How FinOps is addressing the cloud spend blind spot in government

Government agencies and regulated organisations are under growing pressure to modernise cloud and AI environments without losing control of cost, compliance or risk.

The challenge is no longer simply cloud adoption, rather operationalising cloud at scale.

Fragmented visibility across cloud spend, usage, security posture and governance obligations is now commonplace in Canberra and throughout Australia. Costs are increasing, environments are becoming more distributed and AI workloads are adding a new layer of unpredictability around compute demand, data movement, model usage and policy control.

This is creating a widening gap between what agencies and organisations can deploy and what they can consistently govern.

“Cloud cost has shifted from a technical concern to a governance and accountability issue,” observed Allan King, Managing Director of Infront. “For government, the expectation is now clear, agencies must explain where money is going, demonstrate value and prove compliance continuously.”

In government, that gap is particularly acute. Agencies must balance innovation with sovereignty requirements, ISM-aligned assurance, procurement controls and budget scrutiny. For regulated industries, the same pressure is showing up through compliance, auditability, resilience and data governance obligations.

“The consistent challenge we hear is how to move fast without losing control,” King added.

“Agencies want to adopt cloud and AI to accelerate outcomes but they are under increasing pressure to manage cost, maintain compliance and meet sovereignty requirements.

“What makes it difficult is that many governance tools are SaaS-based and operate outside the agency boundary, which creates tension around data residency and control. Agencies are looking for ways to bring governance capability inside their own environment.”

From 1 July 2026, the Australian Government’s new Whole-of-Government Cloud Computing Policy marks a significant shift in how agencies design, procure and operate digital services.

Rather than treating cloud as an infrastructure decision, the policy positions cloud as a strategic foundation for modern government, AI adoption and long-term service resilience. It establishes a consistent framework across the Australian Public Service (APS), requiring agencies to prioritise cloud in new digital investments while progressively transitioning away from legacy environments where appropriate.

“The Whole-of-Government Cloud Policy has formalised expectations around cost visibility, configuration governance and reporting,” King added. “FinOps is no longer optional: it’s becoming part of the operating model.”

The policy is built around five core principles:

1. Prioritising cloud adoption
2. Leveraging contemporary cloud technologies
3. Adopting cloud securely and responsibly
4. Improving cloud cost management through stronger financial governance
5. Developing cloud skills across government

Importantly, it embeds cloud planning into digital investment plans, reinforcing that cloud strategy, governance and financial accountability must be considered from the outset rather than after procurement decisions have been made. The policy also recognises cloud as a critical enabler of emerging technologies such as AI, while emphasising interoperability, portability and strong security controls.

“The policy is shifting the conversation from adoption to accountability,” King explained. “It sets clear expectations around cost transparency, configuration assurance and ongoing reporting but it doesn’t prescribe how agencies achieve that.

“What we’re seeing is a move towards more structured operating models, where governance is embedded into delivery rather than applied after the fact. Agencies are starting to think in terms of continuous assurance, not periodic review.”

To add further cost complexity, AI is fundamentally changing the economics of cloud by driving significantly higher demand for compute, storage and data processing. Unlike traditional workloads, AI introduces variable consumption patterns that are harder to forecast, optimise and govern.

As investment accelerates, agencies and organisations are grappling with escalating cloud costs, fragmented visibility, data sovereignty requirements and ensuring AI workloads remain secure, compliant and aligned to organisational policy.

The challenge is no longer just managing infrastructure – it’s governing an increasingly dynamic cloud and AI operating environment.

“AI is fundamentally changing the cost profile of cloud: consumption is becoming faster, less predictable and more expensive,” King observed.

“Workloads like model training, large-scale data processing and real-time inference introduce new spending patterns that traditional governance models weren’t designed to manage. Without strong foundations (particularly tagging, cost attribution, and configuration control), AI workloads can scale quickly without oversight, driving both cost and risk.”

