How Does Palo Alto Networks Manage Cloud Spend?

By Zhen Cao and Carole Ou

7 min read

Enterprise cloud adoption has no signs of slowing down. Public cloud infrastructure spend (IaaS and PaaS) is forecasted to exceed $285 billion in 2023, according to Gartner. And by 2025, more than 50% of IT budget will be spent on public cloud. On the one hand, leveraging the cloud to build global infrastructures unlocks agility and accelerates business innovation. On the other hand, the pay-as-you-go consumption model of the cloud can produce surprisingly hefty bills. For non-SaaS companies such as banks or hospitals, footing cloud bills falls to IT. For SaaS companies, the bill is usually generated by product.    

Given the growth of the cloud, FinOps has emerged as a critical function that enables companies to maximize cloud spend efficiency. No surprise there considering that for six years in a row, cloud spend optimization is the top priority for cloud initiatives. Moreover, in this current macro environment where many organizations may be experiencing a business slowdown, cloud spend optimization has taken on more urgency. 

Becoming Cloud First

In the last few years, Palo Alto Networks transformed into a cloud-first company. We leveraged multiple clouds to meet business and customer needs. As our cloud footprints became increasingly complex, so did our cloud spend management. Like many companies, we first crawled before walking and then running. To name just a few obstacles we faced: Inconsistent charge/show-back models, conflicting data on cloud costs, incomplete project mapping to owners, and multiple teams working in silos. 

For many organizations, these are probably familiar challenges. Whether you’re a frontline practitioner (IT cloud engineer, cloud finance analyst) or a senior executive (CIO, CFO), reducing cloud spend is an integral part of an organization’s financial health. In this blog, I’ll share a few best practices so that you can more effectively manage cloud spend for your business. 

FinOps at Palo Alto Networks

Any company that adopts cloud needs some FinOps, but for SaaS companies, FinOps is absolutely necessary. At Palo Alto Networks, cloud spend optimization is continuous. What we have found essential to FinOps include:   

1. Getting Executive Sponsorship 

If SaaS revenue constitutes a great portion of your business, then cloud cost is more than IT optimization – it is an integral part of Cost of Goods Sold (COGS), which determines gross margin that ultimately drives profitability and a company’s market value. Given the strategic value of cloud spend on a company’s bottom line, executive oversight to drive organizational alignment to optimize cloud usage from the get-go is key. 

Although this may seem obvious, it’s frequently overlooked by FinOps teams – since as an emerging function, FinOps often lacks adequate resources and proper governance. At Palo Alto Networks, we conduct monthly cloud spend reviews with C-level executives and senior engineering leaders, which reinforces cloud optimization as an organizational priority, leading to more accountability, quicker decision-making, and new opportunities. 

2. Creating a Single Source of Truth

One big pain point we faced early on was the lack of alignment on how to define cloud costs across the company. Each team would run queries to pull costs in different ways and it would never match the financially reported costs. Because of this, the teams spent a lot of time on cost reconciliation, which was neither productive nor scalable. To tackle this: 

  • We decided to streamline the company-wide show/charge-back model, and set common terminology standards so that everyone can speak the same language (Figure 1). For instance, we defined “Usage Cost” as net amortized cloud cost after our enterprise discount from cloud providers, and “Financial Cost” as the final cloud cost post all adjustments (e.g., credits, allocations). These changes allowed us to reconcile to financially reported costs and separate cost components with clear ownership for optimization. 
  • To improve data governance, we developed a Cloud Hosting Single Source of Truth (SSOT), which ingests cloud cost data and integrates them with our enterprise data lake. Cloud Hosting SSOT was highly customized to meet our product needs and accommodate multi-cloud environments, such as common service category mapping for cloud providers’ products. The development of this platform took several months for a cross-functional team led by IT and we’re improving it on an ongoing basis. Today, SSOT has become a foundation for all our cloud cost analysis and reporting, allowing us to automate executive and financial reporting, provide real time data, and improve analytics use cases such as unit economics optimization. 
Figure 1: Our approach to calculating cloud costs

3. Maximize Procurement Savings

Arguably, the biggest cloud optimization lever is usage reservation/commitment (i.e., CUD for GCP, RI/SP for AWS/Azure). For those who may not be familiar with this concept, it boils down to this: Contrary to on-demand and true pay-as-you-go consumption, customers can make commitments for a certain amount of resources in exchange for up to ~70% discount. Our strong business growth and coverage visibility made it possible to raise commitment coverage continuously well above industry standard of ~80%. This allows us to realize significant savings to improve margins. If you forecast a steady cloud usage for the next 1 to 3 years, try to eliminate on-demand usage as much as you can so that you can maximize your savings.

What’s Next? 

Looking ahead to 2023, we plan to focus on a couple of areas for improvement: 

1. Drive a Shift Left Mindset 

Everyone talks about the need for shifting left. The reality is that shifting left is a lot easier said than done. For example, when a product team is planning new features or geographic expansion, cloud costs need to be factored into product and pricing decisions early on versus being a mere afterthought. Otherwise, by the time the product is rolled out, it’s too disruptive and costly to make significant cloud architectural changes. 

Since we constantly encourage a shift left mentality, we noticed recently an increasing demand for FinOps to provide detailed cloud cost implications early in the product development cycle. We’re also providing engineers with more visibility on cloud costs before they’re incurred and tools to reduce cloud waste. For instance, we’re piloting slack notifications for engineers when they spin up a VM on what the estimated monthly costs are, and we’re allowing them to set up auto-shutdown of cloud usages during non-business hours. With consistency and time, shifting left can make a big difference in ensuring that cloud costs don’t spiral up and up. 

2. Keep Automating Workflows 

The only way to scale cloud cost management and governance is through automation of high ROI workflows. For example, to meet our GCP Committed Use Discounts (CUDs) coverage target, the Finance team needs to monitor coverage and make regular purchases. As the combination of machine types and regions increases, we’re working on consuming GCP’s API to automate the execution of CUDs purchases. We’re also standardizing cloud resource tagging across product teams and cloud providers to further improve data consistency and granularity. The more automations, the more efficiency and speed you’ll have in driving operational excellence and achieving cloud savings. 


I’d like to end with a quote from the FinOps Foundation: “At its core, FinOps is a cultural practice.” I couldn’t agree more. Without the right FinOps environment, you won’t be able to effectively manage your company’s cloud spend. I hope these best practices will help you avoid exorbitant cloud bills or at least help you move toward a more sustainable cloud spending path.