FinOps: Cost Control that Lifts the Shadow from Shadow Cloud
- Lori Witzel, Director of Research for Analytics and Data Management at TIBCO
- 22.09.2022 04:15 pm #cloud
The use of the cloud is marching along, but like with the adoption of any new technology, it isn't always easy to see where financial resources are being squandered or where there is financial wastage. The burgeoning discipline of FinOps enables organisations to better understand and control their cloud spend, but there’s another use case for FinOps related to risk management. Technology leadership are all too familiar with the term shadow IT. Much like shadow IT, shadow cloud is when business units or departments opt not to wait for centralised IT and stand up their own instances of cloud to achieve a goal.
Since the cloud is increasingly seen as the single most crucial ingredient to digital transformation, shadow cloud can be a complicating risk factor. According to Gartner®, by 2025, over 85% of organisations will position their business around cloud-first principles. On a technology front, they state that more than 95% of new digital workloads will run on cloud-native platforms, up from a meagre 30% in 2021. *
The argument for the cloud is there, but so is the need for better financial management. It’s a view that is clear in the IDC, IDC FutureScape: Worldwide IT Industry 2022 Predictions, Doc # US48312921, October 2021, where the research giant says: “For enterprise IT teams, portfolio expansion can make it easier to adopt new capabilities, but as multiple providers in different areas expand their portfolios, IT teams also face increased risks of "subscribing to multiple solutions to the same problem," which creates potential conflicts and waste. The establishment of cloud financial operations (FinOps) teams is an important strategy for managing portfolio inflation.”
One thing complicating managing cloud spend is the easy access to cloud provider services that can complicate IT’s line of sight. For example, with just a credit card and a manager willing to sign off on an expense report, a business unit’s development team can spin up their own instance of AWS S3 without waiting for central IT’s approval. In the same way SaaS applications like Salesforce were sometimes adopted and deployed outside of the traditional IT department’s scope and oversight, cloud usage can similarly skirt IT’s line of sight. Why? Because line-of-business leadership may want the time-to-use-case acceleration provided by the cloud now, not later.
A FinOps framework as an answer
FinOps practices address both cloud cost management and can help reduce the risk from shadow cloud. As summarised by the FinOps Foundation, "FinOps is an evolving cloud financial management discipline and cultural practice that enables organisations to get maximum business value… FinOps is the practice of bringing a financial accountability cultural change to the variable spend model of the cloud, enabling distributed engineering and business teams to make trade-offs between speed, cost, and quality in their cloud architecture and investment decisions."
When applied in a working framework, FinOps marries the efforts of business and technical teams to improve outcomes, derive better value from the cloud, and in turn, improve the management of financial operations and compliance issues related to the cloud.
A FinOps approach is designed to reduce the risk of cloud conflict and waste. To this end, in the IDC, IDC FutureScape: Worldwide IT Industry 2022 Predictions, Doc # US48312921, October 2021, it says: “Require providers to deliver transparency within consumption terms/values and subscriptions prices/status while looking to manage cloud services providers to take on more portfolio evaluation and FinOps tasks as part of their contracts.”
If we factor in the growing prevalence of shadow cloud, continued dynamic and sometimes ungoverned cloud adoption, as well as how the cloud is key to business agility and resilience, I would say that FinOps is best managed with a dedicated team. In the IDC, IDC FutureScape: Worldwide IT Industry 2022 Predictions, Doc # US48312921, October 2021, the research states: “Have central IT architecture and procurement teams working with FinOps tools play a greater role in reviewing expansions of new and existing as-a-service contracts across the organisation to look for current and potential overlaps.”
However, aside from these obvious factors, there are other benefits to having a dedicated FinOps team.
From financial control to managing risk
A dedicated FinOps team offers organisation-wide oversight that can help bring shadow cloud practices to the surface, instilling discipline to cloud spending while providing much-needed support to risk management.
We know that shadow IT is a source of risk, but there are mature audit tools that can help keep it within an organisation's IT remit. With shadow cloud, that risk isn't within the boundaries of your IT department as, by its very nature, shadow cloud uses, consumes, and shares services across the internet and numerous internal and external sources. Your once robust IT perimeter may now be wholly penetrable. An organisation should always consider providing security and governance expertise to the FinOps team to help identify and control the risks associated with shadow cloud.
Benefitting from FinOps
There are three key actions financial leadership can put into motion to truly benefit from a FinOps framework while managing risks from shadow cloud.
First, drive and expand awareness of FinOps use cases, and provide a more all-encompassing view of FinOps, including the way it can support risk reduction in addition to managing cloud costs.
Second, plan for the resources needed for a dedicated FinOps team. A mere 6% or 8% reduction in cloud costs could help pay for a FinOps team, and any governance risk reduction will add support to the business case. But it's not a route you need to take alone; your services partners and industry analysts can help advise on a FinOps plan suited to your business.
Finally, while standing up FinOps, mitigate risk now. You don't need a dedicated FinOps team to mitigate risk immediately; you can start by reviewing expense reports, department-level POs and purchase agreements and identify instances where major cloud provider services are being used outside the IT scope. Just by using proven auditing processes, you can identify anomalies for a cloud workgroup or Cloud Centre of Excellence, which will help define and document where FinOps needs to start.
In a media release issued by the IDC***, it said: “Given its central role in the future enterprise, International Data Corporation (IDC) forecasts "whole cloud" spending – total worldwide spending on cloud services, the hardware and software components underpinning the cloud supply chain, and the professional/managed services opportunities around cloud services – will surpass $1.3 trillion by 2025 while sustaining a compound annual growth rate (CAGR) of 16.9%.”
It’s a sure sign that the rate at which the cloud market is growing is not about to slow down, especially as we transition to a digital-first economy. But with this comes unforeseen spending, the risk of increasing instances of shadow cloud, and critical operational challenges, all of which can be addressed by taking FinOps from theory to practice.