Reducing IT Tool Sprawl
Copyright 2023, Faulkner Information Services. All
Rights Reserved.
Docid: 00018052
Publication Date: 2302
Publication Type: TUTORIAL
Preview
As IT environments have become more complicated – with more technologies,
more systems, more applications, and, regrettably more (and more
dangerous) cyber threats – network analysts have been presented with a
plethora of hardware and software tools designed to facilitate IT
infrastructure management and control. While IT staff initially embraced
the notion that more is better, many organizations are feeling overwhelmed
with an inventory of monitoring and analytic instruments which they cannot
effectively employ for IT administration and operation. This phenomenon is
called IT tool sprawl, also software sprawl or IT
bloat. Regardless of the label, there is general consensus that
quality is better than quantity, and that the practice of IT management
would be best served by deploying a smaller set of reliable,
multi-function IT tools.
Report Contents:
- Executive Summary
- Related Reports
- The Problem with IT Tool
Sprawl - Why the Problem Is Getting
Worse - Strategies for
Reducing IT Tool Sprawl - Web Links
Executive Summary
[return to top of this
report]
As IT environments have become more complicated – with more technologies,
more systems, more applications, and, regrettably more (and more
dangerous) cyber threats – network and other analysts have been presented
with a plethora of hardware and software tools designed to facilitate IT
infrastructure management and control.
Related Faulkner Reports |
IT Asset Management Tutorial |
IT Service Management Tutorial |
Network Management Tools Tutorial |
Shadow IT Tutorial |
While, initially, IT staff generally embraced the notion that more is
better – after all, more tools means more information which means better
decision-making – many organizations today are feeling overwhelmed, with
an inventory of monitoring and analytic instruments which they:
- Don’t completely understand
- Don’t have time to learn
- Don’t know how to use in conjunction with other tools that are
ostensibly compatible - Don’t have time to update, raising cybersecurity concerns
- Don’t necessarily trust
This phenomenon is called IT tool sprawl, also software
sprawl or IT bloat. Regardless of the label, there is
general consensus that quality is better than quantity, and that the
practice of IT management would be best served by deploying a smaller set
of reliable, usually multi-function, IT tools.
The Problem with IT Tool Sprawl
[return to top of this
report]
Given the proliferation of IT tools, many enterprise IT, security, and
operations departments more closely resemble NASA Mission Control (shown
in Figure 1) than any on-going business concern.
Figure 1. Johnson Space Center, Houston, Texas
Source: NASA | Photographer: Robert Markowitz
The Operational Impact of IT Tool Sprawl
IT tool sprawl diminishes enterprise productivity and adversely affects
enterprise security. Consider the following statistics:
Analyst Brittany Brown observes that “[today],
companies on average deploy 89 different apps (or as many as 187 for large
enterprises), 30 percent of which are actually duplicative or add no
distinct value.1
Analyst Shamus McGillicuddy reports that
according to Enterprise Management Associates, “[in] 2020, 41 percent of
network teams used four or five tools to manage their networks. [In 2022],
only 23 percent use four or five tools. Meanwhile, the number of teams
that use 11 to 15 tools increased from 9 percent in 2020 to 22 percent in
2022.”2
Analyst Karen D. Schwartz reveals that
according to a 2021 IBM report, “[organizations] that use more than 50
security tools are less likely to mitigate threats and defend against
attacks than organizations using fewer tools.”3
Schwartz also relates that “[it’s] not
uncommon, in fact, for small companies to have more than a dozen security
tools, while larger businesses often have 50 or more. And the number of
tools continues to grow: Security professionals add an average of six
security tools every 12 months, according to security operations platform
firm ReliaQuest.”4
The Logistical Impact of IT Tool Sprawl
Unnecessary or functionally-redundant IT tools can:
Increase software licensing costs,
except where tools are open source.
Expose the enterprise to potential
software licensing violations, unless procurement specialists
are involved in tool acquisition and licensing.
Increase software maintenance costs,
for the identification, testing, and implementation of new releases or
vendor-supplied fixes or patches.
Increase software training costs,
for familiarizing IT staffers (at least a primary and alternate) with tool
features, functions, operation, maintenance, testing, integration, and
reporting.
Introduce software-specific data silos,
inhibiting multi-tool data integration and analysis.5
Increase software integration costs,
inhibiting multi-tool data integration and analysis.
Increase software reporting costs,
decreasing tool utility and value.
Introduce uncertainty into operational
reporting and forecasting, compromising IT effectiveness and
enterprise operations.
