Cloud computing is being used by nearly everyone nowadays, and most of the time it presents a lot of value that can’t be found with purchasing, managing, and maintaining an in-house computing infrastructure. As an organization begins moving more and more of their computing to the cloud, there is a situation that arises that industry professionals call “cloud sprawl”.
What is Cloud Sprawl?
Cloud sprawl is the loss of awareness about cloud computing expenses that can add up if not monitored carefully. For example, say you have a project that requires a certain software title to complete it. You decided to get each member of the team a subscription to a certain Software-as-a-Service (SaaS) title. As the project extends more people are added, but when the project is completed the accounts that were added subsequently aren’t canceled immediately. If they are found three months later, you are on the hook for the monthly cost of the software and infrastructure related to it.
This may seem like a small issue, but for organizations of dozens of departments, hundreds of project teams, and thousands of user accounts, you are talking about a large waste of capital. Wasting money buying things that aren’t being used is always frustrating, but it’s even more of a problem when with a little foresight and reliable documentation (and procedure), these expenses can be completely eliminated.
The first thing you will have to do if you want to control your organization’s cloud expenses is to design, and completely map, a computing infrastructure that takes into account all current infrastructure plans, projects, and future computing investments. Once your entire infrastructure is completely mapped, it should be much easier adding and subtracting cloud resources based on need.
What is Cloud Complexity?
Cloud complexity is exactly what it sounds like. Not all software deployments are cost-effective if you use the SaaS per user model. There are definitely applications that your business uses that you want to host and manage yourself to ensure that it is secured the way you need it to be. Most businesses need to meet some type of regulatory requirements—and with much of that requiring proof of security—hosting those applications and data offsite may make it a little more difficult (and probably much more expensive).
Other examples of cloud complexity are when organizations decide that they want to migrate away from onsite infrastructure and don’t take into account the different configurations that cloud platforms present. One major problem is that when an organization decides to migrate data and applications into a cloud-hosted environment, the legacy infrastructure (servers, databases, and other computing platforms) continues to exist for some time.
Also, cloud options are unhindered by compatibility and compliance. Hosted infrastructure makes it easy to select whichever brand or functionality your organization needs. All these moving parts can make cloud computing a maddening jumble of sudden changes that can waste plenty of time and money if left unchecked.
What is Cloud Security?
Since the advent of cloud computing, IT professionals have been asking this question. The biggest problem with cloud computing was the fact that they had little to no control over the setup and management of the underlying computing infrastructure. The single sign-on feature of most cloud platforms was (and is) disconcerting to the IT professional tasked with securing your organization’s technology.
The truth is, cloud security is strong and shouldn’t be too worrisome for organizations using cloud computing for most enterprise computing needs. There are a few things you can do to ensure that your cloud security is commensurate with the IT security you have for your physical infrastructure. They include
- Backup and recovery – Hackers do attack cloud systems, this much is true, and if something were to happen in your cloud platforms, having a reliable backup and strong data recovery plan in place would take a lot of the heat off.
- Multi-factor authentication – One of the biggest problems with cloud platforms from a security perspective is the single sign-on. Today, all cloud platforms support multi-factor authentication procedures that work to enhance an organization’s ability to keep unwanted entities out of cloud platforms.
- Use encryption – Data is data regardless of where you store it. To protect any data, you will want to use encryption. Encryption restricts access to data and when looking to build secure practices around data, it is one of the best solutions out there.
The cloud is changing the face of business, but it does have its drawbacks. If you would like to have a conversation about your organization’s use of cloud computing and how you can use the cloud more effectively give RedRock Information Security a call today at (616) 534-1500.
RedRock offers a full range of compliance-focused IT services including help desk, server and network management, perimeter and endpoint security, and associated hardware and software. What makes us unique is how we bake security into everything we do. We are regulated by the FDIC, NCUA, and DIFS. We undergo regular exams and audits by 3rd party assessors. This oversight offers our customers the peace of mind that multiple entities look at our products, policies, procedures, financials, etc.