FinOps is about bringing together leaders in business, technology, finance, and engineering to gain a clear understanding of, and better control over, cloud spend (and associated expenditures). Naturally, FinOps aims to bring this same level of financial awareness to DevOps, which shares a similar emphasis on streamlining software development. However, with FinOps, critical cost issues can be presented passively as “insights” or “recommendations,” which are easy to overlook and may not get the urgent attention they deserve.
Unchecked cloud expenses can undermine a business’s financial stability. Startups can exhaust their monthly budgets in just a few days. Mid-market companies may see their profitability vanish in an instant. Such setbacks can diminish operational performance and even compromise security. That said, perhaps it’s time to borrow a strategy from security’s playbook and manage these financial risks as proactively as those experts handle threats.
Security doesn’t make casual, foggy suggestions. The processes directly call out risks, give them a severity grade, track resolution time, and more. Taking the same tact with FinOps changes cloud cost management issues from a “when we get time” task to the “urgent” action it should be, before it’s too late and the damage is done.
We can be heroes
When “recommendations” turn to “risks,” you gain urgency and heightened accountability. Teams become heroes – protectors of stability in the realm of finance – a mission that likely has greater appeal than shaving and saving dollars. Engineers would attack cost issues like they do bugs, and collaborating with them would be those in finance. As a result, the C-suite could see outcomes measured in precise metrics: There would be nothing fuzzy or vague about it.
Even so, this entails more than flipping a mindset to aggressive mode – the right technology must support teams. Remember, we don’t need mere suggestions; we’re looking to be alerted to cost issues, act on them, then measure how fast and effectively they were resolved. This isn’t a one-off, quick fix to the budget. This has to be about building and establishing a culture where innovation flourishes amidst firm financial management.
Speaking of security
FinOps can enhance security, too. For instance, the approach is focused on identifying idle resources and those that are overprovisioned. Tightening up reduces the potential attack surface that bad actors could exploit. Further, accountability is both a pillar of FinOps and security. With clear resource owners, the enforcement of security policies is simpler, unauthorized usage can be traced, management is stronger and misconfigurations that give attackers a way in can be prevented.
Greater financial accountability across an organization makes it easier to create a security culture in which employees at all levels are more inclined to follow best practices. Technology also has a major role to play. Platforms can provide tools for side-by-side comparisons of critical data. It can deliver alerts regarding budget and pinpoint possible attacks through unusual spikes in costs. Resource tags can also follow both financial and security issues at the same time. And this can be driven by automation that integrates FinOps in a seamless way that ensures constant governance of both finance and security.
The heart of the matter
Recommendations alone don’t solve problems – it’s the actions that count. The language of FinOps needs to shift quickly, starting by acknowledging that cost issues are actually risks. When something’s labeled that strongly, you don’t hesitate to decide whether it’s worth pursuing; you act with urgency and accept accountability. This approach also fosters a dialogue where cost and security are always considered together, preventing the kind of siloed decision-making that FinOps aims to eliminate.
