In “No-Code Automation and SecOps,” the third post in our four-part series on operational excellence, we evaluated SecOps as a critical business function and explored ways for automation to help us build more secure, resilient applications. Discussing tools like Security Orchestration, Automation, and Response (SOAR), Security Information and Event Management (SIEM), and Extended Detection & Response (XDR) platforms, we learned how cybersecurity and SecOps leaders are bridging the cloud-native gap and using no-code automation to “shift-left” their SecOps workflows, like providing on-demand automations for developers.
Ultimately, we revisited the three metrics from our first post; speed (performance), scalability, and reliability as key indicators of operational excellence, paying special attention to how SecOps automation can impact these related objectives.
Now, let’s take one final perspective on cloud operations; FinOps.
No-code automation gives cloud operations teams the tools they need to get control of their cloud costs. Platforms like Blink come with purpose-built automations for cloud cost management and optimizations, significantly reducing the effort required to build new workflows. In the Blink Automation Library, there are over 5000+ cloud automations available for teams to deploy today.
In this post, you will learn about the different types of security tools being used by cloud engineering and FinOps teams today. Then, we’ll discuss how no-code automation can unlock new degrees of operational efficiency for your developers and FinOps teams.
What Does FinOps Automation Mean Today?
Before we determine how FinOps has changed over the last few years, it’s important for us to align on what “FinOps” even means. Here’s one definition that works for me. Stephen J. Bigelow, a Senior Technology Editor at TechTarget, describes FinOps, which is short for financial operations, as “a framework for managing Opex across an organization, often in conjunction with the cloud and cloud computing.” I like this definition because it describes FinOps as a framework. More than just a directive from financial executives to reduce operational expenses, FinOps comprises different processes and responsibilities that combined enable organizations to achieve predictable and cost-efficient cloud expenditures.
It’s important to note that I’m not talking about other functions that are sometimes considered FinOps, for example payment systems or credit card processing.
For this blog post, we’ll focus on the functions related to managing and minimizing costs across your organization’s cloud. This includes both the infrastructure resources and services, as well as the cloud tools and third-party services your organization relies on to operate at scale. We’ll consider the different jobs required to keep your cloud costs in check, and ultimately determine what it takes to function as an operationally excellent organization within a FinOps context.
Bridging the Cloud-Native Gap for FinOps
Earlier this year, we published a cost optimization guide for cloud infrastructure teams. That’s because in addition to securing their applications from vulnerabilities and external threats, infrastructure teams find themselves responsible for managing another business risk: the overall cost of their organization’s cloud operations. Especially in today’s tumultuous economy, it’s never been more important to ensure efficient and economical cloud operations.
Managing cloud costs requires infrastructure teams to monitor and take actions across tens or even hundreds of different cloud platforms and services. This means logging in and out of different tools, manually scaling down services at night, resizing clusters, and continuously deleting unused resources. Keeping your cloud costs in check means lots of tedious, time-consuming tasks that quickly add up and impact your infrastructure team’s productivity.
There are cloud cost optimization tools to help organizations identify inefficiencies, but remediating these kinds of issues typically requires manual intervention from cloud engineers. As the notifications stack up, how are infrastructure teams supposed to keep costs in check while staying up-to-date on their planned work?
For example, how are you supposed to solve issues like these across different platforms using cloud cost optimization tools:
- Enforcing Mandatory Tags Across Your AWS Resources
- Finding and Deleting Unattached AWS Volumes and Gateways
- Finding and Removing Unattached AWS Elastic IP Addresses
- Finding and Removing Old EBS Snapshots
- Finding and Resizing Amazon EC2 Instances with Low CPU Usage
- Lowering Costs on Long Running AWS EC2 Instances
- Scaling Down AWS EKS Clusters Nightly
- Detecting AWS DynamoDB Tables with Stale Data
- Lowering AWS CloudTrail Costs by Removing Redundant Trails
- Ensuring AWS CloudWatch Log Groups Have Set Retention Periods
- Enforcing Mandatory Tags Across Your Azure Resources
- Finding and Deleting Unattached Disks with the Azure CLI
- Detecting and Removing Unattached Azure Public IP Addresses
- Finding and Removing Old Azure Snapshots
- Finding and Resizing Azure Virtual Machines with Low CPU Usage
- Optimizing Costs for Long Running Azure VMs with Reserved Instances
- Pausing Your AKS Cluster Nightly
- Enforcing Labels and Tags Across Your GCP Resources
- Finding and Deleting Unattached GCP Disks
- Finding and Removing Unattached GCP External IP Addresses
- Finding and Removing Old GCP Disk Snapshots
- Finding and Resizing GCP Compute Instances with Low CPU Usage
- Lowering Costs for Long Running GCP Instances with Committed Use Discounts
- Pausing Your GKE Cluster Nightly
These kinds of operational tasks require more than using tools to identify cost management issues. They involve processes that require cloud engineers to learn the different nuances of each platform, and then taking direct action in each platform. It’s possible to write a custom script to solve a single use case, but with so many platforms and different cost centers, cloud infrastructure teams will never be able to automate their way out of a bad situation using ad hoc scripts to manage cloud costs. Adopting a no-code platform helps teams to better automate these kinds of cloud cost management tasks, with all integrations and scripts managed securely on a cloud-native platform, with all security updates and high availability already handled.
Operational Excellence and FinOps
When it comes to cloud cost management, operational excellence means having clearly established FinOps processes and procedures, with visibility into the real-time status about the consumption of your cloud resources. Processes should be coordinated across all relevant cloud platforms, so your FinOps teams can identify and respond to issues faster, using real-time information to make better decisions sooner.
