Walk into enough boardrooms and you start to hear the same line. "We're going multi-cloud." It gets said with a certain pride, the way someone might mention they've taken up running. The intention is good. The follow-through is where things get messy.
Hybrid and multi-cloud are genuinely sensible strategies. Spreading workloads across providers reduces lock-in, gives you room to negotiate, and lets you put each job where it runs best. The Australian market has caught on, and FinOps (the practice of treating cloud spend as a shared, measured discipline rather than a surprise) has gone from niche to non-negotiable. All of that is real. But somewhere between the strategy slide and the invoice, a lot of organisations lose the plot.
The bill nobody budgeted for
Here is the uncomfortable truth. Most multi-cloud sprawl is not a deliberate strategy. It's an accident that happened over three years. One team spun up something on AWS for a single project. Another inherited a Google workload through an acquisition. The core stayed on Azure. Nobody decided to run three clouds. It just sort of happened, and now there are three sets of identities to manage, three billing models to decode, and three security postures to keep honest.
The costs that hurt are rarely the ones on the headline price list. They're the egress fees when data moves between clouds. They're the duplicated tooling. They're the engineer who is brilliant at Azure networking and now has to become passably competent at two more platforms, which means they're slower at all three. Complexity is a tax, and you pay it whether or not you noticed signing up.
FinOps exists because someone finally read the bill and asked why it was so high. That's a healthy instinct. But FinOps done badly becomes a monthly ritual of staring at dashboards and feeling vaguely guilty. Done well, it's a feedback loop that changes how you build. The difference is whether cost is a conversation you have at the end or a constraint you design around from the start.
In regulated industries, the maths is different
For government, healthcare, and financial services, the cost question is tangled up with something harder to put a dollar figure on. Sovereignty and compliance. When you spread workloads across providers, you also spread your accreditation surface. Every cloud you add is another environment that has to satisfy IRAP, the Essential Eight, ISM controls, or whatever framework governs your sector. The audit doesn't get cheaper because you diversified. It gets longer.
This is where a lot of well-meaning multi-cloud plans quietly fall over. A second provider looked cheaper on compute. But once you priced in the work to bring it up to the same security standard, accredit it, and monitor it around the clock, the saving evaporated. Sometimes it went negative. The cheapest cloud is almost never the one with the lowest per-hour rate. It's the one your team can run safely without a fresh accreditation marathon every time.
We build most of our regulated work in Azure Australia East for exactly this reason. Not because Azure is the only good answer, but because keeping data in a known, sovereign region with a single coherent identity and security model removes whole categories of cost and risk before they appear. Zero Trust through Entra ID, conditional access, Defender watching the perimeter all day and night. That's hard enough to do well once. Doing it three times, consistently, is a real expense that should be on the spreadsheet from day one.
A useful way to decide
Here is the framing we use with clients, and it holds up well. Multi-cloud should be a decision, not a drift. If you can point to the specific reason a workload lives on a particular provider (a data residency rule, a service that genuinely has no equal elsewhere, a contractual obligation), that's a decision worth defending. If the honest answer is "history" or "that's where the last contractor put it," that's drift, and drift is what your FinOps review keeps flagging.
The organisations getting this right share a habit. They consolidate by default and diversify on purpose. They run the bulk of their workloads where their people are genuinely expert and their compliance story is strongest, then deliberately place the exceptions elsewhere with eyes open. They tag everything so cost is visible per team and per project. And they treat the security and accreditation overhead of each environment as a real line item, not an afterthought.
That's the part the trend pieces tend to skip. Cost optimisation in the cloud is not mostly about haggling on rates or rightsizing virtual machines, useful as those are. It's about reducing the number of things you have to keep perfectly secure and perfectly compliant at the same time. Fewer moving parts, each one understood properly, will almost always beat a sprawling estate held together by good intentions.
Multi-cloud is a fine strategy. Just make sure you chose it, rather than woke up inside it. Read the whole bill, including the parts that don't have a dollar sign next to them yet. The compliance hours, the cognitive load on your team, the audit you'll be doing twice. Price those in, and the right shape for your cloud usually becomes obvious. Often simpler than the brochure suggested, and a good deal cheaper to run.
