Just when you thought it was safe to BYOC, now there's 'cloud sprawl'

Just when you thought it was safe to BYOC, now there's 'cloud sprawl'

Summary: The consumerization of IT and the trend toward a more user-controlled technology environment have created a new phenomenon dubbed cloud sprawl. It's time to recognize it, analyze it, and mitigate it.


It seems that every new technology brings its own brand of security holes, malware, and endless possibilities for sprawl of some kind or another. Now, it's cloud sprawl. Yes, cloud sprawl. On the heels of my recent, "How 'bring your own cloud' could kill BYOD," it occurred to me that this BYOD, and its partner in crime bring your own cloud (BYOC), could lead to a kind of uncontrolled "sprawl." I was right. In fact, I wasn't the first to unmask this heinous new evil known as cloud sprawl.

I typically despise IT buzz terms and marketing overhype*, but this time, I imagine that I have to concede to one that is difficult to describe in any other way. Cloud sprawl is not explicitly the evil that some IT shops are out to make it but there's clearly a problem with it.

Cloud sprawl: The uncontrolled use of public cloud services in a company with little or no input from management or IT.

Much has been written about cloud sprawl. You only need to Google the term to see what I mean. However, in my humble** opinion, few, if any, of those analysts really understand the problem much less the solution.

The real problem with personal cloud services is security. And I'm not necessarily referring to hackers breaking into accounts or attacking personal cloud providers' sites. I'm strictly speaking of security concerning corporate data. If there are, let's say, 20 different personal cloud services available to consumers in addition to the corporate cloud storage options, you're looking at the beginnings of cloud sprawl.

Everyone has his own preference of service. Dropbox might work very well for John in marketing but for Betty in accounting, Box is her choice. And Bill in IT prefers SkyDrive, while Martina, the CFO, only uses Google Drive. I think you're getting the picture of the problem of cloud sprawl. You have too many disparate sources and too many places where your company's data is stored. And, the data owners--the company owners--may have no idea that this kind of thing is happening.

Their data is at risk.

Cloud sprawl is a problem.

One solution to the cloud sprawl problem is to adopt a single public cloud option that works for everyone's mobile lifestyle. There are solutions, such as Dropbox, that work on any device and are always available.

A second solution is to provide corporate users with an everywhere-accessible company cloud storage option. People are going to use what's convenient. Most people are willing to comply with corporate standards, when given the option. In other words, if you provide your employees with an accessible corporate-sanctioned cloud option, they'll use it instead of the public cloud options. Every employee understands the need for data security. Every employee is willing to use a corporate solution if one exists.

I don't believe for a moment that there are people working in a company that would absolutely refuse to use the company's resources rather than a consumer-based, free alternative. The only reason that someone would refuse to use such a service is if it weren't available outside the confines of the cubicle. The service would have to be user friendly and available for corporate workers to use it as readily as they do the public ones.

A possible third solution is for companies to provide a combined solution. The combined solution would be a corporate Dropbox that syncs data with the company-owned cloud option. This way there's only one public cloud storage point and the data syncs with the secure, in-house cloud. This hybrid solution is a good compromise for both the user and the company. It also removes the problem of cloud sprawl.

The real solution to any such problem is to have a corporate policy that is well communicated and well enforced. Without a policy, a company leaves itself open to fraud, theft, and sprawl. If you need assistance creating a policy, deciding on a cloud solution or assessing the problem, there are dozens of firms available to help you.

What do you think the solution to cloud sprawl is? Talk back and let me know.

*I have thoughts of groups of expensive-suited, cookie-cuttered marketing types sitting around a table in a "think tank" trying to invent the next buzz terms. This type of uber-crazy marketing really irritates me. So much so that I once posted my own buzz term dictionary of terms, their alleged meanings and their actual*** meanings.

