The Invisible Tax: Why ~30% of Your Cloud Budget Is Spent on Undead Infrastructure

The cloud promised elastic economics: scale instantly, pay only for what you use, and return to zero when demand disappears. In practice, most organizations experience the opposite: cloud environments that accumulate cost even when nothing meaningful is happening. One such invisible tax is the “undead” infrastructure services – cloud services that keep incurring costs behind the cover of anonymity.

According to Flexera’s 2025 State of the Cloud Report, 32% of cloud spend is eaten up by the undead. In 2025, this figure represents $225 billion annually. This refers to money spent on unused, overprovisioned, or inefficiently managed cloud resources.

These invisible drains can be divided into four distinct categories, namely: The Idle Ghost, The Vampire, The Zombie, and The Blob. Each category maps directly to engineering time lost, roadmap delay, or forced architectural compromise, not just wasted dollars. Let’s take a sneak peek into who is eating up your budgets, and how you can slay those monsters.

The Idle Ghost: Managed NAT Gateways

NAT Gateways enable resources in private subnets, such as your servers, to access the internet while blocking unsolicited inbound connections, thereby increasing security.

These resources frequently become billing ballast – forgotten remnants of a setup process that continue to charge hourly rates indefinitely. A single idle NAT Gateway costs approximately $35 USD per month on AWS merely to exist. At scale, across accounts, regions, and environments, this quietly becomes a five-figure annual waste with no runtime, no users, and no alerts.

These gateways do not just charge rent; they charge a “data processing fee” of roughly 4.5 cents per GB. This fee is levied simply for data passing through the gateway, separate from standard data transfer costs.

It is only recently that AWS Compute Optimizer clarified the definition of a ghost gateway: it is a resource that has seen no active connections and no incoming packets for 32 days. Despite this complete lack of utility, the meter continues to run. Users rarely delete them, leaving them to sit silently in the background, consuming budget without contributing value. At least now you can find and disconnect these idle gateways.

This category of infrastructure is invisible because it is transactional. It represents the hidden tax of the cloud, fees that only appear when data attempts to leave or move across the provider’s ecosystem. Egress fees typically comprise 10% to 15% of total cloud costs, yet they are notoriously difficult to forecast. In fact, 62% of IT leaders exceeded their cloud budgets, with unexpected egress fees being a top reason.

It is not only traffic leaving the cloud that incurs costs. A staggering 43% of AWS data transfer spend is attributed to “Regional-Bytes” – data moving between Availability Zones (AZs) within the same region. This means high-availability architectures, which require data replication across AZs, are automatically taxed for their resilience. In effect, the cloud penalizes you for following its own best practices.

Moving data into the cloud (ingress) is free, but moving it out (egress) is expensive. For a steady workload moving 20 TB per month, egress fees alone can total nearly $20,000 annually.

While major providers like AWS, Azure, and Google have introduced some waivers for egress fees, these apply only to customers who are fully exiting the cloud and closing their accounts. For operational businesses, the vampire continues to drain the budget during day-to-day activities.

The Zombie: Non-Production and Oversized Resources

Zombie infrastructure refers to resources that are technically alive (powered on) but are either serving no users or are vastly overpowered for their purpose.

Approximately 23% of all cloud costs are attributed to non-production environments. Dev, staging, QA, and preview environments are left to run 24/7, despite developers working only 40 hours a week, meaning they are idle on nights and weekends. Unless you have a global development team working around the clock, that’s wasteful.

Over 90% of Azure Virtual Machine spend comes from On-Demand instances, the most expensive pricing tier. This suggests that teams are failing to commit to savings plans for steady workloads, effectively paying a premium for flexibility they do not use. Some guardrails on spending or a review by a FinOps person could help reduce this cost.

The Blob: Observability and Support

These are derivative costs – a blob that feeds off the existence of other undead. As infrastructure footprint expands (even with idle resources), the cost to monitor and support it grows disproportionately.

As more services are added, more logs are produced. This creates a compounding effect where infrastructure growth directly drives observability costs higher. As Charity Majors (Honeycomb) has highlighted, observability costs now reach 20–30% of total infrastructure spend in mature environments, driven largely by volume, not insight. Note that the larger you are, the more you pay, as enterprise support fees are often calculated as a flat percentage (e.g., 10%) of the total monthly usage bill. Consequently, every dollar spent on an idle NAT Gateway or unnecessary egress fee automatically increases the support bill, even if no support tickets are ever filed.

Spend smarter, Ship faster

The cumulative effect of these four monsters, the Idle ghost, Vampire, Zombie, and Blob, results in a cloud environment where a massive portion of the budget is spent on maintaining the existence of the infrastructure rather than the innovation it is meant to support. In 2026, it’s provisioning cloud infrastructure that is holding you back from adding that next great feature to your product.

To visualise this financial dynamic, consider this analogy:
Current cloud billing operates like a hotel minibar combined with an unused gym membership. You pay a visible room rate (Compute), but you are also charged a daily access fee for a gym you haven’t visited in 32 days (Idle NAT Gateways). Furthermore, while bringing your own water into the hotel is free, taking a bottle out of the room costs you $10 (Egress Fees). Most organizations are paying for a penthouse suite to store luggage they only visit once a year.

Control Plane replaces node-based cloud economics with workload-level economics. Whether you bring your own cloud or use Control Plane-provided capacity, you pay only for active execution, down to fractional cores, while idle infrastructure collapses to zero. In fact, one client, SafeHealth, has managed to reduce their AWS cloud bill by a staggering 75%. Other clients routinely see 60-80% reductions in baseline cloud spend, primarily by eliminating idle and non-production waste. But you don’t have to take my word for it. If you want to quantify how much of your cloud spend is actually producing runtime value, we offer a Cloud Unit Economics Audit – no re-platforming, no commitment. Discover how much moving to Control Plane can free up in your cloud spending budget.