Whittle down application sprawl

Getting rid of old, unsecured, or unused software is not easy. Do it correctly, though, and you can save IT time and money

When it comes to shutting down out-of-date, risky or unnecessary applications, James Gordon, vice president of technology and operations at Needham Bank, doesn't mess around.

"Users will tell us we can't get rid of certain programs because they always use them. [IT] then asks them to define 'always'," he says, and then conducts a simple test: "We shut off the application's server to see if anyone notices."

[ Also on InfoWorld: 12 "best practices" IT should avoid at all costs. | Cut to the key news for technology development and IT management with our once-a-day summary of the top tech happenings. Subscribe to the InfoWorld Daily newsletter. ]

While this might seem drastic, Gordon finds it the best way to rebut a claim that a program is a must-have. "If we can prove that access to an application hasn't been attempted in six months, then we can argue that application isn't necessary," he says, adding IT powers the server back up as soon as the first call for the application comes in.

Around half the time the IT group has to re-start the app, Gordon says. "Sometimes it will be off for two months and then we get a call, and have to eat crow," Gordon explains. "Other times we power it down and the app is forgotten."

IT executives today must keep close watch on software usage as out-of-control application stacks can jack up costs, introduce vulnerabilities, add to infrastructure complexity, jeopardize licensing and waste staffing resources.

"Fewer than 20 percent of applications account for more than 80 percent of IT's budget," says Andy Kyte, vice president and fellow at Gartner. Optimizing that 20 percent by eliminating redundant, inefficient and wasteful software could yield significant cost and efficiency benefits.

"You have to manage all applications for value. Know what you've got, why you've got it, what it costs, what you plan to do with it, and how you're going to continue to manage it," he says. Individual applications and application portfolios have to be held at an affordable price with good service to users.

The best way to ensure an optimal application portfolio is to not let it get out of control in the first place. But for some, that ship has already sailed.

Application sprawl occurs for many reasons, including mergers and acquisitions and siloed business lines purchasing their own software, according to Ramana Reddy Depa, CTO of KillerIT, a division of Forsythe Solutions Group that sells asset-management software. "When businesses are doing well, there isn't much focus on normalizing or reducing applications."

Yet, Depa observed through his work with Fortune 50 companies that issues such as functional redundancy run rampant. Out of 100 applications in an organization, 30 to 35 have some form of redundancy, he says.

The traditional first step is to gather a comprehensive inventory of applications in use and dormant. Really useful application inventories, Depa says, dig deep and gather data about all applications that exist in the environment and the infrastructure they rely on.

There is no shortage of software available to capture data about each application, including licensing, versions, usage and location. Microsoft, CDW, Lansweeper, Quest, Riverbed and Spiceworks all have products available.

But, as Depa warns, application inventories require time and effort. One midsize company he consulted with went into the application audit thinking they had 400 applications, only to find 130 more in use across the organization.

The business case

As recently as three years ago, the First Church of Christ, Scientist had a pool of 1,500 end-user developed applications for its 550 users. The organization, which is both a church and publishing society, suffered from severe departmental data silos, according to CIO Curt Edge.

Each department used a different application to store its member data and handle subscriptions, fulfillment and finances, causing wasteful redundancies in applications and data storage. The broad application portfolio also drained IT resources during a time of cutbacks, Edge says. The organization had 400 servers on site -- most with only one application on each. "We were spending 90 percent of our IT budget on system maintenance and 10 percent on the business," he says.

Edge faced not only internal budget heat, but also industry pressure to comply with the then newly released Payment Card Industry standard. "There was no way we could follow the requirement of security patches within 30 days with the limited staff we had. We just didn't have the horsepower," Edge says.

That's when he took the drastic step of consolidating all redundant, out-of-date and inefficient systems and moved them to the cloud. For instance, he got rid of Microsoft Exchange and Office in favor of Google Apps' Gmail and Google Docs. He eliminated department-level programs such as FileMaker that kept data in siloes and signed on to Salesforce.com.

The multiple in-house subscription and fulfillment services applications also got the boot as all operations were outsourced to CDS Global, which specializes in these areas. Even the organization's Oracle database was shifted to the cloud-based Intacct service for accounting and finance.

By the time this IT overhaul is complete later this year, Edge expects to have only a single on-site server for DNS and other network functions. All other applications will run off of virtual servers in a CenturyLink (formerly Savvis) data center, be SaaS-based or be outsourced.

While Edge can't share numbers that validate the drastic changes, he says the benefits are plenty. Data has been pulled out of silos, fostering collaboration across the enterprise; IT now focuses on the business vs. application upkeep; and users have access to up-to-date, compliant and best-practice-based programs.

Convincing the boss

This change wasn't without its struggles, though. Edge had to educate the board of directors and senior management about the positives of a leaner IT and infrastructure. He worked closely with the organization's treasurer to ensure there was an ROI.

Then he established partnerships with all the business leads and explained how much simpler their jobs would be with a streamlined, cloud-based operation. In cases where he got pushback, he offered up numbers. For instance, to anyone that wanted to keep old data, he showed that no one had looked at 80 percent of the data in five years. He explained that he would archive the data, which would keep it from wasting backup and staffing resources.

