FinOps: Cost Control that Lifts the Shadow from Shadow Cloud

Reading Time: 3 minutes

This blog was originally published on CD Insights by Lori Witzel on 7/7/2022.

It’s no secret that the cloud is considered a key ingredient for organizational success through digital transformation. The proof is in the adoption; Gartner notes that by 2025 more than 85 percent of organizations will align around cloud-first principles, and more than 95 percent of new digital workloads will run on cloud-native platforms, a stunning increase from 30 percent in 2021. What has been less frequently discussed are the financial management challenges that come with the cloud’s increasing value for agility.

As cloud adoption has increased, so have the challenges of understanding if cloud spending is a waste—not just in terms of efficient use but also if there are instances of “shadow cloud.” Shadow cloud, like shadow IT, can be found when business units or departments decide they don’t want to wait for centralized IT and build their own instances of cloud to achieve a goal.

Given the need for business agility during our time of ongoing global change, line-of-business leadership may want the time-to-use-case acceleration provided by the cloud now, not later. In much the way SaaS applications like Salesforce were often adopted and deployed outside traditional IT processes and oversight, cloud adoption is increasingly skirting IT’s line of sight.

FinOps: A New Framework to Manage a New Challenge

FinOps, a term coined to combine Finance and DevOps, improves outcomes as business and technical teams work together to get more value from the cloud and manage financial operations and compliance issues related to the cloud. 

As noted by the FinOps Institute, “FinOps is an evolving cloud financial management discipline and cultural practice that enables organizations to get maximum business value…FinOps is the practice of bringing a financial accountability cultural change to the variable spend model of cloud, enabling distributed engineering and business teams to make trade-offs between speed, cost, and quality in their cloud architecture and investment decisions.”

IDC states that FinOps is an approach that reduces the risk of cloud conflict and waste: “The establishment of cloud financial operations (FinOps) teams is an important strategy for managing portfolio inflation.”

A Gartner analyst writes, “Executive leaders should sponsor a cloud operating model that implements a cross-functional cloud economics practice that encompasses the three key IT finance pillars of IT financial management, cost management, and demonstrating the business value of IT.” However, Gartner disagrees that a dedicated team is needed, writing, “it should rarely be the responsibility of a dedicated FinOps team.”

Given the prevalence of shadow cloud, the dynamic nature of cloud adoption, and how key the cloud is to business agility and resilience, it’s too important not to have a dedicated team––as IDC agrees. But there are additional reasons to dedicate a FinOps team.

From Financial Control to Risk Management

The organization-wide oversight provided by a dedicated FinOps team not only can help surface shadow cloud and bring discipline to cloud spending, it can provide support for risk management. For example, shadow IT is a known risk source but one that’s generally within an enterprise’s traditional IT perimeter.

With shadow cloud, the risk is no longer confined to an easy-to-define boundary. Because shadow cloud consumes and exchanges services via the internet across various internal and external systems, the traditional perimeter managed by IT is now completely permeable.

Given the popularity of cloud microservices, there could be tens or hundreds of different services carrying the company’s data assets across the internet. Every instance of cloud that exists outside organizational safeguards and governance thus represents a potential risk. A dedicated FinOps team can and should include governance expertise to identify and control risk when instances of shadow cloud are brought to light.

A dedicated FinOps team should include governance expertise to identify and control risk when instances of shadow cloud are brought to light. Click To Tweet

3 Steps to Benefit from FinOps Now

For business and financial leadership, now is the time to drive awareness, plan resources, and mitigate risks.

Drive and expand awareness of FinOps use cases. 

If your executive leadership is only focused on managing cloud costs, ensure they have a fuller understanding of how FinOps can support risk reduction.

Plan for the resources needed for a dedicated FinOps team. 

Would a 6-8 percent reduction of cloud expenditure pay for a dedicated FinOps team? Would reducing the security risks associated with ungoverned instances of cloud support the value case? Reach out to your services partners and leading industry analysts to develop a plan to bring FinOps to life.

While standing up FinOps, mitigate risk now. 

Even before your organization can stand up a dedicated FinOps team, there are steps to take now to mitigate risk. Review POs and purchase agreements to identify “outside of IT review” use of major cloud provider services. Use auditing processes to identify cloud consumption that exceeds plans. Bring these topics to your Cloud Center of Excellence or cloud workgroups, and start documenting where FinOps can and should focus.

As IDC notes, there’s no sign of slowing growth in the cloud market, given the ongoing transitions to digital-first economies. The use of increasingly diverse, and in some cases shadow, cloud instances are accompanied by critical operational challenges. It’s time to consider taking FinOps from theory to practice.