Where Your Cloud Budget Actually Goes โ and Why IT Can't Fix It Alone
Most organisations waste a quarter of their cloud spend. The problem isn't technical โ it's a governance gap between who creates costs and who's accountable for them.
Part One is a five-minute read. Part Two has the evidence for anyone who wants to dig deeper.
Part One: The governance problem hiding in your cloud bill
Here's a scenario most CIOs will recognise. Your FP&A team needs powerful machines โ heavy Excel workbooks, complex macros, financial models that would bring a standard laptop to its knees. In the past, that meant dedicated high-spec desktops sitting under their desks. Expensive to buy, expensive to maintain, but at least the cost was visible and finite: you bought the hardware once, depreciated it over three to five years, and moved on.
At some point, someone decided to move those workloads to cloud-hosted virtual machines instead. The logic sounded reasonable โ no hardware to maintain, easy to scale, same specs. But the economics shifted in a way nobody tracked. A dedicated workstation costs a few thousand euros upfront and runs for years. A cloud VM with equivalent specs costs โฌ500 to โฌ800 per month, every month, indefinitely. Over three years, the cloud option can cost two to three times more than the hardware it replaced. And that's before you account for what happened next.
Those VMs are running 24 hours a day, 365 days a year. The FP&A team works roughly nine to five. That's eight hours of productive use out of every twenty-four โ which means two-thirds of what you're paying for those machines is pure waste. Not because the technology is wrong, but because nobody turned them off overnight. And when IT suggested doing exactly that, the answer came back: no. The team wants the machines ready the instant they sit down. No boot-up wait. No sixty-second delay. Always on, always available, always costing you money.
Now imagine IT compromises. Fine, we'll put the VMs on a schedule โ boot at eight, shut down at six. That helps. But it doesn't solve the problem either. What happens when a team member is out sick? On holiday for two weeks? At an offsite for three days? The machine boots on schedule, runs all day, and nobody logs in. Multiply that across a team of four, factor in holidays, conferences, sick days, and the reality is that even scheduled VMs are running empty a meaningful portion of their "active" hours. The schedule addresses the overnight waste but misses the human variability entirely โ because the schedule doesn't know who's actually at their desk.
IT can see all of this in the utilisation data. But they don't have the authority to act on it, because the business unit won't accept changes to how their resources are managed. And so the machines keep running, the invoices keep arriving, and nobody in the room where the budget gets approved has any idea that a large share of the line item is paying for compute that's doing nothing.
This isn't an FP&A problem. It's a governance problem. And it's happening across your entire cloud footprint.
The waste is structural, not accidental
Across the industry, organisations waste somewhere between a quarter and a third of every euro they spend on cloud. Not on ambitious projects that didn't pan out โ on resources nobody is using. Virtual machines left running around the clock for teams that work business hours. Storage volumes attached to instances that were decommissioned months ago. Development environments that nobody turned off after the sprint ended. For software and IT-heavy companies, cloud has quietly become the second-largest line item after payroll, averaging roughly a tenth of revenue. And the waste is baked into the bill in a way that's remarkably hard to see โ because it's not one large, obvious mistake. It's thousands of small, reasonable-sounding decisions that nobody is empowered to challenge.
The root cause isn't technical incompetence. It's a structural gap between who creates cloud costs and who is accountable for them. Business units request resources. IT provisions them. Finance pays the invoice. But no single function has both the visibility to see the waste and the authority to stop it. IT can see that a VM has been idle for sixteen hours a day for six months โ but they can't shut it down without a fight. Finance can see the total bill growing โ but they can't tell which line items are valuable and which are inertia. And the business unit that requested the resource has no reason to care what it costs, because the cost never shows up in their budget.
This is the same governance gap that organisations struggled with in the early days of enterprise software licensing, and before that, with telecom costs. The pattern is predictable: a new category of infrastructure spending grows quickly, gets distributed across teams, outpaces the controls designed for simpler cost structures, and becomes a source of silent margin erosion until someone builds the discipline to manage it. Cloud is just the latest iteration โ with the added complication that AI is accelerating the spending curve before most organisations have even got the basics under control.
