AE - Hub

Cost and security in the cloud: a matter of give and take

Written by Jeroen Haegebaert | 10/20/22 12:02 PM

While many companies consider the cloud nothing more than a mere expansion of their IT infrastructure, they could not be more mistaken. Now that they should be assessing their digital transformation strategy, most enterprises are realizing that in order to stay relevant they need to be able to constantly respond to a changing environment, more quickly than before.

This means that IT systems need to support ever-faster changing requirements, so business and application architectures need to support ‘faster change’ rather than ‘stability’. This is where we believe cloud services can make a big difference. As we argued before, “the cloud is not just another datacenter”.

But when the cloud becomes more than just an extra data center, an important question emerges. How can you, on the one hand, give teams the freedom they need to reap all possible benefits of the cloud and, on the other hand, prevent costs and security risks from spinning out of control? It all comes down to well-balanced cost and security management.

Cost management

If you fail to impose restrictions on your teams and don’t incentivize them to keep costs down, you’re setting yourself up for an eye-watering price tag. Unfortunately, the easiest solution is usually not the cheapest. It is, in other words, vital to strike a balance between granting teams the necessary freedom and keeping unnecessary costs at bay.


Strategies to stimulate innovation in the cloud while avoiding overly expensive bills include:   

1. Just ignore it

Or, ‘don’t overdo it’. Sometimes, the benefits of actively managing cloud spending will simply not outweigh the costs. This tends to be the case for smaller organizations with a limited number of applications, or a cloud subscription costing no more than a few hundred euro a month. It’s obviously still required to monitor the bill, of course (in order to avoid ‘accidents’).

2. Educate and incentivize

Incentivize teams to keep costs under control. Gamification is one way of approaching this, but be careful as to not let your teams lose track of efficiency. And know that education can serve as an incentive, too. Encourage architects and developers to take (online) courses to better get to know their platforms and gain useful insights into cloud cost management. Or simply kill two birds with one stone, by rewarding teams with (a budget for) an outing for each certification they reel in.

3. Put together a SWAT team

Larger organizations with a sufficiently large cloud spend can benefit from putting together a SWAT team of dedicated engineers whose sole focus is cost management: monitoring the overall expenditure, helping teams improve their architecture in order to save costs, ...  If successfully implemented, this is one of those strategies that pay for themselves – ah, the joy!

4. Leverage cost management tooling

Cloud experts underline the importance of cost transparency towards product teams. The teams should be held accountable for their cloud costs, but that of course means they require tooling that enables them to keep an overview of the Total Cost of Ownership.

Specialized tool vendors do exist in this department, but they tend to deliver mixed results and not always provide a clear ROI. As a rule of thumb, if your yearly cloud spending starts to exceed more than 500K spanning multiple cloud services from different vendors, these tools start to become useful.

Fortunately, the native tooling offered by cloud vendors has improved tremendously in recent years. Monitoring cloud subscriptions and consumption levels, these tools even facilitate cost management
by making automated suggestions to save costs, e.g., proposing cheaper alternatives for certain components.

Security: freedom within guardrails through policy automation

Next to cost management tools, cloud platforms these days also offer tooling for security policy automation. Let’s say you want your servers to receive automatic updates no matter what, but one of your teams for some reason decides to block those updates from happening.

Or you want data to always be encrypted, certain resources always restricted to a virtual network and protected by a firewall, … Only for a team to (intentionally or not) ignore those policies and do things their way. That’s when security policy automation comes into play. By making good use of the tools provided on cloud subscription level, you can have any violation of your security policy automatically overruled, bringing the system back to its intended state.


The beauty of tooling like this is that it creates a kind of sandbox for teams to play in, setting the necessary boundaries while still leaving them as free as possible to experiment. It enforces security policies without creating heavy bottlenecks, nipping approval procedures which would be uncalled for in the bud.

For the love of cloud!

Is your organization eager to move to the cloud, but clueless when it comes to cloud strategy, what subscriptions to buy, which tools to invest in or how to coach your team towards making the switch? Or are you already ‘hanging in there’, determined to minimize the costs and risks that challenge you? I'm happy to help you reach new heights! Please don’t hesitate to contact us.