{"id":89529,"date":"2023-06-06T11:30:00","date_gmt":"2023-06-06T15:30:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=89529"},"modified":"2024-12-20T14:02:17","modified_gmt":"2024-12-20T19:02:17","slug":"what-is-it-sprawl","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/what-is-it-sprawl","title":{"rendered":"What Is IT Sprawl?"},"content":{"rendered":"\n

IT sprawl is a natural byproduct of the role tech plays in modern organizations. It\u2019s understandable, because it\u2019s natural to seek solutions for the seemingly endless challenges you face. IT sprawl presents hidden costs and risks that can outweigh (or even contribute to) the problems all of those solutions seek to resolve. In contrast, a strategy of IT unification streamlines infrastructure by eliminating waste and integrating your investments, and can help to rein in any excesses. This blog prescribes how to eliminate sprawl using a deliberate IT unification strategy that\u2019s centered around identity and access management (IAM).<\/p>\n\n\n\n

Why Sprawl Occurs<\/h2>\n\n\n\n

Every admin encounters pressure to overbuy and purchase more \u201cstuff\u201d in response to the \u201cprobleme de jour.\u201d Conversely, refusing to buy stuff could result in employees effectively taking IT into their own hands by introducing unmanaged technologies into your environment. You might even face resistance to change and be stuck with legacy solutions that are costly to support. Sprawl begins with the impulse to purchase your way around problems.<\/p>\n\n\n\n

Overbuying<\/h3>\n\n\n\n

There\u2019s always the temptation to acquire the latest and greatest solution to resolve problems, and there\u2019s no shortage of problems that an IT department could encounter. This perpetual sense of urgency can easily lead to overbuying. Overbuying generates challenges ranging from higher costs and greater management overhead to unknown security risks. Solutions start to overlap, aren\u2019t fully utilized to their potential, and vendor relationships become weaker.<\/p>\n\n\n\n

You can\u2019t purchase good cybersecurity<\/a>, for example. A small to medium-sized enterprise (SME) can purchase the elements of a Security Operations Center (SOC), but the presence of those solutions won\u2019t guarantee your security. SOCs are multimillion-dollar investments in people, processes, and systems. Just purchasing more \u201cstuff\u201d makes managing and supporting systems more difficult, unless you\u2019re able to make that scale of investment into security. It may seem prudent to buy all security solutions possible, but it\u2019s a guaranteed path to sprawl \u201cdarkside.\u201d <\/p>\n\n\n\n

\n

What happens when you ignore every warning from a SIEM and don\u2019t perform threat hunting on a data lake? You could get breached right underneath your nose. An excess of security tools will generate the most incredible<\/em> post-mortem analysis \u2026 if that\u2019s any consolation for a breach.<\/p>\n<\/blockquote>\n\n\n\n

Shadow IT<\/h3>\n\n\n\n

Shadow IT, or the use of tools that don\u2019t have explicit approval, is another way IT sprawl happens. It\u2019s not a malicious act: users will naturally seek to bypass tools that are inadequate for their role by introducing an unapproved application. This occurs when departments seek their own solutions and devices\/identities are left unmanaged by IT. Shadow IT can stealthily creep into your environment, circumvent security controls, and introduce unknown risks. Departments may even come to rely on an application that exists in its own silo so much that, when it\u2019s discovered, IT must find a way to incorporate it (regardless of the effort involved).<\/p>\n\n\n\n

\n
\n \"JumpCloud\"\n <\/div>\n
\n

\n Casting IT Into the Shadows <\/p>\n

\n What you can\u2019t see CAN hurt you when it comes to shadow IT. Learn six key shadow IT risks and how to address them proactively. <\/p>\n <\/div>\n

