Getting Started with FinOps: Why Cloud Security is Your Step Zero | SoftwareONE Blog

Getting Started with FinOps

Why Cloud Security is Your Step Zero

Getting Started with FinOps: Why Cloud Security is Your Step Zero

Managing cloud finance is a delicate balance. Organizations adopt the cloud to reduce the costs created by running their own centralized computing networks and servers. However, engineering teams and finance teams often come into conflict because they speak different business languages. Additionally, advancing cloud security — whether it’s through expertise or technical means — also increases cloud costs.

Cloud financial management (FinOps) sits at the intersection of engineering, finance, and security. With cloud spend forecasts predicted to surpass $330 billion by 2022, creating a cross-functional FinOps team that includes members of the engineering, finance, and security teams is mission-critical. Whether the goal is to control costs arising from cloud workloads, fraud, or data breaches, unifying these teams around cloud security is the important step zero before starting with FinOps. Let’s dig into how to get started.

Today’s Cloud Spend Landscape

Over the course of the last year, organizations have accelerated their cloud adoption strategies. According to Forbes, 97% of executives said they’ve accelerated their digital transformation strategies, and research indicates digital transformation speed up by an average of six years.

According to an October 2020 IDC market forecast, cloud adoption and opportunities will continue to expand across the globe. The forecast predicts:

  • Total worldwide spending on cloud services will surpass $1.0 trillion in 2024.
  • The industry will sustain a double-digit compound annual growth rate (CAGR) of 15.7%.
  • Public and private cloud services will become the largest overall revenue category and is forecasted to deliver a five-year CAGR of 21%.
  • The “as-a-Service” category will account for more than 60% of worldwide cloud revenue.

From a high level, these statistics tell the story of increased cloud migration. Visibility into how organizations and engineering teams are using cloud comes from a Forrester/CapitalOne report, “Cloud Container Adoption in the Enterprise'' which notes:

  • 86% of IT leaders prioritize using containers for more applications.
  • 50% adopt containers to improve collaboration between developers and operations.
  • 46% adopt containers to improve the developer experience.

However, the same report also shows that enterprise respondents noted the following two “top challenges”: container runtime monitoring as well as monitoring and managing application/container performance. When viewed together, these two reports draw a more defined picture of cloud adoption. While organizations continue to adopt cloud services, they also recognize that managing cloud spend requires revising the engineering department’s finance and procurement practices.

Engaging Your Finance Team with FinOps

FinOps offers organizations a way to meet strategic business cloud use needs and control costs. Bringing the finance team into the world of cloud spend management means communicating both IT needs and financial needs effectively. And that’s where FinOps comes in. Creating a cross functional FinOps team establishes financial accountability over the cloud. Fundamentally, FinOps is a cultural approach to cloud cost management based on six core principles:

  • Collaboration
  • Business value-driven decision-making
  • Accountability for cloud use
  • Accessible and timely reporting
  • Centralization
  • Optimization of cloud variable-cost model

Creating an unbiased, centralized team that includes both engineering and finance practitioners enables closer collaboration by creating common values and language. For example, engineers want to deliver software quickly and reliably, while the finance team needs to accurately forecast and predict spending. While these two might seem at odds, the reality is that they just speak slightly different languages. Regular communication will ensure that these teams work together to achieve both goals.

Finance teams are used to understanding technology spend in terms of capital costs and their depreciation. However, in their book "Cloud FinOps: Collaborative, real-time cloud financial management", Storment and Fuller point out that finance teams can better understand cloud spend when viewed as an operating expense. The key is that they must understand that it moves in microseconds.

For example, Storment and Fuller explain that while containerization packs more services into the same compute resources, it also lowers visibility over billing data. By creating a FinOps team, organizations establish a collaborative approach where engineers work with their finance team to explain how containerization works. Meanwhile, the engineering teams gain a better understanding of why finance teams are frustrated when looking at cloud bills that lack associated data.

Beyond the engineering side of cloud costs, financial and procurement teams also take security costs into account. Security tools, like single-sign-on and key management, add to the operational costs of cloud migration. Meanwhile, new fraud risks emerge as organizations adopt cloud-based enterprise resource management (ERM) solutions and mitigating them will require additional measures to better segregate duties. By bringing security and engineering leadership together with finance and procurement into a combined FinOps team, organizations are able to create standard, business-driven approaches to spending for cloud resources and all their security enabling tools.