Expose the enterprise to cyber threats,
compromising IT security, enterprise data, and enterprise operations.
Decrease time for innovation,
decreasing IT and enterprise productivity and profitability.
A Note About “Homegrown” IT Tools
A less-than-rigorous system of tool administration allows for the
introduction and propagation of homegrown tools. As analyst Chrystal
Taylor warns, “[homegrown] tools … aren’t very compatible with other
tools. [Nonetheless, we’ve] seen IT pros be highly hesitant to give up
their homegrown tools. Part of this resistance comes from the difficulty
of letting go of their creation, and part comes from determining how much
time is spent on maintenance.”6
Why the Problem Is Getting Worse
[return to top of this
report]
IT tool sprawl is getting worse because IT environments continue to
expand, both in sheer size and technical complexity, thereby necessitating
the introduction of more and better IT tools to maintain IT command and
control. Spurring this IT sector growth are a combination of new
technologies, new operations, and the ongoing influence of “shadow
IT.”
Technologies
The pace of technological innovation remains rapid and unrelenting. Over
the past decade, enterprise officials have seen meaningful breakthroughs
in:
- Artificial intelligence and machine learning
- The Internet of Things (IoT)
- Edge and fog computing
- 5G communications
- Robotic process automation
In some cases, IT departments are “playing catch-up” with these new
technologies in an effort to establish a competitive advantage or, at
minimum, avoid a competitive disadvantage. In the process, they are adding
new IT tools.
Operations
In addition to managing new technologies, IT departments are “gearing
up,” meaning “tooling up,” for new operational initiatives, including,
importantly, digital transformation and remote working.
Digital Transformation
Digital transformation (DT) is the utilization of digital technologies
(basically, any electronic system or device that generates, stores, or
processes data) to create new products, services, or processes or enhance
existing ones. DT may be as simple as transforming an analog process into
a digital one or as ambitious as transforming a 1990s-era
“brick-and-mortar” establishment into a current-day e-commerce business.
The proponents of digital transformation view DT as a vehicle for:
- Streamlining enterprise operations
- Producing new operational capabilities
- Reducing operational expenses, especially personnel costs
- Providing new business opportunities
In the short term, at least, digital transformation can drive IT tool
growth.
Remote Work
For today’s “knowledge worker,” basically, anyone who works primarily
with a computer, the era of remote work, aka telecommuting or telework,
has arrived. Enabled by decades of technological innovations – from
portable dial-up computer terminals to fax machines, personal computers,
the Internet, smartphones, and the cloud – today’s global information
infrastructure allows millions of employees to work full-time (remote
work) or part-time (hybrid work) from their home or other non-enterprise
location.
Although remote work was gaining in popularity over the past two decades,
the COVID-19 pandemic acted as a major accelerant. Almost overnight,
offices were emptied with workers retreating to their homes, leveraging
their personal computers and Internet connections to conduct critical
enterprise business. While hastily arranged, this new business model
allowed firms to conduct near business-as-usual. While pandemic-related
worries have receded, remote/hybrid work remains popular:
- Employees like it, with many viewing remote work as a benefit, even an
entitlement, like a 401K. - Employers like it too. After an expensive ramp-up effort in 2020, some
costs, especially facilities costs (for office buildings, parking,
utilities. etc,) are set to decline. Also, employers enjoy a much
larger, even global, personnel pool as enterprises can hire people from
around the block or around the world.
With respect to IT tool sprawl, remote work has increased IT investment
in networking, videoconferencing, cybersecurity, backup and recovery, and
remote support tools.
Shadow IT
Shadow IT refers to employees’ or other insiders’ unauthorized use of
third-party software and services, including such popular cloud apps as
Dropbox.
Inspired, at least in part, by the success of the “bring your own device”
(BYOD) movement, employees today feel empowered to download their own IT
tools and other applications, bypassing the enterprise IT and security
departments in their pursuit of personal productivity.
Unfortunately, such renegade behavior, which some charitably call the
“democratization of IT,” makes it difficult, if not impossible, for
enterprise officials to exercise control over their IT infrastructure.
Emblematic of the dilemma, unsanctioned or “off-the-books” software can:
- Exist in multiple versions simultaneously, with one shadow IT
practitioner invoking one software release and a second practitioner a
second, different release. - Contaminate enterprise devices and networks via viruses and other
malware. - Conflict with enterprise-approved software creating interoperability
issues. - Result in the loss of enterprise data due to inadequate systems
management functionality, such as no data encryption or no backup and
recovery. - Violate relevant security and privacy regulations, such as HIPAA which
helps guarantee the confidentiality of patients’ medical data.
