In these economic times, CISOs are increasingly dealing with tighter budgets and are grateful for any opportunity to save costs. This is why Orca recently added Cloud Cost Optimization capabilities to its Cloud Security Platform: to help organizations manage their cloud assets efficiently as well as securely, reducing their attack surface and eliminating unnecessary cloud spend while doing so.
With its patented SideScanningTM technology, Orca Security has deep and wide insight into cloud workloads, configurations, and their usage, and is able to identify cost savings that dedicated cloud cost saving platforms cannot (such as disk space that is being paid for but is underutilized and perhaps not needed, as in example #1 below).
Predicting Cloud Costs is Complicated
Cloud services are billed per usage, which is ideal because you only pay for what you use, but this also makes it very difficult for organizations to predict costs. Pricing policies are different for each cloud provider and dependent on many variables such as type of service, available features, region, and usage size. All these factors make the perfect recipe for an unpleasant surprise at the end of the month.
Stopped VMs Don’t Incur Charges, Right?
Right – well, that is for VMs on AWS and Google Cloud. For Azure, you will still incur charges even when VMs are stopped, just not if they are deallocated. However, what many practitioners don’t realize is that AWS, Azure, and Google Cloud still charge for any resources attached to the stopped VMs (or in the case of Azure, deallocated VMs). This means that organizations will be billed for any attached resources until they are deleted, such as:
- Elastic IP addresses and EBS volumes on AWS
- OS and data storage disks on Azure
- Persistent disks and external IP addresses on GCP
By making sure that these attached resources are deleted when they are no longer needed, Orca estimates that in the example of AWS EBS volumes, it can help its customers save a combined $1M+ every month with 10% of Orca customers saving more than $30k per month. And this is only one of the cost savings that the Orca platform can help organizations realize.
Five Example Use Cases of Cloud Savings
Let’s have a look at five examples of how Orca’s Cloud Cost Optimization can deliver tens of thousands of dollars in potential cost savings each month.
1. Azure Disk with low disk space utilization
Azure Disk is a scalable, high-performance and durable storage solution for virtual machines running on the Microsoft Azure platform. Leveraging our SideScanningTM technology, the Orca Cloud Security Platform has deep and wide visibility into cloud assets and therefore has access to disk space utilization data. Using this data, Orca can identify disks that are not being utilized optimally.
Note that for this example we are using Azure, but Orca also detects this use case on AWS, Azure, Google Cloud, and Alibaba Cloud.
The pricing for Azure disks varies based on types and sizes, regions ,data transactions and data redundancy. In case you have provisioned a 1 TB disk, you will be charged for that entire space even if it is not being used. To prevent organizations from being charged for disks with low disk space utilization, Orca identifies these resources so that they can be deleted.
Let’s take a common example of a P30 Premium SSD disk with 1TB provisioned space with LRS redundancy in the East US region. The estimated monthly costs for P30 Premium SSD disk in this region is approximately $135 per month. If an organization has, for example, 10 Azure disks with low disk space utilization of this type, the potential monthly cost savings are: 10*135 USD = $1,350 USD per month… or $16,200 USD per year.
2. Unattached EBS volumes on AWS
Unused AWS EBS volumes are called unattached or orphaned volumes and in most circumstances, are deemed unnecessary. From the moment they are created until they are terminated, they incur charges. It doesn’t matter if the EBS volumes are not attached to an instance or if they are attached to an instance that has been stopped – they still cost money.
Our research finds that most Orca customers on AWS have unattached EBS volumes, and of those that do, the average number is around 220. So how much could these customers save if they deleted these unattached or unused volumes?
The pricing for AWS EBS volumes varies based on the type of volume, available features, region, and the amount of space provisioned. From the data obtained on the Orca platform, we can see that the average size of an EBS volume is approximately 90 GB.
So let’s take the example of a GP2 General Purpose SSD volume with 90 GB in AWS US East (N. Virginia) region. The pricing for Amazon GP2 General Purpose SSD volume in this region is $0.10 per GB-month of provisioned storage.
In other words, the estimated monthly costs for a 90 GB EBS volume will be:
90 GB * 0.10 USD = $9.00 USD. If an organization deletes 220 unattached EBS volumes from their account, they can potentially save 220*9.00 USD = $1,980 USD per month… or $23,760 USD per year.