AI makes the governance gap worse, not better
GenAI workloads are growing at rates that make traditional cloud spending look stable. The GPU-as-a-service market is expanding rapidly, and the hyperscalers have found a new pricing lever โ bundling AI features into existing products whether you asked for them or not. Google raised Workspace pricing by up to 22% by packaging Gemini into core plans. Azure and AWS have both increased prices across storage and data transfer categories. The common thread is that AI infrastructure is expensive to build, and the hyperscalers are passing that cost through to every customer, including those who haven't deployed a single AI workload.
But the more insidious problem is what happens when business units start adopting AI tools without a cost framework. The same dynamic that keeps FP&A's VMs running at two in the morning plays out with AI workloads โ except faster and at larger scale. A team integrates an LLM into a workflow. Usage grows because it's useful. Token costs scale with every query. And nobody built a cost model before it went live, because the team that adopted the tool isn't the team that pays the bill.
Roughly four in five companies that deploy AI exceed their cost forecasts by 25% or more. That's not a forecasting failure โ it's a governance failure. The technology did exactly what it was asked to do. The organisation just never decided who was responsible for watching what it cost.
What this actually looks like in your budget
Let's put numbers on the FP&A example. Say you're running a mid-sized operation in the DACH region โ a few hundred employees. Your FP&A team has four cloud VMs, each provisioned with high-spec compute for financial modelling. A well-specced VM on Azure or AWS runs somewhere around โฌ500 to โฌ800 per month at full utilisation. Four machines, always on: roughly โฌ24,000 to โฌ38,000 a year.
Now apply the nine-to-five reality. Two-thirds of that โ somewhere between โฌ16,000 and โฌ25,000 annually โ is paying for machines that are doing nothing. For one team. In one department.
Scale that pattern across the organisation. Development environments that run nights and weekends. Test servers that haven't been touched since the last release. Analytics workloads that spike for two hours during a daily batch job and sit idle the other twenty-two. Surveys consistently show that over half of engineering leaders admit their capacity commitments are essentially guesswork โ resources sized for peak demand and left running at that size permanently.
For a DACH mid-market company with annual cloud spend of โฌ400,000 to โฌ600,000, the industry benchmarks suggest โฌ100,000 to โฌ180,000 of that is waste. That's not a rounding error. It's a senior hire. It's a product initiative. It's the margin difference between a comfortable year and a tight one. And the reason it persists isn't that nobody has the tools to find it โ it's that nobody has the mandate to fix it.
Why technical fixes can't solve a governance problem
The instinct is to reach for technical levers. Right-size the instances. Set up auto-scaling. Move to reserved pricing. Tag everything. Put VMs on a schedule. These help โ reserved instances can cut compute costs by 30โ40% for predictable workloads, and scheduling addresses the most obvious overnight waste.
But they don't solve the underlying problem, because the underlying problem isn't technical. It's about who gets to make decisions about resources, and on what basis.
Right-sizing a VM that shouldn't be running at all just makes the waste cheaper per hour. Reserved pricing on a workload that runs eight hours a day but is billed for twenty-four locks in the waste at a discount. A shutdown schedule that doesn't account for holidays, absences, and actual demand just trades around-the-clock waste for daytime waste. And tagging resources tells you where the cost is โ but if the team that owns the tag has no incentive to reduce it, and IT has no authority to enforce changes, the tags just produce reports that nobody acts on.
This is the FP&A pattern in miniature, repeated across the business. IT can see the waste. They can recommend the fix. But the fix requires a business unit to accept a change, and without a governance model that involves those teams in the decision โ and holds them accountable for the outcome โ the default answer is always "leave it as it is."
The answer isn't to take control away from business units and hand it to IT. That creates a different problem: teams that feel policed rather than supported, and an IT function that becomes a bottleneck for every resource request. What works is a governance model where teams are genuinely involved in decisions about their own resource usage โ they see the costs, they understand the trade-offs, they have autonomy to choose how to work within defined limits. The FP&A team should absolutely have a say in how their compute is managed. But they should make that decision knowing what it costs, with a budget that reflects it, and within guardrails that prevent one team's convenience from becoming the organisation's hidden expense.
The industry has a name for this discipline. It's called FinOps. But FinOps isn't a dashboard or a set of cost alerts. At its core, it's a governance framework โ one that gives every team visibility into what their workloads cost, autonomy to make decisions within boundaries, and accountability for the consequences of those decisions.
