Вы находитесь на странице: 1из 25


Performance and productivity

Your guide to
managing cloud sprawl
What you will learn Chapters

Cloud sprawl is the reality for most Introduction

What to do about a sprawling cloud
companies today. This e-book will help
01 Safeguard your enterprise with end-to-end security
you rethink your approach to managing
02 Protect all your data, everywhere
multiple cloud services by adopting an
03 Bridge the gap between apps and infrastructure
intelligent, modern solution to help secure
04 Change the game with automation and configuration
and control your cloud resources. Key
05 Governance made easy
idea statements at the beginning of each Case study
chapter summarize the takeaways. Hybrid cloud management in the real world: the IHG story



What to do about a sprawling cloud

If your company is adopting a hybrid cloud model—keeping some workloads

on-premises while moving others to the cloud—you’re already aware that cloud
computing is key to driving new levels of agility, innovation, and cost savings.
But at the same time, some businesses transitioning to the cloud are seeing a
corresponding proliferation, or sprawl, of cloud-based services that are often
uncontrolled and unmonitored—and often, unsanctioned. Both IT and lines of
business can contribute to sprawl, as they work independently or together to
engage cloud services.
Performance and productivity: your guide to managing cloud sprawl 2

What keeps IT up at night:

Security challenges in the hybrid cloud
A recent survey of over 2,000 IT professionals revealed the top
three cloud security challenges they’re concerned about.

51 %

49 %

visibility to
% infrastructure


Besides the inefficiencies created by running rogue In a world where multiple cloud instances and
apps or excessive workloads, cloud sprawl can also on-premises servers can exist within one IT
amplify security risks—and in the C-suite, that’s a organization, protecting against security threats
cause for concern. A recent survey indicated that becomes increasingly complex. More workload
61 percent of CEOs worry that security issues pose owners mean more devices to monitor, more apps
a threat to growth.2 and data backups to manage, more potential for
data loss. And for most companies operating in a
hybrid cloud environment, increased complexity is
viewed as the number one challenge.3
Performance and productivity: your guide to managing cloud sprawl 3

Point solutions can help solve specific security manage and monitor all aspects of your cloud’s
needs as they come up, but they don’t address the security and performance.
big picture. In fact, adding point solutions often
places additional responsibility on security teams As IT spend on cloud-based infrastructure
who are already overburdened managing their continues to rise, addressing cloud sprawl now with
existing infrastructure. a powerful, integrated approach to management
and security can save you headaches down the
A modern solution that answers the challenges of road. By focusing on a solution that provides
cloud sprawl needs to be holistic. You must be able visibility and control across all of your resources,
to see across your entire hybrid environment— you will reduce operational complexity—and risk.
every workload, app, and endpoint—to proactively

60 %
60% of IT spend will be on cloud-based
$ infrastructure by 2020.4
Performance and productivity: your guide to managing cloud sprawl 4

Managing cloud sprawl:

A 5-part approach
In a hybrid cloud environment, you need
visibility across all of your resources to have
true control. An integrated, cloud-native
solution can provide the insights you need Protection against
business disruption
to fix issues faster, and to manage the risks
Back up your data and meet
introduced by cloud sprawl. compliance requirements to keep
your most important information
available during a disaster.

Monitor in real time

Security insights that reveal
Get deep visibility across
internal and external threats
your entire hybrid
See what’s happening 24/7 with environment using insights
continuous, end-to-end security based on built-in analytics
assessment and threat detection to and machine learning.
defend against evolving threats.

Manage configuration
Governance across your
at scale
hybrid environment
Apply fixes, make updates,
Establish guardrails for
and address configuration
compliance and drive
drift by implementing
accountability with policy-
automated policies.
based management and cost

In the following chapters, you’ll learn how an integrated approach to security,

protection, monitoring, configuration, and governance can help your organization
manage cloud sprawl and achieve a more efficient hybrid cloud.

Chapter 01

Safeguard your enterprise

with end-to-end security
Key idea: In a hybrid cloud environment, a strategic and holistic approach to security keeps
your infrastructure and your data assets safe, while providing full visibility and control.

