The press-release version of cloud cost optimization is canceling workloads and announcing a number. The version that survives the next compliance cycle is commitment management plus SaaS rationalization. They are not the same thing, and the difference is usually a pile of unbooked compliance debt that the next person inherits.
A mid-market AWS or Azure bill compounds for four reasons, and engineering is rewarded for none of them. Workloads accumulate because teams are measured on shipping, not decommissioning. Commitment plans get set at the wrong tier and then forgotten. Transit and data-transfer cost — cross-AZ traffic, NAT egress, inter-region replication — grows with usage and belongs to nobody. And the SaaS portfolio, the forty-odd recurring subscriptions engineering has accumulated, renews on auto-pay because no one owns renewals. None of these are engineering failures. All of them are operating-model failures, and all of them are recoverable.
The four levers, in the order they pay back
Commitment management. Reserved Instances, Savings Plans, and Azure Reservations are the single largest source of recoverable spend, and the discipline is dull: a portfolio of overlapping commitments, laddered across one- and three-year terms, sized to baseline rather than peak, re-laddered on a quarterly review. Treat commitments the way a treasurer treats a bond ladder, not the way procurement treats a license bought in a panic and forgotten until renewal. Owner: finance, with engineering providing the workload forecast — not the inversion, which is how you end up with a portfolio delivering single-digit effective savings.
Rightsizing and idle reduction. The most legible lever and the one everyone reaches for first. Oversized instances, idle resources, orphaned volumes and snapshots. It is a large one-time recovery on the orphan inventory and a continuous discipline thereafter. The trap is treating rightsizing as the whole project. It is the visible portion of the iceberg.
Architectural optimization. Storage tiering, compute-family migration to ARM-based instances, serverless where it pencils out, data-transfer redesign, container density. Real engineering with real timelines. Leading with this is a mistake, because you do the slow engineering work while missing the commitment savings you could have booked in the first sixty days. Sequencing matters.
Vendor and SaaS rationalization. The portfolio of subscriptions adjacent to cloud — observability, data warehousing, identity, CI/CD, developer tooling — is very often the larger number, and almost none of the savings comes out of the cloud bill. This is the lever the press-release version skips, because renegotiating a data-warehouse contract takes nine months and produces a number you cannot announce until the next renewal.
The SaaS layer is where the real money hides
Four patterns recur. Underused licenses, where seats and capacity were bought for a headcount or a forecast that no longer exists. The missing renewals function, where contracts land in procurement's inbox thirty days before renewal with no internal owner, so they get signed at list to avoid an interruption. Observability sprawl, where every team runs two or three overlapping tools that were never consolidated. And identity and developer-tooling sprawl, often inherited through acquisition and paid for monthly forever. The fix is unglamorous: stand up a renewals function — even a controller plus a calendar plus a playbook — and the account starts being managed seriously, which is the only condition under which the major vendors negotiate.
The commitment trap, and a posture that survives change
I have seen the opposite failure too: a prior effort buys a heavy three-year all-upfront commitment, books the accounting savings, and moves on. The architecture migrates, the commitments stop matching the workloads, and the next owner discovers a large share of spend locked into capacity that no longer applies. The defensible posture for a company with a normal rate of architectural change is a layered ladder, not all-three-year. I keep roughly sixty percent in one-year terms sized to the forward baseline, thirty percent in three-year commitments on load that has been demonstrably stable, and ten percent on-demand as a buffer for growth and experiments. The few points of forgone discount are the price of not handcuffing the next architecture to this quarter's run rate. Cloud-provider account teams are structurally aligned to push the most aggressive commitment; sign the ones you can defend across a full architecture cycle, not the ones that maximize this quarter's discount.
What to do this quarter
Three actions, no engagement required. Run the commitment portfolio audit: pull every reservation and Savings Plan, compute coverage, utilization, and effective discount — below thirty percent effective discount or below ninety percent utilization means the portfolio is mistuned. Stand up a SaaS renewals function that owns the contract inventory, the seat-utilization data, and the renewal negotiation. And establish category-level budget ownership, so every category has an owner accountable for the trend line rather than a finance team that sees only the aggregate. The ownership model is what converts a one-time recovery into durable discipline; without it, the savings erode over the following eighteen months as the operating-model failures reassert themselves.
