Cloud
Why most companies don't know what they're actually spending on cloud
Most large organizations underestimate their cloud bill by 30–60%. Not because of obvious waste, but because figuring out which teams and systems are spending what is genuinely difficult. Here's a straightforward way to get full visibility.
The 30–60% gap
Most enterprises that have done rigorous cloud cost attribution work discover that their actual cloud spend is 30–60% higher than what their finance and operations teams believe it to be. This is not primarily a waste problem — though waste exists in every cloud environment. The primary driver is attribution: cloud costs that are real, that serve genuine business functions, but that are not attributed to the team or workload responsible for generating them. Untagged resources, shared infrastructure with no cost allocation model, and data transfer costs that are categorized as 'miscellaneous' all contribute to a picture of cloud spend that looks lower than it is.
The three categories of invisible spend
Category 1: Data transfer costs. Cloud providers charge for data moving between availability zones, between regions, and between their network and the public internet. These costs are real, they grow with data volume, and they are almost never attributed to the workloads that generate them. A large-scale analytics workload that processes data across regions can generate data transfer costs equal to 20–40% of its compute costs — and those transfer costs typically land in a shared account with no attribution. Category 2: Shared infrastructure costs. Load balancers, NAT gateways, VPN connections, and shared Kubernetes clusters are used by multiple workloads but billed to a single account. Without a cost allocation model for these shared resources, the teams using them appear to cost less than they do. Category 3: Untagged resources. Most cloud cost management systems attribute costs using resource tags. Resources that were created without tags — which is the majority of resources in environments that didn't enforce tagging from the beginning — generate costs that are visible in aggregate but not attributable to specific teams or workloads.
A practical framework for full-cost attribution
The framework for full-cost attribution starts with tagging enforcement — every resource created after a certain date must have a defined set of tags or the creation is rejected. This is straightforward to implement with cloud provider policy engines. For existing untagged resources, discovery tooling can identify ownership by correlating resource creation timestamps with deployment pipeline logs. Shared infrastructure costs are allocated using a resource consumption model: a workload's share of a shared Kubernetes cluster is proportional to its CPU and memory consumption, not a flat split. Data transfer costs are attributed using VPC flow logs correlated with workload identifiers. The result is a cost attribution model where every dollar of cloud spend is traceable to a team, product, or workload.
What to do with the picture once you have it
Full cost attribution typically produces a handful of high-value findings: one or two workloads that cost dramatically more than anyone believed; shared infrastructure that is significantly over-provisioned for its actual utilization; and data transfer patterns that reveal unnecessary cross-region data movement. The value of the attribution exercise is not that it reveals waste to be eliminated — though it often does — but that it makes cost a first-class input to engineering decisions. Teams that can see the cost implications of their architectural choices make different decisions than teams that can't. That behavioural change, sustained over years, produces more cost efficiency than any one-time optimization effort.
Want early access to our thinking?
Subscribe to receive Aethon Core insights as they publish — practical, plain-language content on enterprise technology from people who build it.