Man with laptop looking at the sky with clouds

Every Business Should Do A Cloud Consumption Audit

The topic of WAN transformation has been a hot topic over the past couple of years. In fact, earlier this year, Mark Haranas, the fine reporter with CRN, recently authored an article declaring that 2016 would be a breakout year for SD-WAN.

One of the biggest drivers of change in the WAN is, of course, the cloud. Cloud computing changes the way traffic flows over the WAN. With no cloud traffic, the traditional hub and spoke isn’t perfect, but it worked. With the cloud, network traffic becomes chaotic and unpredictable. Hence the need for a software-defined network.

The first step in shifting to a SD-WAN is to understand what traffic is running on the network. Since cloud is a significant contributor to network traffic, logically it makes sense to gain a handle on the various cloud applications and services being used. However, in my experience, very few companies know what cloud services are actually being used.

One of the challenges with trying to catalog cloud usage is that IT often isn’t the group procuring the cloud services. The rise of “shadow IT” has put cloud purchasing power in the hands of the lines of business. In a survey of IT professionals run by ZK Research last year, 90% of respondents claimed to have cloud services that were purchased without the consent of IT. As I’ve often said, you can’t manage what you can’t see. So if IT doesn’t know what cloud apps are being used, it’s hard to do any kind of network planning.

Luckily, there is help on the horizon for IT managers now. A number of companies have popped up over the past few years that offer cloud audit services that are designed to discover all the cloud services being used including SaaS, IaaS, and PaaS services, as well as providing detailed usage stats, upload & download volumes, and how many workers are using the services.

In the interviews I conducted with IT leaders last year, the most surprising outcome of the cloud audits was the magnitude of the lack of knowledge of cloud services. Typically, IT’s estimate of the number of cloud services prior to the audit is off by 10 or even 20x. One company thought they had ‘about 20’… there were 400. Another enterprise estimated 30 services…. there were 600. With respect to cloud, there’s always a huge difference between perception and reality and that gap could only have been uncovered with a cloud audit.

Another reason to consider a cloud audit is for compliance reasons. Any organization in a regulated vertical such as medical or financial services must be aware of where company data is stored. Users often use consumer cloud sites when corporate policies make it difficult to do their job. E-mail limit too small? Use G-Mail. Can’t access shared drives when out of the office? Use DropBox. This obviously creates significant risk for businesses.

Another interesting factoid from ZK Research is that 43% of workers admit to breaking corporate policy to make it easier to get work done. These numbers do not surprise me, as users will always find a way to do what they need to do. It reminds me of Jurassic Park, when Dr. Alan Grant stated, “life finds a way” — if business policies make working difficult, workers will find a way around it. Even if you’re not in a regulated vertical, it makes sense to understand which workers are using what cloud apps and where data is being stored.

The cloud era is here and it’s hitting businesses in a bigger way than most IT departments understand. IT leaders should do themselves a favor and do a cloud audit before the environment becomes so complicated it overwhelms the IT department.