If your company uses cloud computing vendors such Amazon Web Services (AWS), Azure, IBM Softlayer or Google GCP in any significant capacity, you probably some rogue clouds. Even if you don’t think your company does cloud, you may have a rogue cloud instance or two. What are rogue clouds? These are clouds that are operating under the radar of the formal IT department, or perhaps authorized clouds that have spun out of control either via costs or in taking over functions they aren’t approved to do. Any of these situations sound familiar? Then you probably have rogue clouds.
Cloud computing offers some big advantages over traditional infrastructure. It’s easy to set up cloud deployments, as opposed to procuring, configuring and installing hardware in a data center. The cloud cost model offers an operating expense versus large, up-front capital costs. And the cloud is hard to beat for scalability, redundancy and accessibility. However, if not well tended, those monthly expenses can balloon quickly and wipe out any cost savings. If clouds are operating outside IT, they might be violating privacy, security and compliance standards, as well.
How do you know if you have a rogue cloud?
If you are getting a bill from a cloud vendor like AWS or Azure and you can’t fully account for all the charges, it’s likely you have some rogue clouds out there. Perhaps some developers spun up a few instances for testing and forgot to shut them down. Or perhaps a department wanted to put up a web server or other application server and found it easier to use AWS than to run it through the budgeting and IT approval process. They may have had good intentions but we all know that good intentions pave the road to a hot and fiery place.
What should you do with rogue clouds?
So once you suspect that you have them, how do you find rogue clouds in your infrastructure? And more importantly, how do you avoid them in the first place?
First things first, are you getting your cloud services from a managed provider? Trying to interpret a raw AWS bill is old school, and not in a good way. You’re liable to have difficulty deciphering all the data contained in that bill. A good cloud managed partner (full disclosure: Codero is one) can provide more detailed billing and help decipher those charges for you. This will make it much easier to track down unauthorized cloud services. You’ll also be able to see servers or services that are running amok and jacking up your bill. AWS has its own built-in tool called Trusted Advisor that can analyze your account for any areas for improvement. There are also third party services and tools (such as BitTitan) that can help.
Banishing rogue clouds
Having a strong written policy on cloud computing is a must. This helps stakeholders understand the process for requisitioning cloud services and outlines compliance processes that maintain corporate standards and security. Streamlining the process for ordering and using cloud services within the organization also makes it more likely that people will color within the lines. As far as good technical controls to prevent rogue clouds, those are still limited due to the disconnected nature of cloud computing. New applications and tools are being developed all the time – hopefully some entrepreneurial individuals are working on one right now! In the mean time, good luck and may your road never be darkened by a rogue cloud.