1

Performance and productivity

Your guide to
managing cloud sprawl
What you will learn
Cloud sprawl is the reality for most
companies today. This e-book will help
you rethink your approach to managing
multiple cloud services by adopting an
intelligent, modern solution to help secure
and control your cloud resources. Key
idea statements at the beginning of each
chapter summarize the takeaways.
Chapters
Introduction
What to do about a sprawling cloud
01 Safeguard your enterprise with end-to-end security
02 Protect all your data, everywhere
03 Bridge the gap between apps and infrastructure
04 Change the game with automation and configuration
05 Governance made easy
Case study
Hybrid cloud management in the real world: the IHG story
Conclusion
 1

Introduction

What to do about a sprawling cloud

If your company is adopting a hybrid cloud model—keeping some workloads

on-premises while moving others to the cloud—you’re already aware that cloud
computing is key to driving new levels of agility, innovation, and cost savings.
But at the same time, some businesses transitioning to the cloud are seeing a
corresponding proliferation, or sprawl, of cloud-based services that are often
uncontrolled and unmonitored—and often, unsanctioned. Both IT and lines of
business can contribute to sprawl, as they work independently or together to
engage cloud services.
Performance and productivity: your guide to managing cloud sprawl 2

What keeps IT up at night:

Security challenges in the hybrid cloud
A recent survey of over 2,000 IT professionals revealed the top
three cloud security challenges they’re concerned about.

51 %
verifying

49 %
security
policies

37
visibility to
% infrastructure
security

compliance1

Besides the inefficiencies created by running rogue
apps or excessive workloads, cloud sprawl can also
amplify security risks—and in the C-suite, that’s a
cause for concern. A recent survey indicated that
61 percent of CEOs worry that security issues pose
a threat to growth.2
In a world where multiple cloud instances and
on-premises servers can exist within one IT
organization, protecting against security threats
becomes increasingly complex. More workload
owners mean more devices to monitor, more apps
and data backups to manage, more potential for
data loss. And for most companies operating in a
hybrid cloud environment, increased complexity is
viewed as the number one challenge.3
Performance and productivity: your guide to managing cloud sprawl 3

Point solutions can help solve specific security
needs as they come up, but they don’t address the
big picture. In fact, adding point solutions often
places additional responsibility on security teams
who are already overburdened managing their
existing infrastructure.
A modern solution that answers the challenges of
cloud sprawl needs to be holistic. You must be able
to see across your entire hybrid environment—
every workload, app, and endpoint—to proactively
manage and monitor all aspects of your cloud’s
security and performance.
As IT spend on cloud-based infrastructure
continues to rise, addressing cloud sprawl now with
a powerful, integrated approach to management
and security can save you headaches down the
road. By focusing on a solution that provides
visibility and control across all of your resources,
you will reduce operational complexity—and risk.

60 %
60% of IT spend will be on cloud-based
$ infrastructure by 2020.4
Performance and productivity: your guide to managing cloud sprawl 4

Managing cloud sprawl:

A 5-part approach
In a hybrid cloud environment, you need
visibility across all of your resources to have
true control. An integrated, cloud-native
solution can provide the insights you need Protection against
business disruption
to fix issues faster, and to manage the risks
Back up your data and meet
introduced by cloud sprawl. compliance requirements to keep
your most important information
available during a disaster.

Monitor in real time

Security insights that reveal
Get deep visibility across
internal and external threats
your entire hybrid
See what’s happening 24/7 with environment using insights
continuous, end-to-end security based on built-in analytics
assessment and threat detection to and machine learning.
defend against evolving threats.

Manage configuration
Governance across your
at scale
hybrid environment
Apply fixes, make updates,
Establish guardrails for
and address configuration
compliance and drive
drift by implementing
accountability with policy-
automated policies.
based management and cost
optimization.