Two ways forward
There are two realistic paths, depending on how much organisational change you're ready to take on.
Start with what IT controls. If you can't change the governance model right now, start where you have authority. Run a waste audit on resources that IT owns directly โ dev environments, test infrastructure, internal tooling. Implement shutdown schedules where you can. Right-size instances that are clearly oversized. Clean up orphaned storage and forgotten snapshots. Most organisations find 15โ20% savings in the first pass, often within weeks. This isn't transformative, but it demonstrates the scale of the problem in hard numbers โ and those numbers become the business case for the harder conversation.
Make cost a shared responsibility. If you want the full 30โ40% savings that mature organisations achieve, you need to change who owns cloud cost decisions โ and that means involving business units, not overruling them. Teams see the cost of the resources they consume, in something close to real time, allocated against their own budgets. They get genuine autonomy to decide how to use those resources. But they decide with full visibility into what it costs, and within limits that prevent any single team's preferences from creating unchecked expense for the organisation. The FP&A team might look at โฌ25,000 a year in idle compute and decide that always-on availability is worth it to them โ and that's a legitimate choice, as long as it's their budget absorbing it and they've made it with eyes open. More often, when teams actually see the number, they find the sixty-second boot time is a perfectly acceptable trade-off. The same applies to AI workloads: cost owners from day one, usage guardrails from day one, not after the first surprise invoice.
The first path is right if you need to build credibility and demonstrate value before asking for organisational change. The second is right if leadership already senses the problem and is willing to address it structurally. Either way, the organisations that have done this well report something beyond cost savings: they make better architectural decisions, because when teams can see what their workloads cost, they start asking different questions about how things should be built.
The clock is running on more than costs
For DACH companies, there's an additional dimension. The regulatory landscape โ EU AI Act, EU Data Act, DORA, NIS2 โ is tightening the requirements around how and where data is processed. Organisations that don't have visibility into their cloud footprint will struggle to demonstrate compliance when the time comes. And the sovereignty question โ the growing discomfort with dependency on US hyperscalers, amplified by shifting geopolitical dynamics โ is pushing companies to think about whether certain workloads belong on European infrastructure.
You can't make that decision intelligently if you don't know what you're running, where it runs, and what it costs. Cloud governance isn't just about saving money โ it's the foundation for every strategic infrastructure decision that follows. Sovereignty, hybrid architectures, edge computing, AI cost management โ all of them depend on the same underlying capability: knowing what you have and having the authority to manage it.
The bottom line
The conversation most leadership teams need to have isn't about whether cloud is too expensive. Cloud is infrastructure, and infrastructure costs money. The conversation is about who in the organisation is responsible for making sure that money is spent deliberately โ and whether they have the authority to act on what they find.
Right now, in most organisations, IT can see the waste but can't fix it. Finance can see the bill but can't explain it. And business units consume resources without ever seeing the price tag. That gap is where a quarter of your cloud budget disappears. Closing it isn't a technology project. It's a leadership decision about how your organisation governs a cost category that's growing faster than almost any other line item on the P&L โ and one that AI is about to make significantly larger.
The FP&A team's always-on VMs are a small example. But they're a perfect one. Because the fix is obvious, the savings are real, and the only thing standing in the way is a conversation nobody has been willing to have.
Join the conversation
Is your cloud spend governed โ or just monitored? I'd love to hear how your organisation handles the gap between IT visibility and business accountability โ join the discussion on LinkedIn.
Everything in Part One is grounded in specific research. This section lays out the data for anyone who wants to verify the claims, challenge the numbers, or take this to their board with sources attached.
Part Two: The Evidence
How big is the waste problem, really?
The headline number comes from the Flexera 2025 State of the Cloud Report, which surveyed more than 750 technical professionals and executive leaders worldwide. Their finding: organisations waste 27% of their cloud spend on average [1]. Cloud budgets are exceeded by 17% on average โ up from 15% the year before โ and 84% of respondents now rank managing cloud spend as their top challenge [1].
Broadcom's Private Cloud Outlook 2025, surveying 1,800 IT decision-makers, paints an even starker picture from the practitioner perspective. Nearly half of respondents โ 49% โ estimate that more than 25% of their public cloud spend is wasted, and 31% believe the waste exceeds half their total spend [2]. These aren't abstract estimates; they're what the people managing the infrastructure believe is happening on their watch.