Today’s security threats are relentless, and attacks—whether internal or external. And in
rapidly evolving. Your organization needs a a hybrid environment, it’s essential to have
comprehensive “always on” and “assume breach” actionable insights that allow you to respond to
strategy in place to be prepared for the inevitable incidents quickly.
Chapter 01: Safeguard your enterprise with end-to-end security 6

Clouds on the horizon:

Biggest cloud security threats,

according to security pros 5

44 %
Hijacking of accounts

Unauthorized access

Insecure interface/APIs
33 %
External sharing of data

A truly integrated, end-to-end infrastructure security solution gives you a unified view of all your machines,
networks, and services, allowing you to protect your environment proactively, and reactively. When you
have a holistic understanding of your security posture, you can:
• Remediate against vulnerabilities
• Make ongoing assessments and recommendations
• Rapidly deploy built-in security controls
• Integrate existing processes, tools, and partner solutions
• Reduce attack surface with predictive analytics
• Centrally manage security policies

What’s at stake?

of organizations are storing
some or all of their sensitive
data in the public cloud7

87 % 23.2
of CIOs see encrypted threats per month8
network traffic as a threat6

The information you need, when you need it

Safeguarding all of your workloads, apps, and data can’t happen without broad
visibility into all processes at all times. Unlike traditional on-premises solutions,
a cloud-native security solution lets you see your entire ecosystem and provides
powerful analytics and real-time insights. You get the answers you need to keep your
enterprise up and running, and you’re able to detect threats and take action before
they can cause damage.

Security checkpoints

Are all your cloud Are you monitoring Are you able to respond to
resources protected? for threats 24/7? a threat immediately?

Chapter 02

Protect all your data, everywhere

Key idea: Business continuity involves data protection. In a hybrid environment, the ability
to control all of your data resources across platforms is fundamental to protecting your
enterprise against costly data loss and downtime.

Data is your organization’s most critical asset, and business, regulatory, or legal requirements. And in
data protection is one of the top challenges that an era of anytime, anywhere computing, your users
IT must constantly solve for. Downtime reduction and customers expect your apps and processes
and avoiding data loss are essential for business to run 24/7—on-premises and in the cloud—
continuity, and protecting historical data from regardless of platform or physical location.
system or human error is typically mandated by
Chapter 02: Protect all your data, everywhere 9

By the numbers:
Just how vulnerable is your data?

of companies that

lost their datacenter
$ for 10-plus days due
to a disaster filed for
average cost of data bankruptcy within one
breach per day9 year of the disaster10

159Mdata records containing

sensitive information
compromised in 201511

records lost or stolen
in H1 201612 3.04M
records compromised
every day13
Chapter 02: Protect all your data, everywhere 10

In the event of a disruption—if an application Choosing a platform that provides integrated

becomes unavailable, or if your backup protocols management and security across cloud and on-
don’t allow for easy data recovery, trouble premises resources can help simplify complexity in
can escalate quickly. In addition, the cost and a modern hybrid cloud environment, meeting both
complexity of protecting data assets continues to the application availability and data protection
increase as data itself grows exponentially. needs of today’s organizations. A comprehensive
solution should consider requirements such as:
Traditional approaches and piecemeal solutions • Robust backup, and disaster recovery that
don’t allow you to cover your entire environment provides for failover of on-premises workloads,
and take control of your data resources. What’s preventing downtime and disruption during
needed is a robust management solution that allows a disaster
you to create customized backup and disaster • Replication of virtual machines to increase
recovery options to protect your data in the cloud, compliance and application availability
and on-premises. In the event of a disruption, this • Built-in protection against ransomware
approach can accelerate recovery times and help • Pay-as-you-go with no secondary site
you avoid costly downtime. Given the enormous resource costs
cost of downtime, rapid recovery is vital. • Meeting or exceeding industry standards
and regulation compliance

Application checkpoints
Are you running mission-critical apps
in the cloud?

Do they have high availability?

Are they automatically backed up?

How quickly can you restore or

recover your data if needed?

Chapter 03

Bridge the gap between

apps and infrastructure
Key idea: When you have visibility into all of your assets—from infrastructure all the way
down to a single line of code—it’s easier to separate the noise from the important data and
focus on what matters.

