Cloud finops is the discipline of accounting for and optimizing cloud computing spending. It’s a reaction to years of undisciplined cloud spending or a way to bring order back to using cloud resources. Overall, it is a step in the right direction. However, it’s rarely discussed as a path to enhanced security.
The links to cloud security
Effective cloud finops requires a strong understanding of cloud usage patterns. What occurs during normal operations? By identifying and tracking cloud usage, finops teams can detect anomalies. They can also see most misconfigurations of cloud security and, thus, potential security threats.
The best part is they can do this well before a breach is likely to occur.
Finops tools provide insights into cloud cost management. Unexpected spikes in spending might indicate a data breach, such as CPU saturation due to an attack being underway.
Finops also can help integrate security policies with financial controls. Teams can ensure that only approved resources and configurations are used. This reduces the risk of misconfigurations that might lead to vulnerabilities and data breaches. Show me a deployed cloud; I’ll show you dangerous misconfigurations. Also, the more complex things are, such as with multicloud, the more likely you are to see these misconfigurations.
Attackers with unauthorized access to cloud accounts can manipulate financial settings and launch unauthorized services without the account owner’s knowledge. Policies from finops tools can defend against the unauthorized resource provisioning of machine instances and storage. This reduces the risk of identity theft.
Showback and chargeback data can help pinpoint which teams have misconfigured their cloud services. Also, budget alerts set to spending thresholds can identify potential misconfigurations in cloud services.
Getting finops and cloud security in sync
The current relationship between cloud finops and cloud security is usually nonexistent. Indeed, many see the finops team as those annoying people who send emails asking that cloud instances be shut down or warn that you’re about to exceed your allotted budget for cloud database usage. They sit at different cafeteria tables and go to separate bars after work.
Since each group can benefit the other, how do we get them working better together? I have a few suggestions.
Established finops and cybersecurity teams should evaluate their working relationship annually as part of a continuous improvement effort. I’m seeing significant breaches occur, only to find that the finops team saw the rise in CPU costs, which would have been an indicator that an attack had begun. But it was well under the radar of the cloud security teams for some reason.
Also, cross-train people in the tools. The finops people should have a good understanding of how the security tools function and the security team should be comfortable with the finops tools. Both groups need real-time access to the dashboards they need to carry out their functions, with security having more data points to do their jobs more effectively.
Overall, this speaks to the need for higher levels of observability, including operations, spending, security, governance, etc. Rather than focus on tactical silos of technology, such as within a single cloud provider, deploy tools that exist above the public cloud providers and even above the legacy and traditional on-premises systems. This is the whole idea behind a supercloud or metacloud, which is still growing as a concept and a technology stack.
Until enterprises move to cross-platform observability, at least do the easy things to be more productive and more secure. Having the security team and the finops team talk to each other is a good first step.