By Amit & Animesh, Co-founders, Nuvika Technologies
We didn’t set out to write 470+ cost rules. We set out to solve a problem: companies waste 25-30% of their cloud spend and don’t know where it’s going.
But as we dug into the specifics — service by service, API by API, pricing model by pricing model — we kept finding new ways that cloud environments silently bleed money. Every week, we’d discover another pattern. Another resource type that companies deploy and forget. Another pricing tier that’s wrong for the workload. Another setting that defaults to the expensive option.
470+ rules later, here’s what we’ve found. This isn’t a generic “top 10 tips” post. This is the full picture of where cloud money actually goes to waste.
The Big Categories
Before we dive into specifics, here’s the landscape. Fintropy’s 470+ rules break down across six platforms:
| Platform | Rules | Typical Savings |
|---|---|---|
| AWS | 193 | 25-35% of spend |
| Azure | 149 | 25-35% of spend |
| GCP | 59 | 20-30% of spend |
| Kubernetes | 17 | 15-25% of compute spend |
| VMware On-Prem | 26 | 20-40% of capacity |
| Multi-Cloud | 8 | Varies |
The waste falls into predictable patterns. Here are the categories that consistently surface the largest savings.
1. The “Deploy and Forget” Problem
This is the single largest source of cloud waste. Resources are provisioned for a specific purpose — a load test, a PoC, a migration, a demo — and never cleaned up when the purpose ends.
What we find:
Virtual machines that haven’t served a request in 90+ days but run 24/7. Managed databases provisioned for a project that finished last quarter. Redis caches with zero connected clients and zero commands processed. Azure Firewall instances in dev/test environments at ₹76,000/month with zero traffic flowing through them. Azure Bastion hosts with fewer than 5 sessions per month. NAT Gateways in VNets that have no outbound internet traffic. VPN Gateways with no active tunnel connections. ExpressRoute circuits that were never provisioned by the service provider but still incur monthly charges.
The common thread: somebody provisioned it, nobody deprovisioned it, and the monthly charge is small enough relative to the total bill that it never gets noticed.
But “small” charges add up. A single forgotten Azure Firewall Standard instance costs ₹9.1 lakhs per year. A forgotten DDoS Protection Standard plan costs ₹29.5 lakhs per year. One forgotten ExpressRoute circuit can cost over ₹1.5 crore per year depending on bandwidth.
The fix: Automated detection of idle resources based on actual utilization metrics over rolling 30-day windows. Not just “is it running?” but “is anyone using it?”
2. The Overprovisioning Epidemic
If “deploy and forget” is the most common waste, overprovisioning is the most expensive.
Companies consistently provision cloud resources for peak capacity that was either estimated incorrectly, occurred once and never again, or applies to production but was copied to dev/test environments unchanged.
What we find:
VMs running at 10-15% average CPU with 60%+ memory available. Azure SQL databases on Business Critical tier handling dev/test workloads. Redis caches provisioned as Premium P3 (26 GB, ~₹67,000/month) when actual memory usage is 400 MB. Azure Synapse dedicated SQL pools at DW1000c running 24/7 when they’re only queried during business hours. HDInsight clusters with autoscale disabled, running at fixed capacity around the clock. Azure Data Explorer clusters with cache utilization below 50%, forcing unnecessary node counts. Stream Analytics jobs running with 6 streaming units when utilization sits at 8%.
The gap between provisioned capacity and actual usage is typically 60-80% for compute resources and even higher for caching and database services.
The fix: Utilization-based recommendations that compare actual metrics (CPU, memory, connections, cache hits, queries per second) against provisioned capacity, with specific downsize targets and savings amounts.
3. The Wrong Pricing Tier
Cloud providers offer multiple pricing tiers for the same service. The differences in cost can be dramatic — and the default is almost always the most expensive option.
What we find:
Azure Firewall on Premium SKU (₹1.07 lakh/month) when no Premium features (TLS inspection, IDPS, URL filtering) are enabled — Standard SKU at ₹76,000/month or Basic at ₹24,000/month would suffice. Redis on Premium tier without using any Premium features (persistence, clustering, VNet, geo-replication). Service Bus on Premium tier (₹56,000/month per messaging unit) when Standard at ₹840/month would handle the workload. Storage accounts on Standard tier when archive tier would be appropriate for data accessed once per quarter. Cosmos DB provisioned throughput when serverless would be cheaper for sporadic access patterns. SQL databases on provisioned compute when serverless auto-pause would eliminate cost during idle hours.
The pattern: someone selects the highest tier “to be safe” during initial deployment, and nobody revisits the decision as actual usage patterns become clear.
The fix: Feature-utilization analysis that checks not just whether a resource is being used, but whether the specific features of its current pricing tier are being used. If you’re paying for Premium but using Basic features, you’re overpaying.
4. Reserved Capacity and Commitment Gaps
This is where the biggest single savings opportunities live — and where the complexity is highest.
What we find:
Workloads running on pay-as-you-go pricing for 12+ months when a 1-year reservation would save 30-40%. Reserved Instances that no longer match the workload due to VM resizing, migration, or decommissioning — the reservation continues to charge but covers nothing. Savings Plans scoped too narrowly, missing eligible workloads in other subscriptions. Azure OpenAI PTUs on pay-as-you-go when reserved PTUs would be dramatically cheaper for consistent inference workloads. AWS Convertible RIs that haven’t been exchanged despite better options becoming available. Savings Plans purchased late in the billing period, wasting a partial month of commitment.