The Harness "FinOps in Focus 2025" report adds the engineering dimension. Surveying 700 developers and engineering leaders in the US and UK, it found $44.5 billion in enterprise cloud infrastructure spend projected to be wasted in 2025 on underutilised resources. The finding that cuts closest to the governance argument: 55% of developers say purchasing commitments are based on guesswork rather than measured data [3]. Resources are being sized and committed based on estimates, then left running at those levels regardless of actual demand.
For context on scale: at software and IT-centric mid-market companies, cloud has become the second-largest line item behind payroll, averaging roughly 10% of revenue [4a]. When a quarter of that line item is waste, the financial impact is material โ not an optimisation opportunity, but a margin problem.
The AI cost accelerant โ what the data shows
AI is compounding the cloud cost problem faster than most organisations anticipated, and the data is now robust enough to quantify the impact.
A 2025 study of 372 enterprise organisations found that 80% miss their AI infrastructure cost forecasts by more than 25%, with 24% off by 50% or more [5]. The same study found that 84% of companies experience gross margin erosion of at least 6% from unexpected AI costs, and for companies with heavy AI workloads, the margin impact reaches 16% โ translating to over $12 million in lost EBITDA on a $200 million portfolio company [5].
The hyperscalers are simultaneously raising prices across the board. Google increased Workspace pricing by up to 22% in early 2025 by bundling Gemini AI into core plans โ a price increase applied to all customers regardless of whether they use the AI features [6]. This pattern of bundling AI into existing products at higher price points is becoming the default hyperscaler pricing strategy, effectively making every cloud customer an AI customer whether they chose to be or not.
The FinOps Foundation's 2026 survey โ its sixth annual, covering 1,192 respondents managing over $83 billion in combined annual cloud spend โ confirms that organisations are scrambling to catch up. A striking 98% of FinOps practitioners now manage AI spend, up from 63% in 2025 and just 31% in 2024 [7]. The speed of that shift reflects how quickly AI costs went from experimental line item to urgent governance problem.
FinOps maturity โ the governance gap in numbers
The term FinOps describes a cross-functional discipline for managing cloud costs โ combining finance, engineering, and business stakeholders into a shared accountability model. The FinOps Foundation's maturity framework uses three stages: Crawl (basic awareness), Walk (active optimisation), and Run (mature, continuous management).
Adoption is growing: 59% of organisations now have dedicated FinOps teams, up from 51% in 2024 [1]. But maturity remains strikingly low. Only 14.2% of organisations have reached "Run" status โ the mature stage where cost governance is embedded into operational decision-making [7]. The remaining 85.8% are still building the basics.
The gap between adoption and maturity is where the governance argument lives. Having a FinOps team is not the same as having FinOps discipline. The research is consistent: organisations with mature FinOps practices โ the ones that have reached Run โ achieve 30โ40% cost savings compared to unmanaged cloud spending [7] [8]. Deloitte estimates the industry-wide savings opportunity at $21 billion for 2025 alone, with some companies able to cut cloud costs by as much as 40% [8].
Reserved instances illustrate the gap between technical capability and governance execution. AWS documentation shows Standard Reserved Instances can deliver savings of up to 72% off on-demand pricing for long-term commitments, with typical one-year savings in the 30โ40% range [9]. The tool exists. The savings are available. But capturing them requires knowing which workloads are predictable, which teams own them, and having the organisational authority to make and enforce commitments โ all governance functions, not technical ones.
As IDC Research Vice President Dave McCarthy observed: the ease of spinning up resources reduced friction on the upfront side, but it introduced a new problem โ the unexpected bill [4b]. The friction didn't disappear; it moved from procurement to finance, where nobody was watching.
The DACH regulatory dimension
The governance imperative is intensifying for DACH companies specifically, driven by a regulatory timeline that demands the same visibility FinOps provides.
The Bitkom Cloud Report 2025 โ surveying 604 German companies with at least 20 employees โ shows cloud adoption at 90%, up nine percentage points from 81% in 2024 [10]. Cloud is no longer optional infrastructure; it's the operating environment. But the sovereignty dimension adds a layer of complexity that US and UK companies don't face. The same Bitkom survey found that 100% of respondents would prefer a German cloud provider, and 67% now require a trustworthy country of origin as a mandatory selection criterion โ up from 58% the previous year [10].