Applications drive business KPIs and end user code level, or deeper within the infrastructure,
interactions that must be understood and and it’s difficult to see holistic performance metrics
managed. Visibility is the challenge: you can’t fix across your entire hybrid ecosystem.
what you can’t see. Problems can reside at the
Chapter 03: Bridge the gap between apps and infrastructure 12

But insight into your IT systems and processes performance and usabillity of your apps and
is about more than having a tool to provide services, making deep analyses and gaining
dashboards or reports. It’s about improving the insights from all of your on-premises, cloud, and
multi-vendor solutions.

A closer look at monitoring

application performance in the
hybrid cloud

Machine learning also plays a role in managing

and controlling application performance. An
application performance solution enabled by
machine learning makes it possible to continuously
analyze application telemetry in the context of
The power of insight: overall cloud behavior. Notifications and alerts
a hybrid cloud based on actual usage data help you fine-tune
management checklist as often as needed—and ultimately control how
to do so with the least amount of downtime.
With a holistic perspective, you’re able to
manage the big picture across cloud, on- From failed requests to new feature releases,
premises, and multi-vendor environments. performance insights give you a heads-up about
• Collect and correlate data with simple critical application issues. Insight into actual usage
search and built-in visualizations lets you see where the bottlenecks are, and how
• Detect anomalies and abnormalities in response times vary. When you know how much
usage patterns CPU, network, disk, and other resources are being
• Determine resource availability used, and which code slows down your system, you
• Discover and map dependencies can easily identify the problems and deploy a fix.
• Troubleshoot issues in real time
• Monitor and back up virtual machines Simply stated, to manage your hybrid cloud with
• Access individual files authority, you need to be able to keep track of
what is happening—everywhere.
Chapter 03: Bridge the gap between apps and infrastructure 13

Dependency-aware monitoring:
Linking apps and infrastructure
Using an application and IT service dependency mapping tool, you can automatically discover relationships
and dependencies between IT components to help you accelerate troubleshooting and root case analysis.
With an up-to-date view of dependencies, you can expedite your app and workload migrations, whether
you are migrating to the cloud or other destinations.

App tier

Web tier Tomcat

DB tier
Contoso app pool
Contoso app pool

Chapter 03: Bridge the gap between apps and infrastructure 14

Better monitoring means Monitoring checkpoints

better management
Are you able to automatically pull
As you look into the best ways to data together on a regular basis?
monitor your hybrid environment, you
Can you see dependencies for
should take into account your ability to:
servers across environments?
• See across networks into How often do you conduct a
infrastructure—even down to the “health check” of your environment?
code level
• Gather data from multiple sources in
the cloud and on-premises
• Search and query at cloud scale
• Discover and map app and network
• Generate predictive analytics
to help you make prioritized

With this integrated approach to hybrid

cloud management, it’s possible to
make data-driven decisions that keep
business moving forward, with less
friction, more precision—and bottom
line results.

Chapter 04

Change the game with

automation and configuration
Key idea: Process automation, configuration, update management, and change tracking
simplify cloud management and accelerate the time it takes to onboard your cloud or
datacenter tools and resources.

Automation is a powerful antidote to complexity. to manually manage configuration tasks across

There’s no substitute for swapping out manual multiple platforms, you can get up and running
tasks for automated processes—and hybrid cloud quickly with tools that are built for the demands of
management is no different. Instead of trying a hybrid environment.
Chapter 04: Change the game with automation and configuration 16

In a traditional datacenter environment, manual out-of-the-box dashboards and queries that can
hotfixes are common—but often result in be configured to execute whenever you receive
numerous “snowflake” servers that can’t be an alert, instead of relying on administrators to
managed or replicated. This problem is avoided find and fix the same issues every time they occur.
in the cloud, where you can automate common There’s no code to write, and integration is vastly
processes using configuration management. less complicated with smart automation tools that
It is much simpler to use built-in policies and are ready to go.

Six benefits of automation and control in the hybrid cloud

Take immediate action in response to alerts or log search queries:

Automated remediation trigger runbooks on demand, automatically, or from your own

Reduce recovery time objectives: use repeatable runbooks in disaster

Orchestrated recovery recovery plans; customize groups and create recovery sequences for
multi-tier applications and checkpoints.

Save time and effort: use pre-built runbooks and automation

Integrated solutions
modules; leverage out-of-the-box partner integrations and solutions.