In the following chapters, you’ll learn how an integrated approach to security,

protection, monitoring, configuration, and governance can help your organization
manage cloud sprawl and achieve a more efficient hybrid cloud.
 5

Chapter 01

Safeguard your enterprise

with end-to-end security
Key idea: In a hybrid cloud environment, a strategic and holistic approach to security keeps
your infrastructure and your data assets safe, while providing full visibility and control.

Today’s security threats are relentless, and attacks—whether internal or external. And in
rapidly evolving. Your organization needs a a hybrid environment, it’s essential to have
comprehensive “always on” and “assume breach” actionable insights that allow you to respond to
strategy in place to be prepared for the inevitable incidents quickly.
Chapter 01: Safeguard your enterprise with end-to-end security 6

Clouds on the horizon:

Biggest cloud security threats,

according to security pros 5

44 %
Hijacking of accounts

53%
Unauthorized access

39%
Insecure interface/APIs
33 %
External sharing of data

A truly integrated, end-to-end infrastructure security solution gives you a unified view of all your machines,
networks, and services, allowing you to protect your environment proactively, and reactively. When you
have a holistic understanding of your security posture, you can:
• Remediate against vulnerabilities
• Make ongoing assessments and recommendations
• Rapidly deploy built-in security controls
• Integrate existing processes, tools, and partner solutions
• Reduce attack surface with predictive analytics
• Centrally manage security policies
 7

Security:
What’s at stake?

74%
of organizations are storing
some or all of their sensitive
data in the public cloud7

87 % 23.2
cloud-related
of CIOs see encrypted threats per month8
network traffic as a threat6

The information you need, when you need it

Safeguarding all of your workloads, apps, and data can’t happen without broad
visibility into all processes at all times. Unlike traditional on-premises solutions,
a cloud-native security solution lets you see your entire ecosystem and provides
powerful analytics and real-time insights. You get the answers you need to keep your
enterprise up and running, and you’re able to detect threats and take action before
they can cause damage.

Security checkpoints

Are all your cloud Are you monitoring Are you able to respond to
resources protected? for threats 24/7? a threat immediately?
 8

Chapter 02

Protect all your data, everywhere

Key idea: Business continuity involves data protection. In a hybrid environment, the ability
to control all of your data resources across platforms is fundamental to protecting your
enterprise against costly data loss and downtime.

Data is your organization’s most critical asset, and
data protection is one of the top challenges that
IT must constantly solve for. Downtime reduction
and avoiding data loss are essential for business
continuity, and protecting historical data from
system or human error is typically mandated by
business, regulatory, or legal requirements. And in
an era of anytime, anywhere computing, your users
and customers expect your apps and processes
to run 24/7—on-premises and in the cloud—
regardless of platform or physical location.
Chapter 02: Protect all your data, everywhere 9

By the numbers:
Just how vulnerable is your data?

$
93%
of companies that

21.2K
lost their datacenter
$ for 10-plus days due
to a disaster filed for
average cost of data bankruptcy within one
breach per day9 year of the disaster10

159Mdata records containing

sensitive information
compromised in 201511

554M
records lost or stolen
in H1 201612 3.04M
records compromised
every day13
Chapter 02: Protect all your data, everywhere
In the event of a disruption—if an application
becomes unavailable, or if your backup protocols
don’t allow for easy data recovery, trouble
can escalate quickly. In addition, the cost and
complexity of protecting data assets continues to
increase as data itself grows exponentially.
Traditional approaches and piecemeal solutions
don’t allow you to cover your entire environment
and take control of your data resources. What’s
needed is a robust management solution that allows
you to create customized backup and disaster
recovery options to protect your data in the cloud,
and on-premises. In the event of a disruption, this
approach can accelerate recovery times and help
you avoid costly downtime. Given the enormous
cost of downtime, rapid recovery is vital.
Application checkpoints
Are you running mission-critical apps
in the cloud?
Do they have high availability?
Are they automatically backed up?
How quickly can you restore or
recover your data if needed?
10
Choosing a platform that provides integrated
management and security across cloud and on-
premises resources can help simplify complexity in
a modern hybrid cloud environment, meeting both
the application availability and data protection
needs of today’s organizations. A comprehensive
solution should consider requirements such as:
• Robust backup, and disaster recovery that
provides for failover of on-premises workloads,
preventing downtime and disruption during
a disaster
• Replication of virtual machines to increase
compliance and application availability
• Built-in protection against ransomware
• Pay-as-you-go with no secondary site
resource costs
• Meeting or exceeding industry standards
and regulation compliance
 11

