Reducing IT Tool Sprawl

Reducing IT Tool Sprawl

by James G. Barr

Docid: 00018052

Publication Date: 2302

Publication Type: TUTORIAL


As IT environments have become more complicated – with more technologies,
more systems, more applications, and, regrettably more (and more
dangerous) cyber threats – network analysts have been presented with a
plethora of hardware and software tools designed to facilitate IT
infrastructure management and control. While IT staff initially embraced
the notion that more is better, many organizations are feeling overwhelmed
with an inventory of monitoring and analytic instruments which they cannot
effectively employ for IT administration and operation. This phenomenon is
called IT tool sprawl, also software sprawl or IT
. Regardless of the label, there is general consensus that
quality is better than quantity, and that the practice of IT management
would be best served by deploying a smaller set of reliable,
multi-function IT tools.

Report Contents:

Executive Summary

[return to top of this

As IT environments have become more complicated – with more technologies,
more systems, more applications, and, regrettably more (and more
dangerous) cyber threats – network and other analysts have been presented
with a plethora of hardware and software tools designed to facilitate IT
infrastructure management and control.

Faulkner Reports
IT Asset Management Tutorial
IT Service Management Tutorial
Network Management Tools Tutorial
Shadow IT Tutorial

While, initially, IT staff generally embraced the notion that more is
better – after all, more tools means more information which means better
decision-making – many organizations today are feeling overwhelmed, with
an inventory of monitoring and analytic instruments which they:

  • Don’t completely understand
  • Don’t have time to learn
  • Don’t know how to use in conjunction with other tools that are
    ostensibly compatible
  • Don’t have time to update, raising cybersecurity concerns
  • Don’t necessarily trust

This phenomenon is called IT tool sprawl, also software
or IT bloat. Regardless of the label, there is
general consensus that quality is better than quantity, and that the
practice of IT management would be best served by deploying a smaller set
of reliable, usually multi-function, IT tools.

The Problem with IT Tool Sprawl

[return to top of this

Given the proliferation of IT tools, many enterprise IT, security, and
operations departments more closely resemble NASA Mission Control (shown
in Figure 1) than any on-going business concern.

Figure 1. Johnson Space Center, Houston, Texas

Figure 1. Johnson Space Center, Houston, Texas

Source: NASA | Photographer: Robert Markowitz

The Operational Impact of IT Tool Sprawl

IT tool sprawl diminishes enterprise productivity and adversely affects
enterprise security. Consider the following statistics:

Analyst Brittany Brown observes that “[today],
companies on average deploy 89 different apps (or as many as 187 for large
enterprises), 30 percent of which are actually duplicative or add no
distinct value.1

Analyst Shamus McGillicuddy reports that
according to Enterprise Management Associates, “[in] 2020, 41 percent of
network teams used four or five tools to manage their networks. [In 2022],
only 23 percent use four or five tools. Meanwhile, the number of teams
that use 11 to 15 tools increased from 9 percent in 2020 to 22 percent in

Analyst Karen D. Schwartz reveals that
according to a 2021 IBM report, “[organizations] that use more than 50
security tools are less likely to mitigate threats and defend against
attacks than organizations using fewer tools.”3

Schwartz also relates that “[it’s] not
uncommon, in fact, for small companies to have more than a dozen security
tools, while larger businesses often have 50 or more. And the number of
tools continues to grow: Security professionals add an average of six
security tools every 12 months, according to security operations platform
firm ReliaQuest.”4

The Logistical Impact of IT Tool Sprawl

Unnecessary or functionally-redundant IT tools can:

Increase software licensing costs,
except where tools are open source.

Expose the enterprise to potential
software licensing violations
, unless procurement specialists
are involved in tool acquisition and licensing.

Increase software maintenance costs,
for the identification, testing, and implementation of new releases or
vendor-supplied fixes or patches.

Increase software training costs,
for familiarizing IT staffers (at least a primary and alternate) with tool
features, functions, operation, maintenance, testing, integration, and

Introduce software-specific data silos,
inhibiting multi-tool data integration and analysis.5

Increase software integration costs,
inhibiting multi-tool data integration and analysis.