The reservation and commitment landscape is genuinely complex — AWS alone has Reserved Instances, Savings Plans, and EDP commitments, each with different scoping rules, flexibility options, and expiration mechanics. Azure has Reservations and Savings Plans with shared vs. single subscription scoping. GCP has Committed Use Discounts with resource-based and spend-based models.
Getting this right requires continuous monitoring of both commitment utilization and eligible-but-uncovered workloads. It’s not a one-time exercise — workloads change, and commitments that were optimal six months ago may be wasting money today.
The fix: Continuous analysis of commitment coverage gaps and utilization drift, with specific recommendations for purchases, exchanges, and scope adjustments.
5. The Data Platform Money Pit
Data and analytics services are some of the most expensive resources in any cloud environment — and some of the most commonly overprovisioned.
What we find:
Azure Synapse dedicated SQL pools running 24/7 when queries only happen during business hours. Pausing overnight and on weekends can cut costs by 65%. HDInsight clusters that cannot be paused — they charge until deleted. Clusters spun up for a migration or PoC that are still running months later. Azure Data Explorer clusters with zero queries in the last 30 days but running at 2+ nodes. Stream Analytics jobs running with zero input events — the data source was decommissioned but the job wasn’t. Data Factory SSIS Integration Runtimes started for a migration that completed months ago, still charging by the node-hour. Synapse serverless queries using SELECT * on wide Parquet tables, scanning 10x more data than necessary.
The savings in data platforms are often the largest per-finding because these services are expensive by design — they’re built for heavy compute workloads. When that heavy compute sits idle, the waste is proportionally massive.
The fix: Activity-based detection that flags data platform resources based on actual queries, events processed, and compute utilization — not just whether the resource exists.
6. The Virtual Desktop Black Hole
Azure Virtual Desktop (AVD) is one of the fastest-growing Azure services post-COVID — and one of the least optimized.
What we find:
Session hosts running 24/7 with zero active sessions during off-hours. A pool of 20 D4s_v5 VMs at ₹11,700/month each costs ₹2.34 lakhs/month. If users only work 8 hours a day, 5 days a week, 65% of that cost is pure waste. Autoscaling plans not configured — AVD supports native autoscaling but most deployments don’t enable it. Personal desktops that run even when the assigned user is offline — the “Start VM on Connect” feature exists but isn’t enabled. Oversized VM SKUs — D8s_v5 (8 vCPU, 32 GB) for users who do email and Office work, when D2s_v5 (2 vCPU, 8 GB) would be seamless.
The AVD waste pattern is unique because it’s not a technical misconfiguration — it’s a management gap. The VMs work fine. Users are happy. The cost is invisible because nobody correlates VM running hours with actual session hours.
The fix: Session-aware monitoring that correlates VM running time with actual user sessions, identifies idle session hosts, and recommends autoscaling configurations based on real usage patterns.
7. The Messaging and Caching Graveyard
Services like Redis, Service Bus, Event Hubs, and Event Grid are often deployed as part of an application architecture — and abandoned when the application changes or is decommissioned.
What we find:
Service Bus Premium namespaces with multiple messaging units at ₹56,000/unit/month, running at 5% CPU utilization. Event Hub namespaces with zero messages in 30 days — the integration that fed them was replaced. Event Grid topics publishing events to zero subscribers — events are generated and immediately discarded. Redis caches with zero connected clients — the application was rewritten to use a different caching strategy. Service Bus queues and topics with accumulating dead-letter messages from decommissioned applications.
Individually, these might be ₹5,000-₹50,000/month each. But a typical enterprise has dozens of messaging and caching resources across multiple subscriptions. The aggregate waste is significant.
The fix: Activity-based scanning that checks connections, message volumes, event counts, and cache commands — not just resource existence.
8. The Governance Gap
This isn’t a cost category — it’s the root cause that makes every other category worse.
What we find:
Resources without cost center tags — making cost allocation impossible. Resources without environment tags — making it impossible to distinguish production (must stay running) from dev/test (can be shut down). Resource groups without any tags — meaning every resource inside inherits the governance gap. Unencrypted storage and databases in violation of security policies. Resources in regions that don’t match the company’s stated geographic requirements.
The tagging problem is foundational. Without proper tags, you can’t allocate costs to teams, you can’t enforce policies by environment, you can’t automate dev/test shutdowns, and you can’t generate meaningful showback reports. Every other optimization becomes harder.
The fix: Tag compliance scanning with specific missing-tag identification, prioritized by spend. Fix the highest-spend untagged resources first — they’re both the biggest governance risk and the biggest optimization opportunity.
What These 470+ Rules Mean for You
If you run workloads on AWS, Azure, or GCP, some combination of these patterns exists in your environment right now. Not might exist — does exist. Every environment we’ve scanned has found waste. The question is only how much.
The median finding across our scans is 25-30% waste. That means for every ₹10 lakhs you spend on cloud, ₹2.5-3 lakhs is going to resources that are idle, oversized, on the wrong tier, or missing a commitment discount.
That money could go to hiring. To product development. To bonuses. To extending runway.
It’s not lost money — it’s misallocated money. And 470+ rules can find it.
Fintropy scans your AWS, Azure, GCP, Kubernetes, and VMware environments against 470+ deterministic cost rules. Every finding includes specific resources, specific actions, and specific savings amounts. Currently in closed beta with a free 2-week pilot. Learn more at nuvikatech.com/Fintropy_Overview.html