Avoid configuration drift: apply, monitor, automatically update

Consistent configuration
desired app state and infrastructure resources.

Reduce complexity: use insights into workload dependencies

Intelligent patching and time estimates; run group and sequence updates with owner
approvals without unplanned downtime.

Enable compliance reporting: correlate changes and understand

Change monitoring
application dependencies faster with universal change tracker.
Chapter 04: Change the game with automation and configuration 17

In other use cases, you could easily automate

password reset, implement virtual machines for a
Dev environment, or schedule and deploy patches
for Windows and Linux. There are many ways Organizations with automated
to save time managing at scale with integrated monitoring and management
configuration tools that allow you to:
solutions have a 50% reduction in
• Onboard quickly
the time administrators spend on
• Add new servers, or connect to your existing
management tools day-to-day operations.
• Apply and monitor configurations and fix
– EMA Research Report:
configuration drift without manual intervention
“Data Center Automation in the Age of Cloud”14
• Configure servers with the right policies
and procedures
• Maximize efficiency with deep analytics and
machine learning
• Leverage extensible solutions

Deliver more consistency

You can deliver more consistent service to your enterprise when you’re able to apply,
configure, and deploy automated processes in your heterogeneous environments.
An integrated management solution with configuration capabilities substantially
reduces downtime, improves time-to-value, and finds and fixes issues that can
adversely impact your operations.

Chapter 05

Governance made easy

Key idea: Hybrid cloud requires a modern, integrated solution for governance that allows
you to create consistent policies and processes and, at the same time, monitor the costs
associated with your cloud investment.

In a hybrid cloud model, you need a consolidated Using a holistic solution, you can deploy out-
view of your IT architecture in order to implement of-the-box dashboards, queries, control, and
consistent policies that will support compliance. policies to address a broad range of compliance
Traditional policy management tools simply and governance issues, including access, logging,
aren’t designed for the complex world of auditing, and reporting. You’re able to create truly
cloud computing. flexible policies—defining by workload what you
can and can’t do—that can be monitored, checked,
and adjusted as issues arise.
Chapter 05: Governance made easy 19

Monitoring cloud spend

To make informed decisions about allocating your
cloud resources, look for opportunities to:

• Detect anomalies and inefficiencies

and make corrections
• Eliminate idle resources
• Forecast future spend
• Produce chargeback and showback reports
• Use role-based access to surface data
and insights
• Right-size your virtual machines
• Improve management of virtual machine
Do you have a policy for that? reserved instances

A sample list of activities that you should

have policies for:

• Allowed locations
• Allowed resource types
Under control and good to go
• Allowed storage account SKUs
Control, convenience, efficiency, and
• Allowed virtual machine SKUs
• Apply tag and default value
reducing overall infrastructure maintenance
• Enforce tag and value costs are just some of the benefits you
• Deny creation of public IP addresses can achieve in your hybrid cloud with an
• Require storage account encryption integrated management solution. Cloud-
native tools—based on data intelligence
and machine learning—offer policies that
are “good to go” at the time of setup.
There’s really no need to reinvent the wheel
or rely on manual processes when you
implement a management solution that’s
made for the cloud.

Case study

Hybrid cloud management

in the real world: the IHG story
The customer The challenge
IHG (InterContinental Hotels Group) is one of the IHG adopted a hybrid cloud model to better align
world’s leading hotel companies, with 350,000 IT practices with its broader business goals. As
employees, and more than 5,200 properties in part of that realignment, IHG’s Global Technology
almost 100 countries. The company has a deep IT focused on standardizing as many of IHG’s
commitment to innovation and a long history of IT functions as possible, with the goal of using
investing in technology. standard solutions worldwide that can be tailored
to local needs.

