The Basics of Good Cloud Financial Management


It's clear that most organizations have at least entertained the thought of migrating workloads to a cloud platform if they haven't done so already. The three primary public cloud platforms – AWS, Azure, and GCP – are becoming increasingly popular, with few signs of their popularity diminishing any time soon.

But it’s not uncommon for organizations that have built out public cloud environments to find surprisingly high – sometimes shockingly high – costs on their cloud invoices. Lessons are often learned the hard way. To manage cloud costs, an organization needs to maximize its understanding ahead of moving to the cloud and minimize the hard lessons on the way.

Organizations looking to better manage their public cloud costs should consider the following best-practice methodologies:

Aligning Finance and IT Pre-Migration

Before moving to a public cloud platform, ensure your finance team is aligned with your IT resources in several ways. First, include financial planning specific to each workload in the migration plan under consideration for the cloud. If we look at the candidacy of moving a specific workload to the cloud, we need to account for the technical resources needed to make it run well and the costs of those resources; this includes migration costs. Comparing these numbers with the on-premise technical resource and cost structure of the workload in question can offer a good business case view.

Most organizations do this to some extent, but many do not have a documented business case and planning framework for assessing cloud workload migration candidacy. Engage the Finance and IT teams to determine on-prem vs public cloud technical and financial architectural views. Keep in mind, a strong assessment may yield results that suggest certain workloads remain on-prem. Whatever the results, it is important to keep an unbiased approach.

Establishing a relationship between Finance and IT is extremely important because the nature of cloud computing gives IT or business units the ability to spin up resources without necessarily obtaining prior Finance approval, resulting in unforecasted expense. Including Finance partners in migration planning can mitigate this risk through collaborative approaches to transparency and control that will help reduce runaway cloud spending.

Organizations should not only consider migration planning from the standpoint of candidates for cloud migration but also the landscape that remains on-prem. Once workloads are migrated, the physical resources that supported those workloads still exist, have already been paid for, and need to be salvaged or repurposed. Waiting to migrate a workload that is running on recently refreshed hardware may make sense, depending on the level of effort to rearchitect it. Migration also may have cost implications from the perspective of software maintenance and support, especially when migrating on-premise software to SaaS, and it’s important to understand, analyze and align these at the time of cloud contracting to avoid redundant costs.

Aligning Finance and IT Post-Migration

Best practices for managing cloud finances should be woven into the organization's cloud strategy, but many organizations lack complete understanding of financial controlling practices within cloud environments. Additionally, just as organizations invest in training for IT personnel operating in public cloud environments, they also should consider investing in training on the following public cloud finance topics (as well as in training finance professionals on cloud topics).

Understanding Cloud Finances

There are many ways to monitor and control resource costs in public cloud environments. It's important that both Finance and IT teams build a strong understanding with disciplined policies and procedures around the following three topics and functionalities.

1. Resource Tagging

Resource tagging assigns metadata values to cloud resources depending on their purpose, i.e., a specific application, project, and/or business unit, cost center or environment. Tagging is very powerful functionality that requires organizational discipline and oversight. The functionality enables an organization to set budgets, billing alarms and thresholds to tags and resources, so personnel can act if usage and costs start to go out of bounds. It's quite common for instances and services to be left running unintentionally, which can spike the consumption meter and lead to surprise bills. Strong controls for resource tagging help prevent these common scenarios. All three of the largest public cloud platforms have similar functionality, though they may use slightly different verbiage, which matters if you have a multi-cloud strategy. In other words, ensure your tagging strategy and oversight are not platform specific. A tagging strategy that uses uniform values across platforms will be integral to managing your cloud infrastructure and reducing headaches down the road. For example, if a cloud administrator proactively tags resources as belonging to testing, development and production environments, while another administrator in the organization does not, it becomes increasingly complex to manage and govern the resources and associated costs as the environments grow. Having a disciplined tagging practice enables the team to consistently compare tags against the proper environment, use cases, and workload resources. It is better to incorporate strong tagging discipline and structure upfront as opposed to backtracking and retagging resources later. An ounce of prevention is worth a pound of cure.

2. On Demand, Spot Instances, Reserved Instances, Reserved Capacity, Serverless Computing

Understanding these approaches, how they work and when to take advantage of them is an important move toward reducing costs. For instance, if an organization has workloads that it uses on a predictable, consistent basis, using reserved instances may be a cost-effective approach. On the other hand, if an application requires inconsistent and dramatic scalability, on-demand may be a better approach. In reality, the strategy for some applications could be to use a combination of both approaches: use reserved instances when the app runs at normal usage and on-demand when there is potential for bursts and dips in usage. Alternatively, serverless computing services, which are not actually serverless, charge by the server invocation instead of by instance running time. Using this approach on the appropriate applications will reduce cost. Finance and IT personnel should be educated in how to plan, deploy and manage these approaches.

Lastly, as an organization’s cloud strategy advances and the future state becomes more solidified, negotiating an enterprise discount on cloud spend with individual providers based on committed use can sometimes provide an opportunity to reduce cloud invoices – especially with the appropriate approach, like reserved instances or reserved capacity. AWS, for example, has recently introduced savings plans, which offer small-scale discounts based on usage. If an organization’s cloud program can manage its environment in congruence with available discount plans proactively, the potential savings may be material. 

3. Other "Gotchas"

Be careful and aware of public cloud autoscaling services and the workloads that use it. Automating environment scalability is a useful and interesting functionality within the public cloud platforms. This offers low-touch capabilities to scale application resources, but, without the right governance and controls, the scaling of the environment can lead to surprise bills.  

Data egress is another area where public cloud customers get hit with surprise costs. Preventing these surprises goes back to sound preparation and planning before migration and/or build out in the cloud. We recommend understanding workload concurrent usage and accessibility requirements, as well as data flow capacity planning that is built into the planning framework. This will help paint a clearer picture of expected network and data flow behavior before a meter charges you for it.

Enterprises have several different methods, approaches and tools they can use to monitor and place controls around costs in public cloud platforms. It's important that both IT and Finance personnel are aware of, well versed in, and coordinated around these topics. It's much better to get a handle on these topics ahead of moving to the cloud to avoid the hard lessons so many organizations have experienced. Organizations that have a better understanding of these areas can weave them into their cloud strategy, policies, and procedures from the beginning of the cloud journey.


About the author

Jason Stading

Jason Stading

Jason is a Consulting Manager on ISG’s Cybersecurity team, where he leads client cybersecurity assessments, supports transformation efforts and advises on systems architecture and design. Jason has extensive experience and recognized certifications in cybersecurity, cloud and Technology Business Management (TBM).