is to implement a range of tools that can help spot cloud assets.
There are third-party tools, such as CloudCheckr Cloud Management Platform and Lucidchart diagramming software, that provide visibility into cloud infrastructure and help reduce costs. Sumo Logic provides log and metrics management for Amazon Web Services (AWS), Azure and hybrid environments. A SaaS tool called ParkMyCloud connects to AWS, Azure and Google and helps users automatically schedule on and off times for cloud resources.
"When we have to go in and evaluate an existing infrastructure across AWS, Azure and Google, what we find is usually inconsistent [with] what the client tells us is out there," said Travis Rehl, director of application and engineering at Siteworx Services, a Reston, Va. consulting and managed services company, and a frequent user of tools like these in his work with clients.
Many companies are often surprised by their cloud costs because of the number of uncatalogued assets they run, Rehl said. Initially, Siteworx tried to solve the problem by developing scripts that could help identify cloud activities.
The second option to identify which cloud services run in your organization is to simply ask, Nelson said.
Often, there is little understanding outside of IT regarding the differences between platform as a service and SaaS. This means, even after IT teams ask users which services they run, they might need to further categorize that information, Nelson said. Still, asking employees is a low-cost way to learn current needs and patterns of use, as well as start a discussion about proper security practices for on-demand self-service environments.
Check compliance off your to-do list
Cloud inventory management is important not just for security and efficiency reasons, but for compliance reasons. IT teams should determine whether any users who signed contracts did so in accordance with corporate standards and whether someone in the organization understands the terms and conditions, Nelson said.
Experts also recommend taking inventory of not just which cloud platforms are in use, but which specific components of those platforms are in use. For example, AWS customers probably use a number of different licenses from Microsoft, Oracle or perhaps IBM when they set up a new environment. In these cases, it's important to know whether you have paid for these licenses and what compliance risks this process introduces.
Also, create visibility into what's happening on your corporate network through discovery tools. This puts the CIO or other IT leaders in a service brokerage position and ensures that every penny users spend in an on-demand self-service model delivers value -- not new security risks.
Shadow IT is both a blessing and a curse
Evaluate the pros and cons of compliance as a service
Create a shadow IT strategy for your cloud
Build a comprehensive cloud cost management strategy