What is cloud sprawl?

Packed with transformative benefits and accessible to basically all businesses, it’s no wonder that the appetite for cloud and the buzz surrounding it has reached fever pitch. An eagerness to adopt and deploy cloud solutions is fueling a trend whereby cloud investment bypasses senior IT figures and is made by non-experts in a knee-jerk fashion. This leads to a proliferation of disjointed cloud solutions knows as “cloud sprawl”, which presents significant cybersecurity risk.

According to one report, 42% of businesses now have multi-cloud deployment in place – the kind that if not adopted and utilised diligently, leads to dicey cloud sprawl. A further report predicts that by 2020, a third of commercial cyberattacks will hit shadow IT resources (those projects managed without the knowledge of IT teams), yet most businesses don’t have unified monitoring, management and security for their myriad of cloud solutions.

What are the risks?

Put bluntly, if IT doesn’t know about it, they can’t apply the specialist cybersecurity measures required to keep a business safe and secure from internal and external threats. Cloud sprawl puts a dent in the carefully managed processes and stratagems of IT teams. Here are some points to consider:

  • A shift toward cloud service use such as Amazon Web Services and Dropbox and Software as a Service means that employees may sign up for services outside the purview of IT and place important business documents and data in them
  • Using unapproved services may lead to duplication and unnecessary spending, under-utilization of official IT services and inadequate protection of confidential information.
  • Cloud sprawl limits visibility and control over how employees use company information. Cloud app security standards may be lower and confidential data might become available on unsecured devices.
  • Business-wide recordkeeping will go below acceptable standards
  • Mixing and matching cloud providers may result in incompatible APIs and general problems with data consistency
  • The costs of consolidating or fixing an out-of-control cloud estate may be expensive


What can be done to reduce risk?

It’s great that workforces are now engaging with cloud technology. IT teams have long wanted their coworkers to appreciate its value with matched enthusiasm, but it’s important to ensure IT remains in the driving seat during any decision making. If this fails to happen, it will become nigh impossible to adequately address the security challenges and concomitant risk of cloud sprawl. So, what can you do to protect cybersecurity resilience, business continuity and bottom line?

Education as engagement

If you’re a senior or board-level IT professionally, be proactive in meeting with the board and directors of all disciplines to discuss business strategies and investments related to the cloud. And if you’re a non-IT exec, reach out to your technical teams. The aim is to work together to enable business opportunities without inciting risk – sharing ideas, needs and wants that benefit everybody.

Leaders should share the business objectives that resulted in cloud sprawl and any upcoming requirements that may expand the multi-cloud environment. Using this information, IT teams can educate bill payers of the solutions already available and aligned with IT strategy, and how risks could negate business advantages. Arriving at a conclusion that mitigates the security issues of cloud sprawl whilst satisfying commercial targets is a diplomatic balancing act, but essential to getting cloud right.

The technical to-do list

Without the expert IT input on strategy, existing infrastructure and futureproofing, so-called “freewheeling” cloud adoption is bad news. When IT loses track of cloud services, associated costs and data management, cloud sprawl becomes a weighty threat. In addition to working together, consider putting the below cloud-specific cybersecurity into action to combat cloud sprawl:

Integrate security tools: Cybersecurity should cover all cloud provision and be centrally managed. It should allow you or your managed service provider to see and respond to threats in real time and may include firewalls, filtering, anti-virus and disaster recovery to name a few.

Leverage native cloud controls: Where possible, opt for cybersecurity which is fully integrated into your cloud environment and uses native controls to manage data and provisioning

Integrate cloud security using connectors: Cloud environments are not created equal – and this goes for their built-in security. Inconsistencies can leave coverage gaps and blind spots that cybercriminals exploit. Cloud connectors allow you to quickly and easily implement security solutions across a multi-cloud deployment

Establish strong access controls: Any device, application, transaction, or workflow looking to interact with cloud needs an extra layer of security. Ask us about affordable, effective options

Consider moving to a cloud environment: The best way to manage the risks of cloud sprawl is to reduce its spread in the first instance. Our purpose-built cloud environment can handle all business-critical applications and data. It teams the performance, resilience and security of private clouds with the flexibility and scalability of public clouds and can be architected by our team specifically for you.

Cloud computing is transforming businesses for the better, but without the correct cybersecurity in place, it can invite unnecessary risk and increase overheads. To find out how you could better manage your cloud environments through teamwork, technology and external support, contact our experts or call 0844 579 0800.

by Stuart Buckley

Sales Director

An IT specialist for over 20 years, with a wealth of technical and commercial knowledge, experience and skill in managed services, cloud and hosted solutions.