The Azure solution

A positive experience with StorSimple—which
Our leadership believes in a accessed Azure Blob storage—led IHG to consider
Azure security and management services to meet
cloud-first model, and the
its cloud and hybrid use cases. Azure security
technology stack we’re using and management services provided IHG with a
in Azure enables us to do that. holistic, global view, with a minimal amount of
administrative effort.
– Adeel Abbas, Manager, Global
Technology Enterprise Systems, IHG
Hybrid cloud management in the real world: the IHG story 21

“We deployed a single agent and then

immediately, with very little time spent by an
administrator or engineer, we saw information such
as patch levels of the servers and Active Directory
replication issues on a worldwide basis,” says Jason Digital transformation means
Roth, Senior Engineer on the Global Technology giving us the speed to market
Enterprise Systems team. “The turnaround time
that guests expect and, in
from logging in to the operations management
my mind, it’s a total game-
web console and having actionable information
available was the same day. It amazed me that changer when we can make a
it was so useful, so quickly. Global infrastructure positive impact on the digital
metrics that were difficult to aggregate before world of a guest.
suddenly appeared once we deployed an agent,
which really appealed to us.” – Andy Smith, Vice President, Global Technology
Infrastructure and Operations, IHG

Ease of use and scalability

The Azure Automation and Control service has
had a significant impact, offering the capability
for technicians to write code and place it into environments. “We answer queries, collect
a runbook in Azure. IHG’s technology team is information, and have dashboards showing us
now storing that code and making it available near-real-time DNS server performance,” says
throughout IT. “This allowed us to provide an API Roth. “The system shows us account lockouts,
for automated Active Directory tasks that could failed logins, and similar information.”
be called from our open source or non-Windows
systems,” says Roth. In the end, it all comes back to ease of use. “IHG
Global Technology is on a journey toward an Agile
Azure has also provided an additional source of DevOps style of managing our applications,” says
information, especially with Azure Insight and Roth. “Tools that deploy easily, scale infinitely,
Analytics, which helps collect and analyze data and provide metrics we can use to perform our
generated by resources in cloud and on-premises changes in near-real time are incredibly valuable.”

As more and more cloud services are being adopted by organizations—both on
the IT side and the business side—complexity has increased, making it a challenge
to manage a sprawling cloud environment.

The best way to manage cloud sprawl is with a

centralized integrated security and management New solutions: what can Azure
solution that offers end-to-end visibility and security and management do
control across all of your cloud resources. Point for your business?
solutions can’t offer this—they lack the holistic view
that is essential to understanding the big picture. • Provide built-in threat intelligence and
rule-based detections
• Easily assess potential security issues
In fact, an integrated approach to security and
across systems
management should be the core of your cloud
• Protect against data loss and downtime
strategy. Without full insight into your entire IT with flexible backup and failover options
ecosystem, you run the risks of downtime, data • Troubleshoot and resolve issues faster by
loss, and numerous operational inefficiencies. integrating log data from multiple sources
• Bring your data to life with real-time
As you evaluate your options, review the concepts monitoring and diagnostics visualization
we’ve discussed in this e-book—security, • Use enterprise-class intelligence, such as
protection, monitoring, configuration, and smart recommendations and automation
capabilities, to iterate and make
governance—and understand the role that each
plays in keeping your enterprise secure.

We invite you to explore further, and Get secure. Start today.

learn how Azure security and operations
management can help you identify, Do you have security, backup, and
plan, and execute on your security and monitoring for each of your production
management goals as part of a larger virtual machines? Try these three
hybrid cloud strategy. services now:

Hands-on labs Azure Security Center

Try Azure Azure Monitor
Azure Backup
Cloud Passage. “Cloud Security 2016 Spotlight Report.” 2016. P.22
PWC. “Redefining business success in a changing world.” 19th Annual Global CEO Survey. January 2016. P.6
Microsoft. “State of the Hybrid Cloud 2017.” P.6
IDC FutureScape: Worldwide Cloud 2016 Predictions (cited in messaging doc)
Cloud Passage. “Cloud Security 2016 Spotlight Report.” 2016. P.20
VansonBourne. “2016 CIO Study Results – The Threat to Our Cybersecurity Foundation.” 2016. P.2
Skyhigh. “12 Must-Know Statistics on Cloud Usage in the Enterprise.”
UBM. “2016 Cybersecurity Trend Report.” December 2015. P.5
Boston Computing Network. Citing stats from National Archives & Records Administration.
Gemalto. “Data breach statistics 2016: First half results are in.” September 20, 2016.
Microsoft. “Operations Management Suite Automation & Control.” 2016.

© 2017 Microsoft Corporation. All rights reserved. This document is provided “as-is.” Information and views expressed in this document, including URL and
other Internet Web site references, may change without notice. You bear the risk of using it. This document does not provide you with any legal rights to any
intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.