Chapter 03

Bridge the gap between

apps and infrastructure
Key idea: When you have visibility into all of your assets—from infrastructure all the way
down to a single line of code—it’s easier to separate the noise from the important data and
focus on what matters.

Applications drive business KPIs and end user code level, or deeper within the infrastructure,
interactions that must be understood and and it’s difficult to see holistic performance metrics
managed. Visibility is the challenge: you can’t fix across your entire hybrid ecosystem.
what you can’t see. Problems can reside at the
Chapter 03: Bridge the gap between apps and infrastructure
But insight into your IT systems and processes
is about more than having a tool to provide
dashboards or reports. It’s about improving the
The power of insight:
a hybrid cloud
management checklist
With a holistic perspective, you’re able to
manage the big picture across cloud, on-
premises, and multi-vendor environments.
• Collect and correlate data with simple
search and built-in visualizations
• Detect anomalies and abnormalities in
usage patterns
• Determine resource availability
• Discover and map dependencies
• Troubleshoot issues in real time
• Monitor and back up virtual machines
• Access individual files
12
performance and usabillity of your apps and
services, making deep analyses and gaining
insights from all of your on-premises, cloud, and
multi-vendor solutions.
A closer look at monitoring
application performance in the
hybrid cloud
Machine learning also plays a role in managing
and controlling application performance. An
application performance solution enabled by
machine learning makes it possible to continuously
analyze application telemetry in the context of
overall cloud behavior. Notifications and alerts
based on actual usage data help you fine-tune
as often as needed—and ultimately control how
to do so with the least amount of downtime.
From failed requests to new feature releases,
performance insights give you a heads-up about
critical application issues. Insight into actual usage
lets you see where the bottlenecks are, and how
response times vary. When you know how much
CPU, network, disk, and other resources are being
used, and which code slows down your system, you
can easily identify the problems and deploy a fix.
Simply stated, to manage your hybrid cloud with
authority, you need to be able to keep track of
what is happening—everywhere.
Chapter 03: Bridge the gap between apps and infrastructure 13

Dependency-aware monitoring:
Linking apps and infrastructure
Using an application and IT service dependency mapping tool, you can automatically discover relationships
and dependencies between IT components to help you accelerate troubleshooting and root case analysis.
With an up-to-date view of dependencies, you can expedite your app and workload migrations, whether
you are migrating to the cloud or other destinations.

App tier

Web tier Tomcat

DB tier
23.96.42.1
Contoso app pool
MySQL
23.96.31.1
23.96.42.5
SharePoint
23.96.42.2
Contoso app pool

23.96.31.2

Tomcat

23.96.42.3
Postgres

23.96.42.5
Chapter 03: Bridge the gap between apps and infrastructure 14

Better monitoring means Monitoring checkpoints

better management
Are you able to automatically pull
As you look into the best ways to data together on a regular basis?
monitor your hybrid environment, you
Can you see dependencies for
should take into account your ability to:
servers across environments?
• See across networks into How often do you conduct a
infrastructure—even down to the “health check” of your environment?
code level
• Gather data from multiple sources in
the cloud and on-premises
• Search and query at cloud scale
• Discover and map app and network
connections
• Generate predictive analytics
to help you make prioritized
recommendations

With this integrated approach to hybrid

cloud management, it’s possible to
make data-driven decisions that keep
business moving forward, with less
friction, more precision—and bottom
line results.
 15

Chapter 04

Change the game with

automation and configuration
Key idea: Process automation, configuration, update management, and change tracking
simplify cloud management and accelerate the time it takes to onboard your cloud or
datacenter tools and resources.

Automation is a powerful antidote to complexity. to manually manage configuration tasks across

There’s no substitute for swapping out manual multiple platforms, you can get up and running
tasks for automated processes—and hybrid cloud quickly with tools that are built for the demands of
management is no different. Instead of trying a hybrid environment.
Chapter 04: Change the game with automation and configuration 16

In a traditional datacenter environment, manual
hotfixes are common—but often result in
numerous “snowflake” servers that can’t be
managed or replicated. This problem is avoided
in the cloud, where you can automate common
processes using configuration management.
It is much simpler to use built-in policies and
out-of-the-box dashboards and queries that can
be configured to execute whenever you receive
an alert, instead of relying on administrators to
find and fix the same issues every time they occur.
There’s no code to write, and integration is vastly
less complicated with smart automation tools that
are ready to go.

Six benefits of automation and control in the hybrid cloud

Take immediate action in response to alerts or log search queries:

Automated remediation trigger runbooks on demand, automatically, or from your own
datacenter.

Reduce recovery time objectives: use repeatable runbooks in disaster

Orchestrated recovery recovery plans; customize groups and create recovery sequences for
multi-tier applications and checkpoints.

Save time and effort: use pre-built runbooks and automation

Integrated solutions
modules; leverage out-of-the-box partner integrations and solutions.

Avoid configuration drift: apply, monitor, automatically update

Consistent configuration
desired app state and infrastructure resources.

Reduce complexity: use insights into workload dependencies

Intelligent patching and time estimates; run group and sequence updates with owner
approvals without unplanned downtime.

Enable compliance reporting: correlate changes and understand

Change monitoring
application dependencies faster with universal change tracker.
Chapter 04: Change the game with automation and configuration 17

In other use cases, you could easily automate

password reset, implement virtual machines for a
Dev environment, or schedule and deploy patches
for Windows and Linux. There are many ways Organizations with automated
to save time managing at scale with integrated monitoring and management
configuration tools that allow you to:
solutions have a 50% reduction in
• Onboard quickly
the time administrators spend on
• Add new servers, or connect to your existing
management tools day-to-day operations.
• Apply and monitor configurations and fix
– EMA Research Report:
configuration drift without manual intervention
“Data Center Automation in the Age of Cloud”14
• Configure servers with the right policies
and procedures
• Maximize efficiency with deep analytics and
machine learning
• Leverage extensible solutions

Deliver more consistency

You can deliver more consistent service to your enterprise when you’re able to apply,
configure, and deploy automated processes in your heterogeneous environments.
An integrated management solution with configuration capabilities substantially
reduces downtime, improves time-to-value, and finds and fixes issues that can
adversely impact your operations.
 18

Chapter 05

Governance made easy

Key idea: Hybrid cloud requires a modern, integrated solution for governance that allows
you to create consistent policies and processes and, at the same time, monitor the costs
associated with your cloud investment.