He found his own IT team to be some of the toughest to convince because they worried they would lose their jobs and that they would be ineffective without their favorite tools. Eventually, he says, he persuaded them that IT's value is not in supporting technology, but in understanding the business and using technology to achieve business goals.

Architecting success

Like Edge, Craig Huegen, senior director of IT for Connected IT Services at Cisco, works hard to avoid the effects of application sprawl on the company's internal IT budget, but acknowledges that sometimes redundant, inefficient and out-of-date programs pop up.

His team uses a system information exchange -- modeled using Troux Architect software -- that maps all business processes to applications, infrastructure and other enterprise resources. "We track where data comes from and where it goes to so that we can monitor application interaction," he says.

For instance, the system information exchange illustrates the interdependencies between the company's order management system and service management system. This includes all the data flows among systems, such as open service requests and current orders and status. This insight is essential when Huegen has to consolidate or retire applications.

Cisco's 2005 acquisition of Scientific Atlanta was a good example of application overlap. Using the system information exchange, Huegen identified duplicate functionality in each company's order management system. "By showing the cost and pain points of staying on separate systems, we were able to convince Scientific Atlanta business leaders that they should adopt Cisco's system," he says.

Users, in his opinion, don't cling to systems for purely emotional reasons. "They made an investment, learned the tool and made it align with the business," he says, adding that newer systems don't always include all the customization built into legacy systems.

When switching to a new application, Huegen will invite key users into a conference room to help construct a mock-up that includes the features and functionality most important to them. This process, used for both off-the-shelf and cloud-based systems, makes users feel more invested in and comfortable with a new application.

The SaaS effect

Virtualization and the cloud are strong selling points. Huegen explains that infrastructure to support new projects can be available in 15 minutes vs. the 12 weeks previously needed for provisioning. He adds that consistent and standardized applications foster a far better experience because they don't need to bring in a chief architect every time a user requires support.

These arguments swayed Cisco's Human Resources group to let go of a costly legacy application and hop onto an affordable SaaS-based platform.

Nate McBride, vice president of IT and chief cloud architect at AMAG Pharmaceuticals, also invokes the benefits of SaaS to pry aging and redundant applications from strong user grips.

When he started at the company in 2008, he made it a mission to eliminate the data center and go entirely to the cloud. Instead of starting with a small-fry program, McBride went big and retired Microsoft Exchange and SharePoint in favor of Google Apps.

Users resisted so McBride took it slow with some parts of the migration, such as document storage. "We went to Google Docs but kept local file servers as a compromise," he says.

He had less patience for obvious redundancies, including project management applications. With three or four packages floating around the 170-employee company, McBride urged everyone to settle on a single platform -- the Google-supported Smartsheet.

"We have people who are old-school about project management. But we demonstrated that what they were doing was archaic and that there were new and better ways to achieve the same result," he says.

The one thing that always gets people's attention is the anytime, anywhere access that cloud-based applications provide. "We tell them, 'We can't support your old application on the iPhone, iPad or your home computer,' and then they are willing to listen," McBride says.

With most users onboard and all 30 enterprise applications in the cloud, McBride has found a different obstacle to contend with: vendors.

For instance, his users agreed to swap out enterprise-based videoconferencing for a cloud-based offering, but McBride has found his provider falling short of expectations. For one thing, McBride explains, it's difficult to provision new accounts, especially if an end-user makes a mistake in the initial sign-up process. Also, the video doesn't work well with low bandwidth.

"We tested nine or 10 different options before selecting one, but now we have to evaluate all the vendors again. It's a perpetual process," he says.

Before switching users over to a new application, McBride asks vendors to show him their next release or a viable product roadmap. "If they can't do that, we won't sign on with them," he says. He also solicits input from business leaders about which apps would work best. One department wanted to use Tableau to chart commercial analytics. McBride's team tested it, bought seats and then added it to the backup schedule, something that wouldn't happen if the department operated the application outside of IT.

McBride encourages users to explore new apps that can help them do their jobs better and is ready to kill off even SaaS apps that are unpopular, unproductive or require too much support. "I'm not worried about secure data being exposed by users trying out SaaS programs. He considers 2 percent of corporate data to be extremely confidential IP; it requires multiple points of authentication to access and is audited for access during the process.

In fact, sometimes McBride himself will find a better app and ask department leaders if they'd like to try it. He says SaaS makes it easy to always use the best tool for the job.

What you can't see...

IT executives must have access to all technology-related invoices to be able to make an informed decision to buy, sell or hold.

Invoices give unmatched insight into licenses, maintenance plans and redundancy. Paired with traditional assessment tools such as application access statistics and vulnerability assessments, IT executives can make informed decisions about which applications to keep or retire.

For instance, Needham Bank's Gordon realized via invoices that his team was using multiple backup tools, including Symantec Backup Exec and Veeam. "They provide the same functionality and we only need one," he says, adding they settled on Backup Exec.

"CTOs need to have invoices come across their desk, be responsible for billing and be cognizant of application costs," he says. "It's very easy for an organization to spend money on two or three products that do the same thing." In addition to the support issues, this can mean the enterprise can't claim the vendor's licensing discount for multiple seats.

1 2 Page
Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies