As the cloud becomes the new normal for organizations of all sizes, there are a number of challenges, one of the biggest being visibility. Some organizations do not know what they're got running in the cloud, or how it got there.
Multiple studies in recent months have reported glaring holes in cloud visibility. An Axonius-sponsored study conducted by Enterprise Strategy Group (ESG) found that 75% of surveyed organizations have experienced serious cloud virtual machine security incidents as a result of poor cloud visibility.
Nathan Burke, chief marketing officer of Axonius, told ITPro Today that a key finding in the study was that IT complexity is on the rise due to a variety of factors, including a growing number of devices and remote workers. That said, the No. 1 reason why IT complexity is on the rise is due to public cloud visibility, he said.
"It takes seconds to launch something—anyone can do it. And that's what we see every day," Burke said.
Burke cited a number of reasons for complexity, including the fact that it's easy for anyone to spin up a cloud instance and then just forget about. The sophistication of cloud configuration options is another key visibility challenge.
The Shadow of Shadow IT on Cloud Visibility
So how did we get here? A lot of the challenge of cloud visibility has to do with strategy, or rather lack thereof, according to Jesse Stockall, chief architect of cloud management at Snow Software.
"Much of today’s cloud usage has grown organically as opposed to being part of an overall cloud strategy," Stockall told ITPro Today.
In some cases, shadow IT is still occurring today, with siloed business units making their own cloud strategy and consumption decisions, said Mark Jamensky, vice president of products and cloud management at Snow Software. In other cases, individual business units are driving the cloud strategy for their own unique needs, though in these cases at least with some knowledge from corporate IT.
"Whether it’s this latter case of business-led IT or shadow IT, in both situations overall corporate visibility is compromised due to these decentralized decisions and in many cases decentralized overall cloud operations," Jamensky said.
The Cloud Is Just Another Company's Servers
In the on-premises world, it was sometimes possible for an organization to physically inventory the IT assets that it used. However, with the cloud that's no longer possible. James Christiansen, vice president of cloud security transformation at Netskope, told ITPro Today that IT's traditional methods for visibility are now going through a total transformation.
"Fundamentally as we move forward, we don’t own the systems that our data is residing on and we don’t control the network that our data traverses," Christiansen said.
Christiansen noted that in his experience IT departments are driving only a small percentage of applications being used in business today. Business units are finding solutions to their most pressing needs in new software-as-a-service (SaaS)-based applications. It is possible that the security organization is not part of the review or even knows the business is using a new SaaS application.
"You can’t manage risk of something you don’t know," Christiansen said.
Cloud Visibility Gaps
Why does cloud visibility matter? According to Tristan Morel L'Horset, North America cloud and infrastructure growth lead for Accenture Technology Services, 94% of organizations are in the cloud.
"Basically, by now everybody has started putting in one app or more into the cloud, and yet, less than a third of them are happy with the value that they're getting," L'Horset told ITPro Today.
While L'Horset does see some shadow IT deployments for the cloud that lead to visibility issues, in his experience, by and large it is now CEOs and executive management that are leading the way to the cloud.
There are four broad gaps that L'Horset identifies for cloud visibility:
- Holistic view. Does the business have a holistic view of individual application costs and usage across multiple cloud accounts and business units?
- Multi-cloud management. Most businesses are in multiple clouds, and getting visibility into multiple cloud providers is a challenge.
- Right sizing. Having the right deployment and utilization of resource is important to get the best business value.
- Security. Misconfigurations are common in the cloud, and they can leave organizations at risk.
Best Practices for Improving Cloud Visibility
When it comes to improving cloud visibility, there are a number of best practices that an organization can consider.
For Snow Software's Jamensky, a key best practice is to better align the corporate IT team to become a true partner to the business units.
"They need to understand that their roles are changing, and they need to adapt to provide the value-add services they can in this new cloud world," Jamensky said.
That notion is echoed by Stockall, who added that it's critical to ensure that cloud strategy involves all the necessary stakeholders and provides the flexibility to support different cloud consumption models and levels of support.
"Invest in tooling that provides visibility to different personas, both those directly interacting with the cloud and those with an indirect relationship such as finance," Stockall said.
While tools are a part of the solution for improving cloud visibility, without the right strategy in place, they can also be part of the problem.
"One of the causes of the lack of visibility is the multitude of tools," L'Horset said.
With most organizations using multiple providers, it is not likely that one tool can discover all of the cloud resources deployed across all of the cloud providers, both in public clouds and on-premises, he said. To that end, L'Horset suggests a resource tagging strategy where the business first focuses on what it is trying to achieve. The resource tags can connect a business owner to an application, development or production environment.
The combination of a resource tagging strategy with tools is key to narrowing cloud visibility gaps.
"Lack of visibility leaves a company exposed, it drives increased consumption, and it limits how you're getting the best value of the cloud," L'Horset said. "So those are the three reasons why you want to increase your visibility."