In a hybrid cloud model, you need a consolidated
view of your IT architecture in order to implement
consistent policies that will support compliance.
Traditional policy management tools simply
aren’t designed for the complex world of
cloud computing.
Using a holistic solution, you can deploy out-
of-the-box dashboards, queries, control, and
policies to address a broad range of compliance
and governance issues, including access, logging,
auditing, and reporting. You’re able to create truly
flexible policies—defining by workload what you
can and can’t do—that can be monitored, checked,
and adjusted as issues arise.
Chapter 05: Governance made easy
Do you have a policy for that?
A sample list of activities that you should
have policies for:
• Allowed locations
• Allowed resource types
• Allowed storage account SKUs
• Allowed virtual machine SKUs
• Apply tag and default value
• Enforce tag and value
• Deny creation of public IP addresses
• Require storage account encryption
19
Monitoring cloud spend
To make informed decisions about allocating your
cloud resources, look for opportunities to:
• Detect anomalies and inefficiencies
and make corrections
• Eliminate idle resources
• Forecast future spend
• Produce chargeback and showback reports
• Use role-based access to surface data
and insights
• Right-size your virtual machines
• Improve management of virtual machine
reserved instances
Under control and good to go
Control, convenience, efficiency, and
reducing overall infrastructure maintenance
costs are just some of the benefits you
can achieve in your hybrid cloud with an
integrated management solution. Cloud-
native tools—based on data intelligence
and machine learning—offer policies that
are “good to go” at the time of setup.
There’s really no need to reinvent the wheel
or rely on manual processes when you
implement a management solution that’s
made for the cloud.

Case study
Hybrid cloud management
in the real world: the IHG story
The customer
IHG (InterContinental Hotels Group) is one of the
world’s leading hotel companies, with 350,000
employees, and more than 5,200 properties in
almost 100 countries. The company has a deep
commitment to innovation and a long history of
investing in technology.
Our leadership believes in a
cloud-first model, and the
technology stack we’re using
in Azure enables us to do that.
– Adeel Abbas, Manager, Global
Technology Enterprise Systems, IHG
20
The challenge
IHG adopted a hybrid cloud model to better align
IT practices with its broader business goals. As
part of that realignment, IHG’s Global Technology
IT focused on standardizing as many of IHG’s
IT functions as possible, with the goal of using
standard solutions worldwide that can be tailored
to local needs.
The Azure solution
A positive experience with StorSimple—which
accessed Azure Blob storage—led IHG to consider
Azure security and management services to meet
its cloud and hybrid use cases. Azure security
and management services provided IHG with a
holistic, global view, with a minimal amount of
administrative effort.
Hybrid cloud management in the real world: the IHG story
“We deployed a single agent and then
immediately, with very little time spent by an
administrator or engineer, we saw information such
as patch levels of the servers and Active Directory
replication issues on a worldwide basis,” says Jason
Roth, Senior Engineer on the Global Technology
Enterprise Systems team. “The turnaround time
from logging in to the operations management
web console and having actionable information
available was the same day. It amazed me that
it was so useful, so quickly. Global infrastructure
metrics that were difficult to aggregate before
suddenly appeared once we deployed an agent,
which really appealed to us.”
Ease of use and scalability
The Azure Automation and Control service has
had a significant impact, offering the capability
for technicians to write code and place it into
a runbook in Azure. IHG’s technology team is
now storing that code and making it available
throughout IT. “This allowed us to provide an API
for automated Active Directory tasks that could
be called from our open source or non-Windows
systems,” says Roth.
Azure has also provided an additional source of
information, especially with Azure Insight and
Analytics, which helps collect and analyze data
generated by resources in cloud and on-premises
21
Digital transformation means
giving us the speed to market
that guests expect and, in
my mind, it’s a total game-
changer when we can make a
positive impact on the digital
world of a guest.
– Andy Smith, Vice President, Global Technology
Infrastructure and Operations, IHG
environments. “We answer queries, collect
information, and have dashboards showing us
near-real-time DNS server performance,” says
Roth. “The system shows us account lockouts,
failed logins, and similar information.”
In the end, it all comes back to ease of use. “IHG
Global Technology is on a journey toward an Agile
DevOps style of managing our applications,” says
Roth. “Tools that deploy easily, scale infinitely,
and provide metrics we can use to perform our
changes in near-real time are incredibly valuable.”

