I once conducted what should have been a routine cost review for a client. Within ten minutes, we’d identified a forgotten Elasticsearch cluster consuming $4,000 per month, representing 13.3% of their entire $30,000 AWS bill. We shut it down during the review, saving them $48,000 annually.
But this wasn’t the most expensive oversight I’ve encountered…
A large enterprise had attackers bitcoin mining in a compromised sandbox AWS account for months, burning through nearly $1 million. The damage was hidden within their tens of millions in annual cloud spend, making it invisible until it was uncovered during a thorough cost audit. We were later tasked with ensuring this didn’t happen again elsewhere in the business.
The Hidden Scale of Cloud Waste
These stories aren’t outliers. A Gartner survey estimates an average of 35% wastage in cloud spending, ranging from 15% in highly optimised environments, to 55% where no optimisation is in place. With cloud spend continuing to grow as an overall percentage of enterprise IT budgets, every percentage point of waste represents significant lost value, impacting on your bottom line.
The Monthly Bill Trap
The biggest mistake I see? Waiting until month-end to glance at your AWS bill, checking if it’s “roughly within budget”, then moving on. This reactive approach means cost surprises compound for weeks before detection.
During our quick cost review, we walk clients through standard questions aligned with the AWS Well-Architected cost optimisation pillar, such as:
- Which AWS services top your spending list?
- Do you have AWS budgets configured in line with your cloud spend thresholds?
- When did you last review your reserved instances, compute savings plans, and private pricing agreements?
- Are development and testing environments suspended when not in use?
- What’s your tagging strategy for cost allocation?
The Elasticsearch discovery happened because we examined their top ten services, something that takes minutes but can reveal immediate anomalies. That $4,000 cluster was spun up for load testing and simply forgotten. No malicious intent, no complex technical failure, just something overlooked by a human that ended up costing real money.
Proactive Protection Framework
After shutting down the abandoned cluster, we implemented several safeguards:
- Budget alerts at multiple thresholds (75%, 90%, 100% of expected spend) to ensure early warning rather than month end surprises
- Automated tagging policies that mandated project and environment labels for all resources, making orphaned infrastructure immediately visible
- Scheduled shutdowns for non-production environments to avoid paying for idle resources overnight and weekends
Most importantly, regular cost reviews became routine, not crisis management. The ten minute investment that saved $48,000 annually represents an extraordinary return on time invested. How often do you see an IT project deliver an ROI like that?
Beyond Quick Wins
Cost visibility is the foundation of everything that follows. The enterprise that lost $1 million learned that cost optimisation extends beyond technical controls to proper cost governance. Their incident highlighted gaps in account governance, access management, and spend monitoring that enabled undetected resource consumption at scale.
Whether you’re bleeding $4,000 monthly or facing million-dollar compromises, the solution starts with visibility. You can’t optimise what you can’t see, and you can’t catch problems you’re not monitoring.