When a cloud resource is not performing as expected, you can quickly rack up far greater cloud expenses than you’d originally anticipated. In order to avoid having an uncomfortable conversation with your cloud provider, it’s important that your cloud infrastructure team identify issues early and resolve them quickly.
Here are some common FinOps tasks that can quickly become problems if not managed appropriately:
Reviewing Your Current Spending
AWS, Azure, and GCP all have reporting options that enable you to view and filter your spending over a period of time. In AWS, you can create Cost and Usage Reports. In GCP, you can review your Cloud Billing Report and view spend by “Project” or other filters. In the Azure portal, you can download usage and charges from the “Cost Management + Billing” section. These views show transactional costs, such as from data transfers. If you want more granular details on your cloud spending, you should leverage resource labels and tags to accurately categorize expenses. Labels and tags enable you to associate resources with specific cost centers, projects, business units, or teams. If you use more than one cloud provider, you’ll want to aggregate invoices and usage reports across vendors. In this scenario, having consistent tagging methods across platforms is even more useful as it can offer a consistent way to view your resource usage and expenses.
Eliminating Unnecessary Resources
When projects are spun up and shut down, there are often resources that become unattached and left behind. While you are no longer using these resources, they are still costing your organization money on a recurring basis. If you don’t have an efficient way to regularly catch and delete these unattached resources, a no-code platform like Blink can help your team scale up scheduled automations to continuously detect and remove unnecessary resources. Otherwise, you can manually review resources in the console and remove unused ones in bulk. For example, you’ll want to look out for Unattached Disks, Unattached IP Addresses, or Old Snapshots. Finding and removing idle resources is a clear way to cut your operating costs, but it’s also an important practice for maintaining a strong security posture. If you leave resources like unattached IP addresses, idle NAT Gateways, load balancers with no target, or orphaned Secrets lying around, bad actors could find them and take advantage of the information. In this way, resource management is also key to reducing costs and reducing risk.
Optimizing and Updating Resources
While it’s important to eliminate the resources you’re no longer using, it’s the ones that are being used that are likely to be your biggest cost center. For this reason, it’s also critical that your operations teams have processes for continuously optimizing and updating your cloud resources. Here’s an example we’ve implemented at Blink. In AWS, our dev RDSs are configured with low IOPS. We increase the IOPS as needed if there is a spike, and then reduce IOPS again after the spike is finished. This minimizes the IOPS we’re paying for, while still ensuring required throughput demands are met.
Whether creating new resources or evaluating existing ones, it’s important to consider which family of resources best fits your needs. For example, when considering your performance requirements, you might have use cases like batch jobs or workloads that are fault-tolerant. Azure, GCP, and AWS all have unused capacity that they offer as less expensive, less reliable Spot VMs. Compared to on-demand instances, they are up to 90% less expensive to run. Another opportunity to reduce costs is by upgrading to new machines. Often, cloud providers will offer newer versions of cloud resources that run more efficiently or have higher performance, so it’s a good best practice to upgrade to newer versions as much as you can. One example of this is with EBS volumes. By switching from EBS GP2 volumes to EBS GP3 volumes, you can reduce your costs by 20%. Another example is an automatic report that identifies which resources incurred a spike in usage over the prior day, indicating potential issues to resolve.
The Blink Automation Library comes with more than 500 different automations for cloud cost management, to help cloud engineering teams resolve FinOps duties faster. Cloud engineering and FinOps teams can leverage Blink automations to scale down services when not in use or streamline resource upgrade workflows. Blink makes it easier to coordinate cost management efforts across different cloud tools, massively reducing the amount of time cloud engineers must spend on their recurring cost management responsibilities.
Achieving Better Cost Management Outcomes
While your infrastructure must scale rapidly to meet demand, you also want to ensure there are processes in place to prevent unplanned or unnecessary costs.
Here are some questions you should ask yourself to help you achieve better cost management outcomes:
- What teams have access to critical infrastructure? When teams find inefficiencies are they empowered to take action or do known issues go unresolved?
- How is your team’s FinOps hygiene? Are you regularly finding and deleting unused resources, upgrading outdated infrastructure, and reviewing your recurring costs?
- How long does it take to upgrade cloud resources? How much effort is required?
- How difficult is it to compose FinOps workflows across different cloud platforms? How much manual work is required?
- Do teams receive the necessary training to prevent unnecessary cloud spend?
- How many communication channels does your organization use when there’s a cost management issue? Who should be involved?
- How difficult is it to coordinate across teams or channels?
- How difficult is it to create actionable alerts for stakeholders?
No-code automation can help your cloud engineers prevent and respond to cost management issues more quickly. In a world of microservices and countless cloud tools, it’s more important than ever for cloud engineers to leverage automation to abstract away ever increasing complexity. Adopting a no-code platform can help your FinOps team standardize cost optimization and management workflows, improve your team communication and documentation, and cut down overall cloud expenses.
That’s why Blink comes with over 1200 different automations to help improve cost optimization, management and overall reliability across your cloud infrastructure.
Try Blink today
Blink enables DevOps, SecOps, and FinOps to achieve operational excellence by making it easy to create automated workflows across the cloud platforms and services they use every day. The impact of adopting a no-code automation platform like Blink is happier, more productive development teams and more reliable, resilient cloud operations.
The best part? The no-code future for cloud operations is available today. Sign up to create a Blink account.