Cloud sprawl: how best to manage your cloud instances

If your growing business leans too far into the cloud, it could lead to the major unintended consequence of cloud sprawl

Keumars Afifi-Sabet's avatar
Rene Millman's avatar
By ,
last updated
in Features
A CGI image of stacked cloud layers to represent cloud sprawl, shown as blue glass layers with a cloud on them, surrounded by cloud symbols on a grey and white background.
(Image credit: Getty Images)

The cloud has been an undoubtedly transformative force for businesses over many years, and even organizations tapping into its potential for the first time are realizing its benefits anew. But can there ever be too much of a good thing?

Spending on cloud computing is only going in one direction, totalling $723.4 billion in 2025 per Gartner (up from $595.7 billion the previous year), and it won't slow down anytime soon. But cloud sprawl can be an unfortunate side effect – an unintended consequence – of an organization's cloud transformation journey. While there are plenty of risks and downsides to not embracing cloud computing, going too hard and too fast could lead to an untamed spiraling of cloud resources that might lead to future problems – including rising cloud storage costs and cybersecurity concerns.

This has long been a problem – it's one as old as cloud computing itself. It's something Steve Rosenbush flagged as a problem when writing in the Wall Street Journal (WSJ) just over 11 years ago, manifesting as businesses unaware and unable to retain control over which cloud services employees use. But what does cloud sprawl look like today, and how does a business mitigate the risks and reverse its fortunes? More importantly, how does an organization take back control of its IT estate?

What is cloud sprawl?

Cloud sprawl is the proliferation and expansion of allocated cloud resources beyond the hard limits at which they can be managed. In other words, when cloud resources go beyond the scope of visibility by IT management they effectively slip into the realm of shadow IT. Crucially, this is unintended, meaning an organization will have lost an element of control over its IT estate – whether that means the full breadth of cloud provision can't be measured accurately or simply if a swathe of software licenses aren't being used.

Latest Videos From

“Cloud sprawl refers to the uncontrolled and unmanaged growth of cloud resources within an organization," says Charlie Dai, Forrester VP principal analyst. "While in 2024, cloud has become a three-dimensional ecosystem driving architecture modernization, workload decentralization, and platform-driven innovation, which means cloud sprawl can happen across all tech domains in the cloud, such as generative AI.”

Although it could affect all kinds of cloud services, it's most prevalent in software as a service (SaaS) and infrastructure as a service (IaaS) models, according to Crowdstrike. The simple reason is that it's so easy and quick to deploy these kinds of services in today's age. Take services like Microsoft 365, for example, for which it's easy to scale up and take out new licenses. How can you be so sure that all these services are being used?

What are the main risks of cloud sprawl?

Dai tells ITPro the key risks include the creation of unnecessary and redundant resources – which will in turn lead to increased costs, reduced efficiency, and potential security and privacy risks.

Consuming more cloud resources inevitably leads to higher outgoings, which is especially a problem if these resources are being underutilized or used inefficiently. Your business may end up paying for SaaS licenses (think Microsoft or Adobe services, for example) that aren't being used – but that employees may have requested at one time or another in the distant past. There are, thankfully, ways to keep rising costs down – but requires several measures to identify and mitigate such overspending.

There is also the natural added complexity that comes with taking out so many services. This would require dedicated resources, in terms of staffing, as well as organizational workflows and time. This may also lead to compliance challenges, according to Revology, which becomes a pertinent issue especially if you're operating with different regional requirements across the portfolio. This is a particular issue with a sprawling cloud setup.

Security risks may also arise given the scale and complexity of the organization's cloud portfolio. If there are more instances and services, there are more points of failure and scope for vulnerabilities – especially in a sprawling IT estate that's internet-facing.

What causes cloud sprawl?

There are several possible causes behind cloud sprawl including decentralized management, a lack of proper and rigorous governance and going too fast to deploy services without doing the due diligence. "This phenomenon is often driven by a lack of governance, inadequate resource management practices, and a lack of visibility into the organization's cloud usage," Dai adds.

The lack of visibility is a particular issue – especially in a large or growing organization. If the perimeter is expanding at a very fast pace, it may be particularly difficult to stay on top of every asset or service that's been acquired for new and varying demand. Shadow IT has been an issue for years and years – but it's more complex if you're a cloud-first organization or even one that's embracing cloud-native applications. In a similar way, procuring services in a decentralized way won't be conducive to retaining control and ensuring the business' engagement with the cloud is manageable and within reason.

How can you mitigate cloud sprawl?

Mitigating this issue comes in two branches; there is avoiding the effects of cloud sprawl and reversing this process, and taking preventative measures to stop it from happening in the first place – or from your cloud-facing IT estate from spiraling out of control again.

Conducting regular cloud audits is particularly key to identifying whether your operations might be anchored by cloud sprawl – and is key to gaining visibility on redundant or inefficient cloud usage. It's also key to track costs and usage metrics; spending a lot on cloud computing isn't bad in and of itself if there is efficiency and return on investment, but redundant spending and wastage must be avoided.

But what if things are already out of hand? There are several remediation strategies, according to Digital Craftsmen, including scaling resources up and down to match needs, creating a new tagging system to categorize and identify resources, as well as introducing automation – which can provision and de-provision based on data rather than manaully.

“To mitigate cloud sprawl, organizations should strategically invest in FinOps practices," advises Dai. "They should implement effective cloud governance policies, regularly review and optimize their cloud resources, and ensure that they have the necessary tools and processes in place to manage their cloud environment effectively.”

Rene Millman
Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.

Latest
  • Artificial intelligence (AI) concept image showing a digitized cube with 'AI' written on it resting on top of circuit boards.
    Destination AI

    Sponsored Con l'accelerazione dell'adozione dell''AI aziendale, i partner IT devono spostare la loro attenzione dall'hype tecnologico ai risultati aziendali tangibili, sfruttando ecosistemi strutturati per promuovere la monetizzazione a lungo termine