LearningCenter Post29

Becoming Non-Compliant in the Cloud

The Cloud has made computing that much easier for companies; they are able to work from home, share files in a single location, and they can sleep easy at night knowing that all their licensing problems are a thing of the past…or are they? Unfortunately, there are some common ways companies become non-compliant in the cloud.

With pay-as-you-go pricing models and easy scalability, it would seem as though there’d be no chance to run up against any trouble in the Cloud. Still, there are a few scenarios that present compliance risks that you should be wary about as you make the transition into the Cloud.

At MetrixData 360, we have helped many of our customers transition into the Cloud smoothly and with as little impact as possible when it comes to their expenses, so let’s look at how compliance is still something to be wary of, even in the Cloud.

Compliance Issue #1: Expecting Vendors to Keep You Compliant

If you are hosting all your products on a vendor’s platform, you’d think that vendor would let you know if you were overspending or if you were using services you are not entitled to.

It’s not for their lack of knowledge – they know exactly what you’re using and how much because your servers are their servers. However, there are services on the Cloud that exist without a cap of any kind.

Salesforce Marketing Cloud is a great example of this. The product tracks social media mentions and it does not stop once you reach the limit of your mentions, it just keeps going while simply tripling your cost for its tracking efforts —meanwhile, your 20K monthly expense could jump up to 250K if left unattended.

Your software vendor will also not stop you from using services you aren’t entitled to.

For instance, if an administrator were to enable Azure Threat Protection at the domain level, they could do so, and the protection would cover every user in the domain including users that don’t have the proper license to entitle them to this protection.

This type of expectation that organizations govern themselves could leave companies having to pay up tremendous amounts of unforeseen software spend, along with non-compliance fees at their next true-up.

Compliance Issue #2: Using Expired Plans

In the case of some vendors, despite the fact that a license may have expired, its curdled remains are still accessible to their user. The only way a technical barrier is activated to a company is when every license within that organization has expired for that service.

As long as there is still a single active license, then anyone who has an expired license can still access that service, which can leave a company exposed to unexpected fees.

Compliance Issue #3: Mixing Plans

When you purchase a Microsoft 365 Subscription plan, you are signing up for the access to applications and services such as Office, Exchange, and SharePoint. These Subscription plans range from basic (F1) to top of the line and most expensive (E5).

Hidden costs can easily crop up when you mix plans. Features may be accessible to members of your organization who do not have the license to use them, which puts you into dangerous compliance risk territory.

To make matters worse, it is not exactly clear which licenses are needed to use some features. Manual configuration is advised to avoid this compliance risk.

You’ll be asked to buy extra “standalone licenses” for lower-level plans in order to compensate for users accessing high-level suites.

Compliance Issue #4: Underestimating Total Expense

The sheer nature of the pricing metric of Cloud products makes it so that it can be difficult to estimate true cost. It may seem as though two extra dollars a month won’t have that big of an impact, but once it is scaled up to your whole organization, it can leave you having to pay out a large chunk of your software budget.

One client of ours had this exact problem with an unexpected $8,000 spike in their software spend. We tracked the unexpected spending to a desktop belonging to a junior IT team member who had accidentally turned on Blob Storage for his entire company.

In the defense of the junior IT member, there had only been barely a few dollars of difference between the storage applications he had been asked to pick between, but it had cost his company a tremendous amount of unneeded spend.

How to Avoid Becoming Non-Compliant in the Cloud

While the Cloud might not be the balmy risk-free getaway promised, it can still provide your organization with the flexibility it needs to succeed, and it doesn’t have to be a budgeting nightmare if you follow these simple steps:

  • Know your contracts, what you are entitled to and what you are not, make sure administrators understand their role and responsibilities
  • Start a SaaS Management program to accompany your SAM strategy
  • Find a tool that can accommodate for your company’s Cloud migration
  • Pay close attention to users, storage and your company’s limits

Get a Handle on your Cloud Solution

The Cloud can be liberation for many companies.

However, as great as it may be, it is important that you are aware of the stumbling blocks that befall companies who head straight to the Cloud thinking it will be the end of their compliance issues, because oftentimes it is not.

Compliance gaps and audits are a massive form of revenue for Microsoft, so despite the apparent transition away from restrictive arrangements that allow for compliance gaps in the first place, you may find yourself butting heads with its Cloud equivalent.

At MetrixData 360, we are more than prepared and capable in helping you achieve your goals in the Cloud. We know how to monitor your usage with our Azure Usage Reporting tool, which can help you solve any of your Azure compliance or spending issues.

For more information, you can check out our Azure Usage Reporting Tool page here.

Give Your Microsoft 365 Licensing a Health Check

Book a meeting with MetrixData 360 today and see how much you could be saving on your Microsoft 365.