Conclusion
As more and more cloud services are being adopted by organizations—both on
the IT side and the business side—complexity has increased, making it a challenge
to manage a sprawling cloud environment.
The best way to manage cloud sprawl is with a
centralized integrated security and management
solution that offers end-to-end visibility and
control across all of your cloud resources. Point
solutions can’t offer this—they lack the holistic view
that is essential to understanding the big picture.
In fact, an integrated approach to security and
management should be the core of your cloud
strategy. Without full insight into your entire IT
ecosystem, you run the risks of downtime, data
loss, and numerous operational inefficiencies.
As you evaluate your options, review the concepts
we’ve discussed in this e-book—security,
protection, monitoring, configuration, and
governance—and understand the role that each
plays in keeping your enterprise secure.
We invite you to explore further, and
learn how Azure security and operations
management can help you identify,
plan, and execute on your security and
management goals as part of a larger
hybrid cloud strategy.
Hands-on labs
Try Azure
22
New solutions: what can Azure
security and management do
for your business?
• Provide built-in threat intelligence and
rule-based detections
• Easily assess potential security issues
across systems
• Protect against data loss and downtime
with flexible backup and failover options
• Troubleshoot and resolve issues faster by
integrating log data from multiple sources
• Bring your data to life with real-time
monitoring and diagnostics visualization
• Use enterprise-class intelligence, such as
smart recommendations and automation
capabilities, to iterate and make
improvements
Get secure. Start today.
Do you have security, backup, and
monitoring for each of your production
virtual machines? Try these three
services now:
Azure Security Center
Azure Monitor
Azure Backup
References
1
Cloud Passage. “Cloud Security 2016 Spotlight Report.” 2016. P.22
https://pages.cloudpassage.com/rs/857-FXQ-213/images/cloud-security-survey-report-2016.pdf
2
PWC. “Redefining business success in a changing world.” 19th Annual Global CEO Survey. January 2016. P.6
https://www.pwc.com/gx/en/ceo-survey/2016/landing-page/pwc-19th-annual-global-ceo-survey.pdf
3
Microsoft. “State of the Hybrid Cloud 2017.” P.6
https://aka.ms/stateofhybridcloud
4
IDC FutureScape: Worldwide Cloud 2016 Predictions (cited in messaging doc)
https://www.idc.com/getdoc.jsp?containerId=259840
5
Cloud Passage. “Cloud Security 2016 Spotlight Report.” 2016. P.20
https://pages.cloudpassage.com/rs/857-FXQ-213/images/cloud-security-survey-report-2016.pdf
6
VansonBourne. “2016 CIO Study Results – The Threat to Our Cybersecurity Foundation.” 2016. P.2
https://www.venafi.com/assets/pdf/wp/Venafi_2016CIO_SurveyReport.pdf
7
https://www.mcafee.com/us/solutions/lp/cloud-security-report.html
8
Skyhigh. “12 Must-Know Statistics on Cloud Usage in the Enterprise.”
https://www.skyhighnetworks.com/cloud-security-blog/12-must-know-statistics-on-cloud-usage-in-the-enterprise/
9
UBM. “2016 Cybersecurity Trend Report.” December 2015. P.5
https://techbeacon.com/resources/cybersecurity-2016-trend-report-ubm-ponemon-study?kui=caTaU3QdZeiqYFQ421ufVA
10
Boston Computing Network. Citing stats from National Archives & Records Administration.
https://www.bostoncomputing.net/consultation/databackup/statistics/
11
https://www.privacyrights.org/data-breaches
12
Gemalto. “Data breach statistics 2016: First half results are in.” September 20, 2016.
https://blog.gemalto.com/security/2016/09/20/data-breach-statistics-2016-first-half-results/
13
Ibid.
14
Microsoft. “Operations Management Suite Automation & Control.” 2016.
https://www.microsoft.com/en-us/cloud-platform/automation-and-control

© 2017 Microsoft Corporation. All rights reserved. This document is provided “as-is.” Information and views expressed in this document, including URL and
other Internet Web site references, may change without notice. You bear the risk of using it. This document does not provide you with any legal rights to any
intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.