Strategies for Reducing IT
Tool Sprawl
[return to top of this
report]
Whether for operational, financial, or security reasons – or all three –
enterprise officials should attempt to reduce IT tool sprawl. Here are
several strategies:
Conduct Periodic IT Tool Inventories
Despite various surveys and anecdotal evidence, convincing IT staffers
that IT tool sprawl is a problem may be difficult. Begin by conducting a
comprehensive inventory. For each IT tool identified – in many cases,
discovered – record the following:
Name – The name of the IT
tool, e.g., Network Performance Monitor
Provider – The firm that
sells and supports the IT tool, e.g., SolarWinds
Function – What the IT tool
does, e.g., Identify possibly-problematic network configuration changes
Enterprise Owner – The
employee responsible for the IT tool, e.g., Jane Doe, Senior Network
Engineer
Annual Fee – Does the
provider charge a license, maintenance, or service fee for the IT Tool?
Co-Requisite Tools – Does the
IT tool rely on the operation of other IT tools? If so, which tools?
Interoperability – Is the IT
tool compatible with other IT tools? If so, which tools?
Last Updated – When was the
IT tool last refreshed per provider recommendation?
Deficiencies – Does the IT
tool always operate as advertised?
Problems – Has the IT tool
ever failed to function, failed to perform according to specifications, or
compromised any IT operations?
Uniqueness – Does the IT tool
offer any feature or function not available via other enterprise IT tools?
Need – If the IT tool was
removed from the enterprise IT “toolbox”, would any IT operations suffer?
Overall Value – Rate the IT
tool from 0 (no value) to 5 (must have)
Consider removing the lower-rated IT tools from the enterprise IT
portfolio.
Also, re-inventory IT tools on an annual basis to prevent the gradual
reintroduction of superfluous software.
Promote Stricter IT Procurement Standards
Ensure that any proposed IT tools:
Add real value
Integrate with the existing enterprise toolset
Have a low total cost of ownership (TCO)
Have a high return on investment (ROI)
Are ideally multi-function
Boast a good pedigree, i.e., are supplied by a
reputable provider
Enforce Restrictions on Shadow IT
Consider the following options:
Prohibit employee use of unauthorized
IT tools. Subject violators to possible sanctions, including
termination.
Support employee-preferred IT tools.
Take shadow systems out of the shadows and confer full enterprise support.
Enlist shadow IT users as “citizen
developers.” This is a concept advanced by analyst James
Quigley in which “non-IT [specialists are] empowered to quickly and easily
build and deploy solutions … without IT department support.”7
In one possible scenario, citizen developers would work with the same
autonomy as shadow IT users, but the IT department would be cognizant of
their efforts, and raise the appropriate “red flags” if any proposed
solution threatened the stability of enterprise information systems.
Outsource IT Tool-Intensive Operations
IT tool sprawl can be one reason (usually not the only one) for
outsourcing complex and demanding IT operations. Many enterprises, for
example, engage managed network services and managed security services
providers.
Web Links
[return to top of this
report]
-
International Organization for Standardization: http://www.iso.org/
US National Institute of Standards and Technology: http://www.nist.gov/
References
1 Brittany Brown. “More Apps, More Problems: Is Your IT Team
Suffering from Software Sprawl?” NinjaOne. November 30, 2022.
2 Shamus McGillicuddy. “Network Management Tool Sprawl
Plagues IT Organizations.” TechTarget. May 2022.
3-4 Karen D. Schwartz. “How to Fight Security Tool Sprawl.”
ITPro Today | Informa USA, Inc. January 12, 2023.
5 “Tool Sprawl – Definition & Overview.” Sumo Logic.
2023.
6 Chrystal Taylor. “2023 Is the Year Tech Pros Finally Deal
with Tool Sprawl.” TechNode Global. January 4, 2023.
7 James Quigley. “It’s Time to Embrace, Not Fear, Shadow
IT.” TechCrunch. September 25, 2015.
About the Author
[return to top of this
report]
James G. Barr is a leading business continuity analyst
and business writer with more than 40 years’ IT experience. A member of
“Who’s Who in Finance and Industry,” Mr. Barr has designed, developed, and
deployed business continuity plans for a number of Fortune 500 firms. He
is the author of several books, including How to Succeed in Business
BY Really Trying, a member of Faulkner’s Advisory Panel, and a
senior editor for Faulkner’s Security Management Practices.
Mr. Barr can be reached via e-mail at jgbarr@faulkner.com.
[return to top of this
report]