Introduction
FinOps always starts with understanding the costs incurred with a Cloud Service Provider (CSP).
In general, one can quite easily view the total cost, or cost per account in their respective Cloud Service Provider portals.
The challenge starts with gaining insight into the costs incurred per Business Unit, department or even per team. To do this, a link must be made between the services being purchased in the cloud and the team that turned on those services.
Each CSP allows tags to be applied to services with more information. These are like the labels on products in the supermarket. For example, the number of calories on a product package. This is a tag, just like the amount of sugar, protein, fat, and salt what is in a product. Similarly, an entire range of tags can be “pasted” on each single service in the cloud. Normally, teams that create services in the cloud (usually DevOps teams) have full control over what tags are placed on a service. For example, this might be a tag called ‘application’ and assign values to it like ‘PowerPoint’. Now its easy to filter for services tagged with [application]:[PowerPoint]. And this tag can be used to assign costs of services to the PowerPoint application.
Another tag might look like [costcenter]:[CC12345678], with that number being the cost center where the cost should be allocated to.
So, by using tags, cloud costs could be visualized very finely.
Briefly, there are 3 strategies:
- Using tags at the account level
- Using tags at the service level
- A combination of tags at the account and service level.
In this article, we outline some best practices gained from our experience in both small and large businesses about tagging accounts and services.
Best Practice: A Central FinOps Team for tagging costs
A central FinOps team is ideally placed under the leadership of the organization’s support arm like IT Operations. This allows the FinOps team to easily align itself with the organization’s policies and propagate them to all those developing on the cloud platform; for example, encourage rapid expansion and innovation, or realize increasing the cost efficiency of the organization.
A centralized FinOps team has many other benefits, but within the scope of tagging, these are as follows:
- There is one process for mapping all cost centers for use in the cloud.
- There is a single point of contact for assigning and changing tags at the account level.
- There is one central team that develops, propagates, and offers best practices to teams that are looking to understand their own costs in more detail.
- The central FinOps team is an independent arbiter in the discussion of which costs belong to a department.
In brief, the Best Practices of the central FinOps team:
- Ensures that all costs can and are allocated to a department (Cost Center)
- Ensures cost overviews and dashboards are easily available, understandable and timely
- Will help teams understand their own costs in more detail
- Will help teams implement cost optimizations, such as:
- Optimizing use of services
- Removing abandoned services
- Making commitments on behalf of the organization to achieve discounts
- At the contract level, by providing the procurement team with the numbers and usage development (planned and forecasted) of the Cloud platform for negotiations with the CSP
- On platform level by making commitments
For virtually all of the above, the tagging of services and accounts is important for understanding costs and potential savings.
It is also explicitly not intended that the FinOps team itself make changes to the infrastructure (except of course its own infrastructure or services it uses). The responsibility to follow recommendations lies entirely with the teams managing the cloud infrastructure.
Mutual agreements and shared accounts
What the central FinOps team should not do (and this is a strong recommendation) is maintain and/or enforce cost-sharing agreements between teams or departments. For example, when an application or services are used by multiple teams. This is because the central FinOps team is not involved in these bi-latiral agreements, nor will it want to. This is because the agreements are made between these teams, and the central FinOps team will not be involved in the considerations and conclusions about them, and therefore cannot judge when costs are rightly or wrongly distributed. This is a matter of policy between parties that the FinOps team does not have access to and can change in the meantime.
It will, however, try to facilitate where it can, to make information available through the central cost reports.
Technical implementation of tagging
The technical setup of tagging can be done in several ways, depending on the purpose and audience that is going to benefit.
Tags can be read by cost management applications and used to allocate and understand costs.
For allocating costs to departments
Costs incurred at the main level should be able to be allocated to the respective departments that directly use the Cloud themselves. This is best done at the account level. And this is best done through an external table and allocation. These are the considerations for doing so:
- Not all CSPs support tags on accounts themselves
- An external table is easier to customize
- An external table could be adjusted programmatically.
- For example, when applying for an account, an assignment of a specific Cost Center tag can be made automatically
- Adjustments could be made via an automated process.
What form or technique is used to create this table is adaptable to the organization’s needs and ability. It is also entirely possible to use external sources to determine account allocation, for example from Asset Management systems using an API and some logic matching the department Cost Center of the requestor of the account to be created. It is important however to check and remedy any inconsistencies that might exist in those systems.
For allocating costs to teams
From the allocation of costs to departments naturally comes the desire to also further specify where costs come from, such as applications or teams.
The best way to do this is to apply a policy that there must always be one or a set of tags assigned to services to be purchased.
The policy then requires for example a tag with “Cost Center” with the value starting with “CC” and following 8 numbers. So it is enforced that a tag “Cost Center” exists, with a correct value of “CC12345678”.
If a policy requires it, the service cannot be started/enabled (or else at the minimum an alert is generated) until this tag is applied.
Again, tagging is best done by the development teams.
For assigning costs to applications
As with 3.2, one then often wants to further examine not only which team, but which application is generating certain costs. Again, this can be done by using tags. As an example:
Application:DSP
Again, this could be enforced (or at least warned about if missing) through policies like Azure Management groups and similar.
Here it is even more important that development teams themselves have control over the application of tags, and therefore benefit from them themselves.
Conclusion
Companies and organizations often start using FinOps consciously or unconsciously at the moment there are costs arising from the use of Cloud services, and there is a desire to gain insight into these costs.
There is a framework that provides tools and best practices that provides cost visibility, helps to work cost efficiently while not losing sight of the benefits of Cloud services, such as innovation and speed.
To better understand costs, a tagging strategy is needed so that Cloud costs can be placed where they came from. It was explained above how this can best be achieved, namely by aligning and adopting the Framework provided to businesses, by:
- Establish a central FinOps Team
- Have the central team understand the cost of Cloud by applying allocation through tags.
- Making cost statements accessible to all who receive help from them
- Develop teams to help provide detailed cost visibility by tagging services by developing a technical and coaching strategy for this purpose.
Implementing these points will lay the foundation for a successful Cloud strategy and a great start in the FinOps journey.