**OK, maybe not so humble but you get the idea.

***OK, OK, by actual, I mean their "According to Ken Hess" meanings.

Topic: Cloud


Kenneth 'Ken' Hess is a full-time Windows and Linux system administrator with 20 years of experience with Mac, Linux, UNIX, and Windows systems in large multi-data center environments.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • A different approach

    BYOD is just another factor between the Cloud Sprawl, as long as a Corporate user has Internet access, DVD-R, Floppy disks, USB storage and any kind of storage capability, they can transport the information from their Corporate or contained environment to an environment with Cloud access and store the data they wish in there.

    Companies need a DLP (Data Loss Prevention) strategy, where they classify their data, prioritize it and implement the right solutions to protect it, such as sanboxing data, encrypting data, never forget that they need an appropriate governance model for data with the right mechanisms of authentication, end-point and server security and management, auditing and control. There's a lot more factors around that but these are the most important ones.

    Customers can adopt a Hybrid cloud has you mention, while extending the On Premises solutions to the Public Cloud but that is not enough to protect their data, Cloud providers are about to present encryption capabilities for the Public Cloud environment very soon, 2013 will be the year for that to happen, but companies should not rely exclusively on the Public Cloud or Private Cloud encryption capabilities, they need to embrace an Holistic approach of DLP, has said, covers a lot of vectors in the information security.
  • Serendipity, & Beam It Over Scotty

    Ken you did ask- "What do you think the solution to cloud sprawl is?" So serendipitously (is that a word?) I did come across some info on an interesting answer, & want to hear what you think of it in the corp IT environments you are envisioning. Here's the article-
    Gets Your Head Out of the Cloud-
    If you write a follow-up article please let me know.
    Paul B. Wordman
    • serendipitously (is that a word?)

      The word seems to exist: http://en.wiktionary.org/wiki/serendipitously
      Peter Hofman
  • Please Post Your Dictionary of Buzz-terms

    You mentioned- "I once posted my own buzzterm dictionary of terms...". (Sorry, I forgot to ask in post above.)
    Please post or email that if you would.
    Paul B. Wordman
  • This has been a problem for a while

    If you only realise the possibility of fragmented data or loosing data when you look at your BYOD (or BYOC) policies and solutions, you've been loosing data for a while.

    OOXML also mentioned it above, there is USB drives, CD/DVD writers and even email that employees can use to copy or move their data.

    I've been working in content management for over 10 years now, and I still need to see the enterprise where their content is just in one place. It does not exist, it is a nice selling point for the vendors, but in reality it does not exist (that I know of). Even if there are only one enterprise content management systems (many companies have a few), there is also shared drives, public drives and then documents stored on PC's. Documents get emailed that already create a number of copies of the same document.

    I hope that BYOD (or BYOC) will force companies to look at this, but they will probably take the easy way out and rather put corporate policies in place than looking at the real problem.

    Cloud sprawl is nothing new, it has been happening forever, and it will just become an acceptable part of the enterprise platform.
  • Surely it's still mostly about user awareness?

    Not only has 'sprawl' been an issue ever since the first removable storage device was invented, but so has user awareness. As a specialty practice area, IT (or whatever we choose to call it) has rarely been able to find ways to communicate effectively with users.

    Last month a client shared a single Dropbox folder with me, but the Admin on their side tasked with doing this actually shared the client's entire Dropbox structure - everything. All of the information assets they hold in Dropbox.

    As long as we have that kind of user error to contend with, everything else is meaningless.
  • Cloud Sprawl isn't the problem, bad management practices are

    According to a recent InformationWeek article describing cloud sprawl, “lured by easy-to-install cloud applications, individual business departments are deploying their own clouds and causing chaos for CIOs.” One commenter on that article noted, “there is no such thing as cloud sprawl, only bad management.” Perhaps he is in denial mode, but I also think he has a point. With the right tools, I believe that IT managers also have the opportunity to manage cloud sprawl to their advantage. I posted a article here http://www.activestate.com/blog/2013/02/cloud-sprawl on the topic if you'd like to learn more about how to prevent cloud sprawl from becoming a problem for your company.