Introducing Opess, a FinOps practice

In response to the new Whole-of-Government Cloud Policy, Infront – a Canberra-based system integrator and managed service provider that entered the market in 1998 – has launched Opess. This is a FinOps practice designed to help government agencies and regulated organisations manage the rising cost, complexity and risk of cloud and AI environments.

“The core problem is that organisations can see cloud cost and risk but they can’t consistently act on it,” King outlined.

“Most environments already have visibility into spend, usage and configuration. The gap is operational. Without the people, process and cadence to turn that data into decisions, governance breaks down.

“Opess is designed to close that gap by operationalising FinOps; embedding the discipline required to control cost, assure security, and sustain outcomes over time.”

According to King, Opess moves agencies beyond cloud cost visibility into “active and accountable governance” – combining certified FinOps practitioners, a structured operating model and the opess.one platform.

Key benefits include:

1. Restoring control over rising cloud and AI costs: Moving beyond visibility to active governance – turning unpredictable cloud and AI spend into controlled, accountable outcomes.
2. Continuous security assurance, ISM-aligned: Ongoing validation of configuration and posture against the ASD ISM and CIS Benchmarks – reducing misconfiguration risk and supporting audit readiness.
3. Building business context through strong metadata: Disciplined tag governance so spend is attributed to services, projects and outcomes – the foundation for allocation and optimisation.
4. Enabling consistent, data-driven decisions: Persona-based dashboards for finance, engineering and leadership give every stakeholder one trusted view of spend.
5. Operationalising FinOps as a repeatable practice: People, process and tools combined to embed governance into day-to-day operations – moving agencies from reporting on cost to consistently managing it.
6. Supporting sovereignty and compliance requirements: Delivered via opess.one, a secure AI appliance inside an environment: data stays within boundary, no offshore SaaS, aligned to government security and sovereignty expectations.
7. Reducing complexity across multi-cloud: Normalises cost, usage and configuration data across AWS, Azure and Google Cloud into one authoritative view of governance and performance.
8. Accelerates alignment to the Cloud Policy: A practical pathway to meet the Whole-of- Government Cloud Policy – cost transparency, governance and continuous assurance – without building large internal teams.

From a utilisation standpoint, Opess is delivered as a practice – not a product – combining practitioners, operating model and platform into a single service.

“Customers don’t just buy software and build around it,” King added.

“We provide the FinOps capability as a managed service, supported by opess.one, which runs as a secure appliance within their environment. This gives organisations a predictable operating model, access to experienced practitioners, and the ability to scale governance without building large internal teams.”

Many organisations assume FinOps is a technology problem, when in reality it’s an operating model challenge. While tooling provides valuable visibility into cloud consumption and costs, it cannot create accountability, establish governance or change organisational behaviour on its own.

Successful FinOps requires collaboration across finance, technology, procurement and business teams, supported by consistent processes and clear ownership. Without those foundations, agencies and organisations often generate more reports but few meaningful decisions.

“Most FinOps initiatives fail because they focus on tools, not the practice,” King cautioned.

“Software can provide visibility but it doesn’t create accountability, process, or cadence. FinOps only works when it is operationalised, when there is a repeatable model that brings engineering, finance and business together to make decisions consistently. That’s the gap we see most often and it’s what Opess is designed to address.”

In looking ahead, King said the organisations that succeed will treat cloud and AI as “strategic operating disciplines” rather than technology projects.

They will have embedded FinOps practices, clear governance, shared accountability and real-time visibility into cost, risk and performance. Rather than reacting to unexpected cloud bills or AI demand, they will also “continuously optimise” their environments and align technology investment with business outcomes.

In other words, those that continue to rely on fragmented tools and ad hoc processes will find it increasingly difficult to control cost, demonstrate value and govern AI responsibly.

“The organisations that succeed will be the ones that operationalise governance, not just observe it,” King advised.

“They will have strong metadata and tagging as a foundation for business context, continuous validation of configuration and security posture and a FinOps operating model that drives consistent decision making. Those that struggle will continue to rely on reporting and disconnected tools without embedding governance into day-to-day operations.”