Increase software reporting costs,
decreasing tool utility and value.

Introduce uncertainty into operational
reporting and forecasting
, compromising IT effectiveness and
enterprise operations.

Expose the enterprise to cyber threats,
compromising IT security, enterprise data, and enterprise operations.

Decrease time for innovation,
decreasing IT and enterprise productivity and profitability.

A Note About “Homegrown” IT Tools

A less-than-rigorous system of tool administration allows for the
introduction and propagation of homegrown tools. As analyst Chrystal
Taylor warns, “[homegrown] tools … aren’t very compatible with other
tools. [Nonetheless, we’ve] seen IT pros be highly hesitant to give up
their homegrown tools. Part of this resistance comes from the difficulty
of letting go of their creation, and part comes from determining how much
time is spent on maintenance.”6

Why the Problem Is Getting Worse

[return to top of this

IT tool sprawl is getting worse because IT environments continue to
expand, both in sheer size and technical complexity, thereby necessitating
the introduction of more and better IT tools to maintain IT command and
control. Spurring this IT sector growth are a combination of new
technologies, new operations, and the ongoing influence of “shadow


The pace of technological innovation remains rapid and unrelenting. Over
the past decade, enterprise officials have seen meaningful breakthroughs

  • Artificial intelligence and machine learning
  • The Internet of Things (IoT)
  • Edge and fog computing
  • 5G communications
  • Robotic process automation

In some cases, IT departments are “playing catch-up” with these new
technologies in an effort to establish a competitive advantage or, at
minimum, avoid a competitive disadvantage. In the process, they are adding
new IT tools.


In addition to managing new technologies, IT departments are “gearing
up,” meaning “tooling up,” for new operational initiatives, including,
importantly, digital transformation and remote working. 

Digital Transformation

Digital transformation (DT) is the utilization of digital technologies
(basically, any electronic system or device that generates, stores, or
processes data) to create new products, services, or processes or enhance
existing ones. DT may be as simple as transforming an analog process into
a digital one or as ambitious as transforming a 1990s-era
“brick-and-mortar” establishment into a current-day e-commerce business.

The proponents of digital transformation view DT as a vehicle for:

  • Streamlining enterprise operations
  • Producing new operational capabilities
  • Reducing operational expenses, especially personnel costs
  • Providing new business opportunities

In the short term, at least, digital transformation can drive IT tool

Remote Work

For today’s “knowledge worker,” basically, anyone who works primarily
with a computer, the era of remote work, aka telecommuting or telework,
has arrived. Enabled by decades of technological innovations – from
portable dial-up computer terminals to fax machines, personal computers,
the Internet, smartphones, and the cloud – today’s global information
infrastructure allows millions of employees to work full-time (remote
work) or part-time (hybrid work) from their home or other non-enterprise

Although remote work was gaining in popularity over the past two decades,
the COVID-19 pandemic acted as a major accelerant. Almost overnight,
offices were emptied with workers retreating to their homes, leveraging
their personal computers and Internet connections to conduct critical
enterprise business. While hastily arranged, this new business model
allowed firms to conduct near business-as-usual. While pandemic-related
worries have receded, remote/hybrid work remains popular:

  • Employees like it, with many viewing remote work as a benefit, even an
    entitlement, like a 401K.
  • Employers like it too. After an expensive ramp-up effort in 2020, some
    costs, especially facilities costs (for office buildings, parking,
    utilities. etc,) are set to decline. Also, employers enjoy a much
    larger, even global, personnel pool as enterprises can hire people from
    around the block or around the world.

With respect to IT tool sprawl, remote work has increased IT investment
in networking, videoconferencing, cybersecurity, backup and recovery, and
remote support tools.

Shadow IT

Shadow IT refers to employees’ or other insiders’ unauthorized use of
third-party software and services, including such popular cloud apps as

Inspired, at least in part, by the success of the “bring your own device”
(BYOD) movement, employees today feel empowered to download their own IT
tools and other applications, bypassing the enterprise IT and security
departments in their pursuit of personal productivity.

