Tangoe: Technology Expense & Lifecycle Management
Request a Demo

Do More, Spend Less:
How to Make Cloud Use Efficient

DOWNLOAD THE REPORT

Introduction

Is it time to optimize your existing cloud resources? To ensure any business can actually do business in the cloud, they must first realize the full value of their cloud investments, starting with understanding how the cloud is used. Research firm Nemertes shows you how to make sense of the cloud without adding more people.

The Issue: IT Operations Needs Help Watching Where the Money Goes

The IT environment continues to broaden. Both intentionally, as part of an actual business-plan- driven IT strategy, and unintentionally, as part of “shadow IT” activity, enterprises continue to add more SaaS, PaaS, and IaaS solutions to their portfolios. This increases the difficulty of maintaining a sufficient level of cloud observability. Each new environment IT knows about adds another place or set of places IT has to look to get the information it needs, and presents its own challenges in getting visibility into what is happening within and among clouds. Each new environment IT does not know about is a potential source of business, operational, and cybersecurity risk.

To ensure the business can actually do business, realize the full value of cloud-focused digital transformation efforts, protect company data assets properly, and manage the overall IT service portfolio, IT needs to understand what SaaS and other cloud platforms are actually in use. It needs additional visibility into cloud use both for sanctioned and unsanctioned cloud activity.

To manage company resources properly, IT also needs to address the increasing number of places and ways in which the organization can overspend or mis-spend money on all these cloud services.

In an ideal world, IT operations teams are the counteragent to the organization’s blind spots and to over-spending or mis-spending on cloud services. In the real world, for most organizations, those teams are stretched thin, over-worked, and under-equipped for this type of work. Their time and attention are, necessarily, focused first on ensuring the availability and performance of critical services; and second, on supporting new business initiatives and associated IT services and infrastructure. There is little time or attention to spare for backwards-looking audit and optimization of the use of existing solutions (as long as they are delivering the services they are intended for).

To manage company resources properly, IT also needs to address the increasing number of places and ways in which the organization can overspend or mis-spend money on all these cloud services.

Staffing Challenges

Exacerbating the problem of focusing staff attention on fully understanding the service portfolio and reducing waste within it, the operations staff is often last in line for new hires, prioritized well behind security staff and solution developers. And it is no easier for operations teams to hire replacements for departing staff than it is for any other IT team, given overall competition for skilled staff. Add in the fact that a lot of people helping in operations are not on the operations staff. They are actually members of the architecture or engineering teams who get pulled into operations to help resolve urgent problems when they arise. Since this takes them away from their “day jobs” they don’t generally stick around once the crisis is past in order to lend a hand with ongoing operational issues like cost management. So, stretched staff are stretched even thinner than it looks, and the operations team is fragile for lack of a deep bench of staff.

Whether we are talking about managing the service portfolio functionally, to make sure the business has what it needs to compete, or about managing that portfolio with an eye to reducing wasteful spending, it takes human time and attention to accomplish the goal. Without more humans, or indeed with fewer if your IT department was in line for cuts recently, the amount of human time and attention needed must be minimized.

Complicating the situation, upper management often believe they have all the information they need to understand and optimize cloud use…even when the operations folks tasked with collecting that information feel otherwise.

While nearly all companies use SaaS, only 62% have any defined governance for it, and fewer still have all the key administrative underpinnings of sustainable, responsible use of cloud.

Lack Of Policy and Process Exacerbates the Problem

The Nemertes Emerging Technology 2022-2023 Research Study found a wide gap between the number of organizations using cloud (and deriving real, measurable value from it) and those with proper governance around it. While nearly all companies use SaaS, only 62% have any defined governance for it, and fewer still have all the key administrative underpinnings of sustainable, responsible use of cloud: a cloud strategy (including a cloud security strategy), a roadmap for realizing that strategy, or an architecture into which cloud solutions can be fit.
Lacking this kind of framework to work within, operations teams have less support than they should for fitting cloud solutions together, keeping an eye on all the solutions in use, and tracking each through its lifecycle from adoption and deployment through to end-of-life decommissioning. Lacking this kind of framework, digital transformation efforts focused around cloud solutions have, in the last few years, accelerated cloud sprawl and increased the likelihood of duplicative or conflicting deployments.

Moreover, 46% of organizations have yet to update their operational processes to deal with cloud use in delivering production services. Processes developed solely for on- premises resources are just stretched to cover cloud deployments, but it is not a good fit. Processes for on-premises resources often presume (and depend on) levels of access to infrastructure that are simply not available for cloud solutions, or assume integrations with infrastructure systems (such as an on- premises directory) that are not in place. It is easy for gaps in visibility and the poor fit between process and cloud use to turn into benign neglect — “if it ain’t broke, don’t fix it” — and a gradual, ever-increasing accumulation of solutions, accounts, account privileges, cybersecurity risks, and costs.

Moreover, 46% of organizations have yet to update their operational processes to deal with cloud use in delivering production services.

Using Cloud to See Cloud

With or without adequate operations staffing, IT needs tools that will let them see what cloud systems are actually in use. The need is clearly more acute where operations teams are oversubscribed, but even where they are not, the organization needs some means of seeing clearly which cloud solutions and cloud service providers are part of the overall service portfolio.

This goes for sanctioned as well as unsanctioned services and applications. Certainly, the need to capture information about shadow solutions is urgent and important. But, given how many years companies have been engaging cloud now, and the breadth of functions engaged, it is also important to have help keeping track of sanctioned solutions and their current status: are they still in use, growing in importance, fading into disuse, or abandoned?

Seeing all of this is the first step toward weeding out the unused and unneeded, pruning back what is overgrown, and prudently investing in what is needed and used. That is, this visibility is the main prerequisite to cloud cost management and optimization.

