 
                                            Leveraging FinOps for Effective Security and Log Management
Blog by Hari ViswanathanIn today’s rapidly evolving digital landscape, federal agencies are tasked with managing vast amounts of information and technology resources efficiently and securely.
Executive Order 14028, Improving the Nation’s Cybersecurity, was issued to strengthen the nation’s cybersecurity posture. OMB Memorandum M-21-31 added more detail to address requirements for government agencies regarding the logging, log retention, and log management requirements in that executive order. OMB M-21-31 requires maintaining log data for all levels of criticality in active storage for 12 months and cold storage for 18 months, while also requiring storage of full packet capture data for 72 hours (OMB: Improving the Federal Government’s Investigative and Remediation Capabilities Related to Cybersecurity Incidents.)
These logging requirements lead to a significant amount of data that federal agencies must manage and store. Storing the increased large volumes of data for extended time periods drives cloud storage costs that may strain an agency’s budget, especially if storage management and cloud costs are not optimized and automated.
Additional secondary activities are impacted through the requirement to manage and store the large data sets. One secondary activity impacted includes efforts to hunt down threat indicators requiring increased processing power and time resulting in additional costs that needs to be planned, managed, and optimized.
It is imperative for an agency to take a holistic approach to manage costs, forecast cloud spend, and optimize cloud storage value stream versus a myopic strategy that focuses on cost savings. Cost saving is a financial view, while cost optimization is a holistic view. This is where the FinOps framework can help agencies achieve balance between performance, cloud usage, and cost.
At its core, FinOps is a cultural change bringing finance, engineers, and leadership together to maximize the business value of the cloud, enabling timely data driven decision making, and creating financial accountability. FinOps can play a crucial role enabling agencies to control and optimize costs as they implement M-21-31. Applying the FinOps framework provides financial oversight, processes, and the tools needed to optimize cloud spend and resource utilization.
FinOps can help agencies achieve the following fundamental business outcomes:
Understand Cloud Usage and Cost
To navigate the cloud, you must first see through it. Cloud usage and cost visibility should be the first items to address. It is important for agencies to understand details of cloud usage, where and what are the associated costs, and who is responsible for the usage, and how key stakeholders can access usage data. Agencies face a daunting task because cloud service providers each apply their own unique cloud usage cost structures and billing nomenclature.
This disparate terminology for their billing data makes it challenging for consumers to derive meaningful insights, comparisons, and recommendations for their cloud spend. The FinOps Cost and Usage Specification (FOCUS™) addresses this challenge. FOCUS is an open-source specification that defines clear requirements for cloud vendors to produce cost and usage datasets that are standardized and normalized. FOCUS provides the foundation for cloud service providers to use common standardized terminology and taxonomy allowing agencies to understand and analyze their costs, resulting in informed decision making.
Quantify Business Value
To count the cost, you must first measure the return. Agencies should answer the questions of what value they expect to achieve from their cloud use, how will they measure the value, and whether their cloud use aligns with their organizational objectives. The FinOps capabilities will help the agency plan, estimate, forecast cloud needs and enable teams to budget consistently to avoid cost overruns. In addition, they help to establish benchmarks and develop business value metrics based on objective measurements.
Agencies can utilize the Cloud Unit Economics to communicate both the cost and the value of everything they are doing in the cloud. While most commercial organizations measure their success in revenue or profit, public sector organizations measure their success in ability to meet their mission outcomes. Value for federal agencies is derived through the accurate forecasting and maximizing the use of their budgeted resources.
Optimize Cloud Usage and Cost
An ounce of optimization is worth a pound of savings. Agencies should take action to introduce and implement efficiencies in their cloud use. Cost efficiency system metrics should be treated similar to security in terms of when they are architected and the frequency of assessment. Cost efficiency, like security, should be moved to the beginning of the system lifecycle and solution design should be performed with cost considerations in mind. Architecture designs should also be continuously assessed to see if modernization is needed to achieve cost efficiency and optimization. Systems with identified efficiency issues, or that are built using older techniques may benefit from the continuous architecture assessment.
Utilizing the Rate Optimization capability will help to identify discounts offered by cloud providers and vendors. Exploring Resource-based (Reserved Instances), spend-based (Savings Plans) or special program-based discount options will help to lower the rates paid for the cloud resources. By leveraging the Workload Optimization capability, agencies can ensure their cloud resources operate efficiently and generate sufficient business value for their cost. Implementing and managing automation of resource creation, alerts, idle resources cleanup, right-sizing and log retention requirements support agency’s ability to achieve optimal workload utilization.
A unifying aspect of cybersecurity and FinOps is asset management – understanding who is doing what, why, and if it’s necessary. A mature FinOps practice promotes effective cyber hygiene. Data is essential for threat hunting. With growing volume and processing requirements, FinOps will be crucial not only to meet government mandates but also to fully leverage cloud’s potential in addressing future cybersecurity challenges. M-21-31 served as a catalyst and a canary in a coal mine for agencies to start paying closer attention to cloud cost.
Looking to the future, agencies need to be prepared for the next government mandate or other influencing factors that could provide a new business objective with cost implications.