Unfortunately, such renegade behavior, which some charitably call the
“democratization of IT,” makes it difficult, if not impossible, for
enterprise officials to exercise control over their IT infrastructure.
Emblematic of the dilemma, unsanctioned or “off-the-books” software can:

  • Exist in multiple versions simultaneously, with one shadow IT
    practitioner invoking one software release and a second practitioner a
    second, different release.
  • Contaminate enterprise devices and networks via viruses and other
  • Conflict with enterprise-approved software creating interoperability
  • Result in the loss of enterprise data due to inadequate systems
    management functionality, such as no data encryption or no backup and
  • Violate relevant security and privacy regulations, such as HIPAA which
    helps guarantee the confidentiality of patients’ medical data.

Strategies for Reducing IT
Tool Sprawl

[return to top of this

Whether for operational, financial, or security reasons – or all three –
enterprise officials should attempt to reduce IT tool sprawl. Here are
several strategies:

Conduct Periodic IT Tool Inventories

Despite various surveys and anecdotal evidence, convincing IT staffers
that IT tool sprawl is a problem may be difficult. Begin by conducting a
comprehensive inventory. For each IT tool identified – in many cases,
discovered – record the following:

Name – The name of the IT
tool, e.g., Network Performance Monitor

Provider – The firm that
sells and supports the IT tool, e.g., SolarWinds

Function – What the IT tool
does, e.g., Identify possibly-problematic network configuration changes

Enterprise Owner – The
employee responsible for the IT tool, e.g., Jane Doe, Senior Network

Annual Fee – Does the
provider charge a license, maintenance, or service fee for the IT Tool?

Co-Requisite Tools – Does the
IT tool rely on the operation of other IT tools? If so, which tools?

Interoperability – Is the IT
tool compatible with other IT tools? If so, which tools?

Last Updated – When was the
IT tool last refreshed per provider recommendation?

Deficiencies – Does the IT
tool always operate as advertised?

Problems – Has the IT tool
ever failed to function, failed to perform according to specifications, or
compromised any IT operations?

Uniqueness – Does the IT tool
offer any feature or function not available via other enterprise IT tools?

Need – If the IT tool was
removed from the enterprise IT “toolbox”, would any IT operations suffer?

Overall Value – Rate the IT
tool from 0 (no value) to 5 (must have)

Consider removing the lower-rated IT tools from the enterprise IT

Also, re-inventory IT tools on an annual basis to prevent the gradual
reintroduction of superfluous software.

Promote Stricter IT Procurement Standards

Ensure that any proposed IT tools:

Add real value

Integrate with the existing enterprise toolset

Have a low total cost of ownership (TCO)

Have a high return on investment (ROI)

Are ideally multi-function

Boast a good pedigree, i.e., are supplied by a
reputable provider

Enforce Restrictions on Shadow IT

Consider the following options:

Prohibit employee use of unauthorized
IT tools.
Subject violators to possible sanctions, including

Support employee-preferred IT tools.
Take shadow systems out of the shadows and confer full enterprise support.

Enlist shadow IT users as “citizen
This is a concept advanced by analyst James
Quigley in which “non-IT [specialists are] empowered to quickly and easily
build and deploy solutions … without IT department support.”7
In one possible scenario, citizen developers would work with the same
autonomy as shadow IT users, but the IT department would be cognizant of
their efforts, and raise the appropriate “red flags” if any proposed
solution threatened the stability of enterprise information systems.

Outsource IT Tool-Intensive Operations

IT tool sprawl can be one reason (usually not the only one) for
outsourcing complex and demanding IT operations. Many enterprises, for
example, engage managed network services and managed security services

[return to top of this


About the Author

[return to top of this

James G. Barr is a leading business continuity analyst
and business writer with more than 40 years’ IT experience. A member of
“Who’s Who in Finance and Industry,” Mr. Barr has designed, developed, and
deployed business continuity plans for a number of Fortune 500 firms. He
is the author of several books, including How to Succeed in Business
BY Really Trying
, a member of Faulkner’s Advisory Panel, and a
senior editor for Faulkner’s Security Management Practices.
Mr. Barr can be reached via e-mail at

[return to top of this