These preferences collide with a regulatory timeline that is already in motion. NIS2 became applicable in October 2024, requiring enhanced cybersecurity obligations including supply chain risk management [11]. DORA โ the Digital Operational Resilience Act โ entered into application on 17 January 2025, imposing strict ICT risk management requirements on financial entities and their technology providers [12]. The EU Data Act became applicable on 12 September 2025, establishing new rules on data access, switching between cloud providers, and interoperability [13]. And the EU AI Act's high-risk provisions โ including Article 10's requirements on data quality and data governance for AI systems โ reach full applicability on 2 August 2026 [14].
Each of these regulations requires organisations to know what data they hold, where it's processed, who has access, and under what conditions. An organisation that can't tell you which cloud resources are running, where, and what they cost is in no position to demonstrate compliance with regulations that demand precisely that level of operational visibility. Cloud governance and regulatory compliance aren't separate initiatives โ they draw on identical capabilities.
References
| Ref | Source | Published | Validated | Used for |
|---|---|---|---|---|
| 1 | Flexera โ 2025 State of the Cloud Report | March 2025 | 10 March 2026 | 27% cloud waste, 17% budget overrun, 84% rank cost as top challenge, 59% have FinOps teams (up from 51%) |
| 2 | Broadcom โ Private Cloud Outlook 2025 | 2025 | 10 March 2026 | 49% estimate 25%+ waste, 31% believe waste exceeds half of spend |
| 3 | Harness โ FinOps in Focus 2025 Report | February 2025 | 10 March 2026 | $44.5B projected cloud waste, 55% of developers say commitments are guesswork |
| 4a | CIO.com โ Cloud costs now No. 2 expense at midsize IT companies behind labor | 2024 | 10 March 2026 | Cloud as second-largest line item after payroll, ~10% of revenue |
| 4b | CIO.com โ CIOs contend with rising cloud costs | 2024 | 10 March 2026 | Dave McCarthy (IDC) quote on unexpected bills from ease of cloud provisioning |
| 5 | Mavvrik โ 2025 State of AI Cost Management Research | 2025 | 10 March 2026 | 80% exceed AI cost forecasts by 25%+, 84% experience 6%+ margin erosion from AI costs |
| 6 | 9to5Google โ Google Workspace Price Increase 2025 | January 2025 | 10 March 2026 | Google Workspace pricing increase of up to 22% with Gemini bundling |
| 7 | FinOps Foundation โ State of FinOps 2026 Report | February 2026 | 10 March 2026 | 14.2% at Run maturity, 98% manage AI spend (up from 31% in 2024), 30โ40% savings at maturity |
| 8 | Deloitte โ TMT Predictions: FinOps Tools Help Lower Cloud Spending | November 2024 | 10 March 2026 | $21B industry-wide savings opportunity, up to 40% cost reduction achievable |
| 9 | AWS โ Reserved Instances Pricing | Ongoing | 10 March 2026 | Standard Reserved Instances deliver up to 72% savings; typical one-year savings 30โ40% |
| 10 | Bitkom โ Cloud Report 2025: Wirtschaft ruft nach deutscher Cloud | June 2025 | 10 March 2026 | 90% German cloud adoption, 100% prefer German provider, 67% require trustworthy country of origin |
| 11 | European Commission โ NIS2 Directive | Ongoing | 10 March 2026 | NIS2 applicable October 2024, enhanced cybersecurity obligations |
| 12 | EIOPA โ Digital Operational Resilience Act (DORA) | Ongoing | 10 March 2026 | DORA applicable 17 January 2025, ICT risk management for financial entities |
| 13 | European Commission โ EU Data Act | Ongoing | 10 March 2026 | EU Data Act applicable 12 September 2025, data access and cloud switching rules |
| 14 | EU AI Act โ Article 10: Data and Data Governance | Ongoing | 10 March 2026 | Article 10 data quality requirements, full applicability 2 August 2026 |
This article is part of the Strategic Insights series at alexandrebally.ch, where we explore the operational realities behind business transformation and AI adoption for SMEs in the DACH region.
Comments are not configured yet.