FinOps and security still get treated like separate meetings. They should compare notes more often. A cloud bill full of surprises usually points at the same underlying problems security cares about: weak ownership, unmanaged resources, overbroad access, duplicated data, and unclear lifecycle rules.
Waste is not always risk. Risk is not always waste. But in cloud environments, they share a lot of plumbing.
Cost anomalies are posture signals
A spike in spend might be a legitimate workload. It might also be runaway logging, forgotten test infrastructure, public egress, suspicious compute, or a team copying data into the wrong service because it was faster than asking for the right pattern.
Security teams do not need to own the cloud bill. They do need to understand that budget drift can reveal control drift. Tagging, account structure, resource ownership, network egress, and lifecycle policies all matter to both sides.
Benchmarks need an operating model
Cloud benchmarks are useful when they drive action. They become theater when they produce screenshots for audit week and no durable change. The same is true for cost controls. A dashboard is not governance. Someone has to own exceptions, aging, suppression, remediation, and the recurring fight against entropy.
The mature version connects cost, posture, identity, and data context. Which team owns the resource? What data does it hold? Which identities can access it? Is it internet-exposed? Is the cost justified by business value? If nobody can answer, the issue is not just financial.
The leadership move
The leadership move is to stop treating cost as a finance-only complaint and security as a scanner-only complaint. Both are signals about how well the organization understands its cloud estate.
Good cloud programs make ownership obvious, make drift visible, and make cleanup normal. That saves money. It also removes a lot of the attack surface nobody wanted to admit they still had.