3. Disabled AWS Customer Master Keys (CMK):
AWS Customer Master Keys (CMKs) are used to encrypt and decrypt data across multiple components of AWS, including S3, Redshift, EBS, and RDS. However, more commonly, AWS CMKs are used to generate, encrypt, and decrypt the data keys you use outside of AWS Key Management Service.
There are monthly costs associated with all KMS CMK keys regardless of whether they are enabled or disabled. In our research we found that as many as 8.21% of our customers’ CMKs are disabled. On average, an organization has approximately 125 disabled CMKs. This means that organizations are unnecessarily paying for a substantial number of KMS CMK keys that are not being used (note however that you are not charged for CMKs that have been scheduled for deletion).
Let’s take the average scenario of 125 disabled AWS Customer Master Keys (CMKs) and these keys have not been scheduled for deletion or have not been enabled manually. The pricing for AWS Customer Master Keys (CMK) created in US East (N. Virginia) is $1 per month for 1 KMS CMK key. Although the pricing per key is low, if organizations do not delete their keys, the number of keys that organizations pay for could be continually growing.
In this example, the potential monthly costs saving would be:
125 CMKs * 1 USD/month = $125 USD per month… or $1,500 USD per year.
4. Stopped Azure VM instances for more than a week
Azure Virtual Machines (VM) are scalable, on-demand computing services. There are two states your VM can be in if it is not running – Stopped or Stopped (deallocated).
Azure VMs can be shut down by issuing a command from their operating systems. Once the VM is Stopped, all the processes will be stopped, but the compute and network resources will be reserved. Even if the server is in a Stopped status, you are still being billed by core hours for this instance.
The other way to stop your virtual machine is through Azure itself (Azure console, Azure Cli, Power shell), which will change the VM’s state to Stopped (deallocated). In this state, the hardware and networking resources of the VM will be released and you will stop paying for the VM’s compute resources (however you will still pay for any attached OS and data storage disks until they are deleted).
The pricing for Azure Virtual Machines varies based on type, pricing model, region and operating system (OS). Let’s take the example of a General Purpose, D4 v2 (8 vCPUs, 28 GB RAM, 400 GB Temporary storage) VM for Windows OS, with pricing model pay-as-you-go, in the East US region. The pricing for Azure General Purpose, D4 v2 VM in this region is $0.5850 per hour.
The estimated monthly costs will be: 0.5850 USD * 730 hours = $427.05 USD.
If an organization has, for example, 10 Stopped Azure VM instances of this type and pricing model, the potential monthly cost savings are: 10*427.05 USD = $4,270.5 USD per month… or $51,246 USD per year.
Note however that organizations could make even further cost savings by deleting any unattached Azure disks, which is something that Orca also alerts customers on.
5. Unattached GCP disks
GCP disks that have been detached from a service are called unattached or orphaned disks and incur charges per the provisioned disk space. For example, if you have provisioned a 500 GB disk, you will continue to be billed for that entire space even if it is not being used. To prevent organizations from being charged for unattached GCP disks, Orca identifies these resources so that they can be deleted.
The pricing for GCP disks varies based on types of disks, region, and the amount of space provisioned. Persistent disks such as Standard, SSD, and balanced disks, are priced based on the amount of provisioned space per disk. I/O operations are included in the price of provisioned space for these disk types. On the other hand, extreme persistent disks are priced based on the provisioned space and IOPS per disk. Based on the data on our Orca platform, we have found that the average size of a GCP disk is around 40 GB.
Let’s take the example of an SSD provisioned space disk with 40 GB provisioned space in us-east1 (South Carolina) region. The pricing for an SSD disk in this region is $0.17 per GB-month of provisioned storage. The estimated monthly costs in this case will be: 40 GB * 0.17 USD = $6.80 USD.
During our research we found that the majority of Orca customers on GCP have unattached GCP disks, and among those that do, the average number is around 380. This means that by deleting their unattached GCP disks, customers can potentially save 380*6.80 USD = $2,584 USD per month… or $31,008 USD per year.
Improving Cloud Cost Management and Efficiency With Orca
The examples above are just some of the many ways in which Orca Security can help organizations optimize cloud costs and reduce their overspend. By continuously managing unused cloud infrastructure resources, Orca can save customers tens of thousands of dollars each month.
Find out how much money Orca can save your organization by signing up for our free 30-day trial and test-driving Orca’s Cost Optimization Framework.