Start free trial

By Yair Knijn · April 3, 2025

A third of your cloud bill belongs to nobody, and the board just asked who

The question lands the same way every time. The bill is up sharply over last quarter, the board has noticed, and the CFO wants to know which product line drove it. The FinOps lead opens the allocation report, and one row eats the answer whole: unallocated, sitting at roughly a third of total spend. There is nothing to point at, because a third of the bill points at nobody.

The failure happened upstream. Showback and chargeback were switched on against a tagging baseline nowhere near the coverage those models assume. The FinOps Foundation describes a mature allocation practice as one where the overwhelming majority of spend is attributed and the unallocated remainder stays small. Attribute against two-thirds coverage and you do not produce a fuzzy answer. You produce one nobody is willing to stand behind.

The third that hides on resources no tag policy reached

That unallocated row is not random noise. It clusters on the expensive, long-lived, awkward-to-tag things: egress that no tag policy reaches cleanly, shared NAT gateways and load balancers fronting six teams at once, a Kubernetes cluster whose node groups carry the cluster's tags while its pods belong to whoever scheduled them. The Foundation tracks a specific metric for untagged resource cost precisely because it quietly governs everything downstream. When a third of spend lands here, the report is not 68 percent correct. It is wrong about the one thing the CFO asked.

Why the bucket turns into a dumping ground

No team owns the bucket, so no team defends it. Every team that overspends can let its mess drift there, and not one has a reason to pull anything back out. Ship an untagged experiment, watch it land in unallocated, notice that nobody comes asking, and the lesson sinks in fast: untagged is free. Not free in dollars. Free in accountability, which under a deadline amounts to the same thing. Showback against an unallocated third just ships a report everyone has already learned to ignore.

The coverage you need before chargeback is defensible

Chargeback moves real money between budgets, and the first wrong invoice ends the program. Bill a team for spend it can prove was never theirs and it will dispute the charge, win, and stop trusting the number for good. The Foundation's early maturity band clears only about half of spend; a running practice attributes the large majority. Below that bar, keep it showback and call it a visibility tool, not a settlement. Flip on chargeback before you get there and you are not allocating cost. You are picking fights with a spreadsheet.

Tag enforcement as policy, not a quarterly cleanup

The quarterly tag sweep is the tell that a program is already losing. You cannot retroactively pin three months of a load balancer's charges to the right owner, because the resource never carried that information when the cost was incurred. Coverage has to be enforced at creation, not reconstructed after the invoice clears.

Giving finance an answer it can take to the board

Climbing from low coverage to near-complete is a two-month enforcement project, not a multi-year transformation. The deliverable was never a dashboard. It was one sentence the CFO can say without a caveat: this product line drove the increase, and here is the spend behind it. That sentence only exists above the coverage line. Cloud Horizons builds allocation around enforced coverage first, so the unallocated bucket stays a small exception you investigate rather than a third of the bill you apologize for. Each workspace tracks tag coverage as a live number against your chargeback threshold and surfaces which untagged resources are dragging it down, so you fix the input before you publish the report. See the model on our FinOps page.