One technology business recently implemented cloud visibility and optimization tools on its environment. It found not the expected 70 cloud services known to IT, but 250 applications in use. “The level of blindness was shocking!” according to the CIO. Another business, after moving one of its core applications to IaaS, discovered astonishing waste. For example, one virtual machine was used for only a few minutes a day but was running 24×7 and just “counting its cycles” between late-night bursts of work as part of a daily extract-transform-load process.

Of course, seeing that a cloud is being used is not enough: in order to assess issues like right-sizing the numbers and types of subscriptions, or establishing that data are being handled correctly, or understanding where all the key steps in crucial process are taking place, IT also needs to be able to see who is using each cloud service, and for what.

Before IT can level-up its approach to cloud and implement good governance and process, it needs to clean up the skeletons in the closet—and to do that, it needs to shine a light in there first.

What is Cloud Cost Management?

CCM tools and services provide visibility into which cloud platforms and services are in use, how much is being spent in each, and on what. They can provide comparisons across platforms and advice on how to reduce costs, reallocate resources, and get better value for each dollar spent.

Using Cloud to Optimize Cloud

The appropriate place for such functionality is in the cloud. A cloud-based Cloud Cost Management (CCM) solution provides visibility into which cloud platforms and services are in use, how much is being spent in each, and on what. They can provide comparisons across platforms and advice on how to reduce costs, reallocate resources, and get better value for each dollar spent. CCM is not primarily a security tool (though it has a role to play in securing the enterprise, certainly) but part of its function is to find shadow cloud deployments. Consequently, it will need to see which services are in use via which Identities, which it can accomplish in several ways: by being “in line” between users and cloud destinations; by integrating with such a system (presumably a CASB), or by integrating with an identity provider (such as Okta or Ping); by having an agent on user desktop browsers; or some combination of these. It can then gather usage information directly, if in-line or using an agent, or indirectly, via APIs into other cloud providers.

Once cloud use is fully visible, it becomes possible to truly understand the scope of cloud usage and spending, and to look for ways to optimize them. CCM platforms should be able to provide both raw data and the reporting and analytics needed to distill out of that raw data all the needed information on usage patterns and resource consumption. One key requirement for responsible resource management is the ability to attribute resource consumption to specific users, teams, or departments. IT needs also CCM tools that can spot things that are little used, or mis-tagged, and therefore misunderstood or their costs misattributed. By surfacing critical usage data for SaaS and IaaS, and by keeping up with the rapid pace of change in pricing, CCM tools can help an enterprise find out:

Understanding Utilization

  • What functions do heavy and light users spend time with?
  • Are there departments spending radically more than other departments on cloud services? Consuming disproportionate amounts of cloud resources, unbeknownst to leadership?
  • Are there overprovisioned instances (where capacity is no longer needed) or under- provisioned instances (where surge or seasonal spending is costing you more) that need to be adjusted?
    • Some instances do not need to be running 24×7 and can be paused to save money during hours they are not needed
  • Are specific users or departments more prone to orphaning resources than others?

Identifying Optimization Opportunities

  • Are there tools that are under-utilized?
  • Are there accounts that are under-utilized?
  • Are there orphaned instances in SaaS platforms?
  • Are there orphaned resources in IaaS environments? Entire orphaned environments?
    • For example, storage never used, data bases never populated, load balancers never given traffic to manage
    • Static IP addresses provisioned but never assigned
  • Would it make sense to engage long-term discounting on a given platform, via reserved instances or the like?
  • Is there dead data just taking up space and generating costs?
    • This could include backups whose retention is no longer required or desired, for whatever reason: age of the data, retirement of the entire system in question, divestiture of a business line, the wish to avoid potential discovery expenses on information not required to run the business, etc.
  • Are there any patterns to usage that might allow consolidation of seats or changes to seat types or licensed functionality?
  • Is someone trying to spend more on something the company is already overspending on?
Another key requirement is agility. Cloud’s superpower is agility, and any cloud solution meant to track the use of other cloud solutions must itself be able to keep up with the rate of change in cloud, to provide insights in real time. On the service-facing side, it will have to keep up with changes to costs and cost structures in all the major cloud platforms. On the enterprise-facing side, it will have to keep up with how the business wants cloud costs attributed and tracked. It will have to easily accommodate reorganizations, mergers, and divestitures all of which can radically change what the business needs to see, and on a short time scale.

Conclusion

Cloud expense management and optimization tools are a vital adjunct to CASB and other security- focused systems, aimed at the heart of operational efficiency and fiscal responsibility. Any IT department going through one of those periodic belt-tightening episodes, or living with the fact that all the priority in hiring is on other parts of the organization, should be exploring CEMO cloud services as a straightforward approach to filling the cloud spending visibility and management gap without filling positions.

IT professionals should look for services that can:

  • Provide visibility into both sanctioned and unsanctioned cloud use
  • Provide deep visibility into usage on strategic IaaS and SaaS platforms
  • Map usage information to business units, projects, or people
  • Maintain information about usage across platforms and over time (for trending analysis)
  • Automatically update price and price structure changes from strategic platforms
  • Alert IT to opportunities to shift consumption in ways that can reduce costs (e.g., by shifting to spot instances or reserved instances)
  • Allow IT to model what it would cost to run a given workload in different clouds
  • Provide short time-to-value
    • Inventories of clouds used, resources used, and other usage data should be visible within hours, and useful analytics within days
  • Support automated workflows
  • Integrate with IT service management platforms
  • Track contracts and contract renewals
  • Track license counts and license usage
  • Monitor billing, and reconcile bills against contract terms and commitments.