\n Download the eBook<\/a>\n <\/div>\n<\/div>\n\n\n\n\n

Loads of Legacy<\/h3>\n\n\n\n

Not every organization is universally tech-savvy. Many people just \u201cknow what they know\u201d and tech literacy varies; changing how things are done isn\u2019t always accepted. IT admins understand the struggle of convincing users to let go of legacy (or familiar) apps to obtain buy-in for preferred systems\/workflows. That\u2019s often why legacy lingers: it\u2019s easier to let it be than to actively convince people that change is necessary and important for the organization.<\/p>\n\n\n\n

It can be difficult to get rid of old apps, even if they\u2019re outside of their lifecycle. You might inherit a legacy environment and have no choice but to do your best. Budget doesn\u2019t always exist to find replacements, or there may be proprietary pride like that siloed server from 2006 that\u2019s sitting in a closet somewhere running payroll. The rationale is that it \u201cworks perfectly fine,\u201d and shouldn\u2019t be cause for concern. Security, management overhead, and costs are concerning.<\/p>\n\n\n\n

Impacts of IT Sprawl<\/h2>\n\n\n\n

Sprawl can determine the course of your IT department\u2019s day-to-day work and lead to higher costs. Effort is sunk into activities that don\u2019t deliver payback or help to achieve priorities. <\/p>\n\n\n\n

TCO Will Rise<\/h3>\n\n\n\n

As an IT professional, it may not feel like financial projection falls under your scope of work, but IT decisions that don\u2019t account for total cost can drive you to commit to projects your company can\u2019t support and eat up your budget<\/a> while doubling down on ineffective initiatives. In addition, you may not have the right tools in place to fully understand (and communicate) the total cost of ownership (TCO) of your existing environment. <\/p>\n\n\n\n

\n

Use this TCO calculator<\/a> to reduce the cost of your stack.<\/p>\n<\/blockquote>\n\n\n\n

Let\u2019s face it: some things sit on the shelf as licenses gather dust and waste budget that would be better spent on something else. Several solutions may overlap and do the exact same thing. That\u2019s especially true in the realm of security software where something you\u2019ve already bought might do exactly what you need.<\/p>\n\n\n\n

Admins\u2019 Lives Becomes More Difficult<\/h3>\n\n\n\n

Having many consoles and many things to learn and train for creates a poor user experience (UX) for admins. Wasted time and management overhead will negatively impact your ability to modernize.<\/p>\n\n\n\n

Shadow IT Raises Risks<\/h3>\n\n\n\n

Shadow IT breaks down the environment you\u2019ve carefully constructed, circumventing prescribed systems and reducing visibility and control of infrastructure. The potential for misconfiguration, the usage of default administrative credentials, and other problems slowly rise. Rogue applications are also unvetted for supply chain risks and\/or compliance. Every new application is a potential attack surface area for cyber criminals to exploit.<\/p>\n\n\n\n

Failure to account for vital line of business applications makes disaster recovery planning exceedingly difficult and calculations such as maximum tolerable downtime wholly inaccurate. It cascades from there, with known unknowns<\/em> for metrics such as Mean Time to Repair and Mean Time between Failures being completely unaccounted for. That\u2019s not to mention potential data loss, or even the mishandling of data that could be company confidential or private. Always keep in mind that data compliance fines can cost you.<\/p>\n\n\n\n

How to Reverse Sprawl<\/h2>\n\n\n\n

It may feel like the path to reducing and managing IT sprawl is bigger, and riskier, then maintaining the course of your current strategy. Or, you want to make a change, but it\u2019s difficult to get the proper buy-in you need to do so. This is because the negative impact of IT sprawl can be a bit deceiving, especially when the TCO of your stack isn\u2019t fully accounted for.<\/p>\n\n\n\n

It\u2019s beneficial (and better UX) to strategically integrate your systems, which can become \u201csmarter\u201d from the inclusion of salient information about user identities and when the user lifecycle begins and ends. You can also make your life easier through IT automation.<\/p>\n\n\n\n

Steps for reversing sprawl include:<\/p>\n\n\n\n