The world of IT is full of metaphors. Many of them don’t make a lot of sense. For example, "software is eating the world" seems to me a silly saying. So does the notion that "code is poetry." But here's one IT metaphor I do like: “sprawl.” When you work with software and infrastructure--especially if your IT system and code practices aren’t exactly strategic or even focused--you constantly encounter what you could call sprawl. In fact, you may encounter multiple types of sprawl.
Like urban sprawl, sprawl in the world of IT means software or systems that are haphazardly planned, hard to track and difficult to keep safe. The bigger the sprawl gets, the harder managing it becomes.
Also, like urban sprawl, IT sprawl is something that often creeps up with little warning. One day you’re surrounded by a neat and orderly environment, and the next you find yourself contending with chaotic, ungainly infrastructure.
To help prevent sprawl from getting in the way of your IT success strategy--and to help you develop/hone good IT system and code practices--here’s a look at five different types of sprawl that you may face in your career as a developer or IT engineer, and how to combat them.
Code is like roads or neighborhoods: It tends to get bigger and bigger over time. And, unless you manage the growth of your codebase effectively with good code practices, you end up with code that sprawls across your organization.
Code sprawl can manifest itself in multiple ways. It could involve different departments maintaining their own code in a manner that makes it hard to keep track of all of the code within the company. It could also be characterized by the persistence of unnecessary legacy code within your code management systems. Or it might involve keeping very old versions of your applications, beyond the point of necessity.
There is no simple trick or technology for eliminating code sprawl, although there are some best code practices that can help. One is including rules about code lifecycle management in your IT governance policy so that your organization has a consistent set of rules to define when to cycle out legacy code. Another is choosing a single source code management system (like GitHub) to use across the organization, which will help prevent the siloing of your various codebases.
If you’re like most organizations today, you have services running in a cloud. In fact, you may have services spread across multiple clouds, if you have adopted a multicloud architecture.
If you don’t manage your cloud resources carefully, you can run into cloud sprawl. Cloud sprawl means a cloud infrastructure that has more resources and services running than necessary, or that is configured in an inefficient way.
If you aren’t sure how many cloud virtual machine instances or databases you have running at a given moment, you may be suffering from cloud sprawl. Having no idea what your cloud bill is going to be until it arrives every month is another sign of cloud sprawl. So is a cloud infrastructure that includes redundant services running on different public clouds for no good reason.
Here again, a strong IT governance policy is one way to prevent cloud sprawl. Cloud cost monitoring tools can help you to find and fix inefficient cloud configurations, too. And you may also want to think hard before jumping on the multicloud bandwagon; while multicloud certainly has its benefits, adding more clouds to your infrastructure increases the likelihood of ending up with cloud sprawl.
Whether you’re building a public-facing app or a line-of-business application for internal company use, figuring out how much functionality to include in the app is something like navigating between Scylla and Charybdis.
One the one hand, you don’t want to pack so much functionality into a single app that it overwhelms users, who would prefer the app to be broken down into multiple smaller, less complicated apps. On the other hand, you don’t want to have so many individual apps that they become hard for you to maintain and for your users to wrap their heads around.
If you find yourself in the latter boat, you have app sprawl and you likely need to examine your code practices. If your typical user needs to download dozens of different apps, you probably have too many apps, and you should consider merging some of them together.
In addition to good code practices, usability testing goes a long way toward helping to determine whether you have app sprawl. So does tracking how many users are downloading and using all of your apps. If you find that every user is installing almost every app you have, you could make your users’ lives simpler by merging some of those apps together.
Data is increasingly critical to the operations of modern organizations, which is part of the reason why they are collecting and storing more of it than ever. (The other part of the reason is that it’s easier than ever to collect data, thanks to modern tools.)
When you do a good job of aggregating, centralizing and lifecycling your data, it will create important value for your organization. But when you manage data poorly, you end up with data sprawl. Data sprawl means data that is spread across a wide area, stored in lots of different locations, and difficult to integrate and analyze.
Fighting data sprawl begins with being smart about where and how you collect data. Not every single piece of data that your organization generates necessarily needs to be collected and stored forever. Instead of collecting it all just to say you do, assess which data you actually need and for how long you need it.
Enforcing data quality standards will also help limit data sprawl. Even if your data is spread across multiple locations, it will be easier to aggregate and integrate in a central data warehouse if it meets quality requirements.
Last but not least is secrets sprawl. In this context, secrets refer to the private information (such as passwords, encryption keys and API tokens) that your organization uses to secure its data and systems.
If you’re like most organizations, you have more secrets than ever, thanks especially to the growing use over the past several years of APIs and microservices (which have increased the number of authentications that take place within IT systems). Keeping track of all of that secret data can be difficult, especially if it is used by multiple teams.
Fortunately, secrets sprawl is a problem that can be solved largely with just tools. You can use a central password manager or key management service to centralize certain types of secrets. Or, even better, you could implement a secrets manager that stores secrets of all types, like Vault or Conjur. These types of tools haven’t traditionally been widely used outside of large enterprises, but they are growing in importance for companies of all sizes as secrets management becomes more and more difficult.
For many organizations today, keeping applications and infrastructure running smoothly requires an ongoing fight against sprawl. There may be no way to eliminate the threat of sprawl permanently, but with good IT system and code practices, as well as the right tools, rules and strategies, you can mitigate the risk of sprawl--and address it quickly if it does start to crop up.