Ultimately, FinOps provides the most efficient way for teams to manage their cloud costs by creating a collaborative, information-sharing approach where everyone takes ownership of their cloud usage, supported by a central best-practices group.

Cloud Security is Step Zero

Cloud security needs to be viewed as the foundation upon which an organization builds its FinOps initiative. Fundamentally, strong cloud security reduces cloud costs by reducing the likelihood of fraud and breaches, and monitoring containers and cloud workloads for misconfigurations. This reduces risk while optimizing costs – two fundamental aspects of FinOps.

When finance and engineering teams work together toward a shared business-driven goal, they can leverage the power of the cloud while gaining notable cost benefits. Let’s break down a few
security-related functionalities a bit further.

Risk Management

According to the Cost of a Data Breach 2020 report, the average total cost of a data breach was $3.86 million and lost business accounted for 40%, or $1.52 million, of that amount. Meanwhile, expenditures that reduced the average costs included:

  • Incident response testing: $295,267
  • AI platform: $259,354
  • Managed security services: $78,054

Understanding risks and mitigating them not only reduces the likelihood that an organization will experience a costly data breach, but it also reduces the costs of an incident. Getting a comprehensive cloud roadmap, such as the one offered through Managed Cloud Services, can reduce risk in daily cloud operations.

Fraud Prevention

Fraud prevention controls can also contribute to cost savings. Before deploying a cloud strategy, the FinOps team needs to consider risks like:

  • Credential theft
  • Malicious internal access misuse
  • Conflicts of interest

In cloud-based stacks, Identity and Access Management (IAM) controls reduce data breach and fraud risks. Limiting access according to the principle of least privilege and setting segregation of duties controls can also reduce malicious and accidental access misuse.

Organizations need to ensure that they continuously incorporate the cost of solutions for these cloud security tools when setting their budgets.

Misconfiguration Prevention

According to the 2020 Data Breach Investigations report, data breaches caused by misconfigured cloud resources increased by 4.9% year-over-year from 2019, with misconfigurations being one of the top five threat action varieties for the year.

Resources like containers and cloud-based workloads pose a data breach risk. Ultimately, this means that when factoring these risks into making a cloud migration decision, organizations need to consider them as a potential cost.

Securing cloud workloads with a service like SoftwareONE’s Cloud Workload Security enables organizations to protect cloud assets in multi-cloud and hybrid environments, including Azure, AWS, and on-premises architectures. Mitigating data breach risks by securing APIs and user interfaces while ensuring appropriate IAM controls enables organizations to leverage the cloud’s scalability without compromising security.

Final Thoughts

To remain competitive, organizations need to accelerate their cloud strategies. However, they also need to ensure that they manage their costs effectively. While at first glance these two activities appear to conflict with one another, they are inherently intertwined.

Building FinOps on a foundation of security enables organizations to protect information while ensuring continued scalability. Engineering and finance teams working together toward a common, business-value-based goal can build a cost-optimized cloud strategy when they have tools like SoftwareONE’s PyraCloud. PyraCloud’s tools provide visibility into and accountability over software usage and cloud spend. Engineering teams can track how they use cloud resources, and finance teams can gain actionable intelligence into their current and predicted future spend. 

Discover the Why, What and How of Cloud Security!

In the cloud environment, many security-related functionalities should be implemented to protect against fraudulent actions. For more information about how security can act as FinOps’ “step zero” download our e-book “Cloud Security Fundamentals.”

Download Now

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment


Bala Sathunathan

Bala Sethunathan

Director, Security Practice & CISO


Related Articles

Leveraging Cloud Configurations as Threat Protection for Hyperscale Data Centers
  • 19 May 2021
  • Bala Sethunathan
  • Cybersecurity, Cybersecurity User Awareness, cloud-security
  • Hyperscale Cloud, Cloud Security

Hyperscale Cloud Configurations as Threat Protection

Organizations need secure cloud configurations as a primary threat protection strategy for hyperscale data centers. Learn why and how to start configuring.

Cloud Workload Security: Should You Worry About It?
  • 04 February 2021
  • Bala Sethunathan
  • Cloud Journey, Managed Cloud, Cybersecurity, cloud-security
  • Cloud Workload, Cloud Usage, Container

Cloud Workload Security: Should You Worry About It?

We’re breaking down how cloud workload security works, the common risks associated with cloud workloads, and steps to ensure the security of your cloud workload.


How to Adapt Security When Moving to the Cloud

Adopting the cloud means introducing a few new types of vulnerabilities. Make sure your organization is protected.