By Maureen Polte, Flexera Software
Application sprawl is a major challenge for IT operation teams. The modern enterprise has accumulated many applications over the years that must be actively maintained and supported. The number of applications in the typical portfolio has increased dramatically due to mergers, acquisitions and organic growth, and includes a wide range of desktop applications, editions and versions.
This application sprawl increases operational, infrastructure and support costs and can leave enterprises open to additional risk from software vulnerabilities. Maintaining and supporting an unhealthy percentage of applications that are unnecessary, duplicative, end-of-life or unauthorized can cost enterprises millions -- and unnecessarily exposes them to cybersecurity risks. Often these risks are most acutely experienced during major application migrations.
Enterprise Application Sprawl Happens
According to a recent Flexera Software survey, 64 percent of respondents said they have more desktop applications than their business requires. These unused, and often legacy, applications consume network, hardware and IT resources that can be better used for other purposes. Likewise, patching and maintaining underused applications translates directly to wasted hours of IT time.
The lack of consistent processes and sufficient governance can make it easy for duplicate or unauthorized applications to find their way into the enterprise; employees often download their own software, bypassing IT. Even approved software released by IT through the correct procedures can be forgotten and continue to consume valuable resources years after the business has moved on to other more current solutions.
Application Rationalization and Software Migrations
Major IT projects, like Windows 10 migrations or implementing a security patch management program, often force organizations to confront the issue of application sprawl. An efficient move to a new platform is similar to moving from one house to another. Prior to making the move it makes sense to clean house, so that only assets that are necessary and compatible with the new location are moved and effort is not wasted on those that are not needed in the new environment.
Thoroughly testing applications for compatibility with a new operating system takes time and effort. For example, prior to a move to Windows 10, a large enterprise can easily have thousands of installed applications that must be inventoried, identified and tested for compatibility with the new OS and then fixed and packaged -- all before those apps move to the new environment. Reducing the list of applications that need to be moved through rationalization can greatly reduce the size of the project.
Application rationalization is a systematic method for determining which applications are useful and needed by the business, and which ones are redundant, add no value and should be retired or replaced.
It can be a difficult process if an organization waits until just before the migration project to get started. It is better to perform application rationalization on a daily basis as part of a continuous application readiness process.
5 Steps for Application Rationalization
There are five key steps for application rationalization:
Continuously gather inventory
Collect application evidence and usage data from your inventory tool, such as Microsoft System Center Configuration Manager, on a regular basis. Inventory tools collect all kinds of information and you will likely find that the "inventory" includes a lot of data like drivers, games and Windows updates that only distract from the rationalization effort. The inventory data will also most likely have inconsistent vendor naming (i.e. IBM, IBM Corp., IBM Corporation, ©Copyright IBM Corp.) and include minor versions and patches -- which make it difficult to understand exactly what applications you have and which do and do not need attention for the migration project.
Normalize and categorize applications
The collected inventory must be normalized and standardized into a list with consistent vendor names, software titles and consolidated versions. In an average enterprise, normalization of raw inventory data can reduce the number of items in the inventory by a factor of ten. In other words, if the raw inventory returned 10,000 unique applications and versions, once normalized the inventory will be reduced to somewhere around 1,000 unique software titles.
Each application should also be categorized by primary function to make it easier to spot redundancies, for further consolidation. Done manually, normalization is a complicated, lengthy process and prone to data quality errors. Utilizing an automated solution streamlines that process by providing a software recognition service that can quickly turn raw inventory into actionable data and keep up with the fast pace of software updates and new applications.
Identify the application owners
Now with a solid list of applications, vendors, versions and usage, it is time to move to the next step, which is to align with the business. Each application should have a business owner that represents the line of business. Note the owner for each software title, then work with them and subject matter experts to determine the application’s value to the business and negotiate which competing products to standardize.
Make decisions based on compatibility
Understand the technology required to support the application, and with which platforms it is compatible. Will the application install and run successfully on a 64-bit Windows 10 device? Is the application suitable for virtualization with Microsoft App-V or VMware ThinApp? Or should it be hosted on a server for remote access?
Clearly identify next steps and initiate workflow
Once you have all the information, you should be in a good position to make informed decisions. Create application portfolio rationalization projects by business units, users, machines or applications. Each application will usually be assigned to one of four workflows:
- Retire. Get rid of apps that no longer provide business value.
- Replace. Swap out duplicate apps and solutions no longer supported by the vendors.
- Upgrade. Upgrade old versions to the latest major release to ensure they receive the latest capabilities, bug fixes and security updates.
- Retain. Clearly indicate the apps that you want to move forward to the new environment without any major changes.
Once an application is validated, application readiness workflows should assign tasks to each IT group involved in getting the application prepared for delivery to the new devices and operating systems.
Make Application Rationalization a Continuous Process
To prevent application sprawl from reoccurring, IT needs to keep the application portfolio clean, secure and "change ready" for the next major effort, whether that's a virtualization effort, a mobile initiative or just keeping up with the Windows 10 Current Branch for Business updates.
React quickly to new efforts by rationalizing day-to-day software requests as part of a mature application readiness strategy. By maintaining a right-sized application portfolio, you will keep desktop applications under control and the organization agile. You also reduce the attack surface from threats, streamline vulnerability assessments and lessen the number of security patches that need to be managed and deployed.
Your Ultimate Goal
Application rationalization is all about identifying and removing applications that have multiple versions, have outlived their life span, are not authorized or are no longer needed because of changes in business processes or strategy. Implementing continuous application rationalization provides an opportunity for IT operations teams to have discussions with business owners, understand their goals, and maintain an application portfolio that helps the business become more innovative and competitive. It will also prevent application sprawl, reduce the organization's costs (including annual license renewal fees and maintenance costs for unused applications) and reduce cybersecurity risk exposure.
The ultimate goal of application readiness is to establish an automated, end-to-end process for managing applications over their entire lifecycles, from acquisition to retirement. That requires standardization of process steps, seamless integration within and across steps, and a high automation intelligence to drive better decision making about which applications are allowed into the organization.
Maureen Polte is vice president of Product Management at Flexera Software, responsible for driving strategic product direction for the Application Readiness, Installation, Software License Optimization and Software Vulnerability Management solutions. She works with both software producers and enterprise IT operations to ensure that the world’s business and consumer applications are reliably and optimally deployed on millions of computers worldwide. Prior to Flexera Software, she worked as the EVP, Product Development at Infogix and as the VP of Development at Cyborg Systems (now Accerro).