INTEGRATION OF FINOPS AND SOC 2 CONTROLS IN THE SECURITY SYSTEM OF MULTI-CLOUD ENVIRONMENTS
DOI:
https://doi.org/10.28925/2663-4023.2026.32.1191Keywords:
multi-cloud infrastructure, SOC 2, cloud security, cost monitoring, budget optimization, FinOps, alert automation, cost forecasting, Splunk, cloud orchestration, cost management, cloud governance.Abstract
The problem of ensuring cost transparency and proactive budget control in multi-cloud environments is becoming increasingly relevant for modern IT infrastructures. As organizations scale their use of heterogeneous cloud services, they face challenges related to fragmented billing systems, inconsistent cost metrics, and delays in anomaly detection. In this study, cost observability is considered not merely as a financial function, but as an integral component of an organization’s security strategy aligned with the SOC 2 framework. The scientific novelty of this work lies in the integration of cost monitoring tools – specifically Splunk, Cherwell, and cloud APIs based on JSON – with operational and security processes. This enables real-time detection of budget deviations, automated incident escalation, and the implementation of control policies based on financial indicators.
The study presents a forward-looking architecture that introduces a unified cost observability layer across heterogeneous billing systems in multi-cloud environments. The architecture transforms provider-specific formats – including JSON exports from AWS Cost Explorer, Azure Cost Management APIs, and GCP Billing exports to BigQuery – into standardized cost events. These normalized streams form a unified timeline of expenditures relative to standardized budget thresholds, while simultaneously generating consolidated financial telemetry for cross-provider anomaly detection and data correlation.
By rethinking financial data as actionable observability signals, this approach enables a transition from fragmented dashboards to a centralized, audit-ready governance layer that supports compliance, incident response, and financial management. The system also incorporates role-based access control (RBAC), escalation thresholds, and forecasting models, creating a cost management layer of direct relevance to FinOps, DevSecOps, and Compliance teams.
Downloads
References
Alexander, K., Hanif, M., Lee, C., Kim, E., & Helal, S. (2020). Cost-aware orchestration of applications over heterogeneous clouds. PLOS ONE, 15(2), e0228086. https://doi.org/10.1371/journal.pone.0228086
Shokotko, L., Suprun, A., Petrishyna, T., & Pavlysh, T. (2024). Cloud cost monitoring and forecasting: Issues and challenges. Economics and Technical Engineering, 2(2), 58–75. https://doi.org/10.62911/ete.2024.02.02.05
Wojtowicz, D. T., Yin, S., Martinez-Gil, J., Morvan, F., & Hameurlain, A. (2022). Multi-cloud query optimisation with accurate and efficient quoting. In Proceedings of the IEEE International Conference on Big Data. https://doi.org/10.1109/BigData55660.2022.10020835
Li, F., Wu, G., Lu, J., Jin, M., An, H., & Lin, J. (2022). SmartCMP: A cloud cost optimization governance practice of smart cloud management platform. In Proceedings of IEEE SmartCloud (pp. 171–176).
Thumala, S. R., & Pillai, B. S. (2024). Cloud cost optimization methodologies for cloud migrations. International Journal of Intelligent Systems and Applications in Engineering, 12(2), 4797–4809.
Konidena, S. (2024). Cost-effective scalability in cloud monitoring systems: A comparative study. International Journal of Innovative Science and Research Technology, 382–385. https://doi.org/10.38124/ijisrt/IJISRT24AUG641
Chornii, V., Martseniuk, Y., Partyka, A., & Harasymchuk, O. (2025). Information security risks associated with the uncontrolled storage of secrets in source code. In CEUR Workshop Proceedings, 4042 (pp. 250–271).
Piskozub, A., & Abibulaiev, A. (2025). Integration of NLP and ML in cloud infrastructure security. In CEUR Workshop Proceedings, 4024 (pp. 260–275).
Kamal, A., Sabry, M., Ali-Eldin, A., & Mohamed, M. (2024). Low-cost IoT air quality monitoring station using cloud platform and blockchain technology. Applied Sciences, 14, 5774. https://doi.org/10.3390/app14135774
Deineka, O., & Bortnik, L. (2024). Methodology for collecting, processing, storing, and classifying data in accordance with SOC 2 Type 2 requirements. Computer Systems and Networks, 6, 36–43. https://doi.org/10.23939/csn2024.01.036
Sapsai, O., Martseniuk, Y., Partyka, A., & Harasymchuk, O. (2025). Research on automated security incident management in public cloud environments. In CEUR Workshop Proceedings, 4042 (pp. 226–249).
Cenaj, E., Maraj, E., & Kuka, S. (2025). Utilizing GIS cloud for monitoring and mosquito control. Edelweiss Applied Science and Technology, 9, 345–352. https://doi.org/10.55214/25768484.v9i3.5211
Opirskyy, I., Harasymchuk, O., Partyka, O., Susukailo, V., et al. (2025). Modern methods of ensuring information protection in cybersecurity systems using artificial intelligence and blockchain technology. In O. Harasymchuk (Ed.), Monograph. https://doi.org/10.15587/978-617-8360-12-2
Banala, S. (2025). Cloud observability: AI-enhanced monitoring for proactive incident management.
Mittal, A. (2025). AI-powered DevOps in cloud app modernization: Automating deployments, monitoring, and resilience. https://doi.org/10.13140/RG.2.2.26957.14561
Vakhula, O., Opirskyy, I., Vorobets, P., Bobko, O., & Kulinich, O. (2025). Research on policy-as-code for implementation of role-based and attribute-based access control. In CEUR Workshop Proceedings, 3991 (pp. 139–157).
Vakhula, O., & Opirskyy, I. (2024). Research on security-as-code approach for cloud-native applications based on Kubernetes clusters. In CEUR Workshop Proceedings, 3800 (pp. 58–69).
Pavlenko, V., Pavlenko, V., Manuylov, V., Kuzhel, V., & Buda, A. (2024). Cloud solutions for data integration and analysis in remote vehicle monitoring. Journal of Mechanical Engineering and Transport, 109–117. https://doi.org/10.63341/vjmet/2.2024.109
Samad, A., Kieser, J., Chourdakis, I., & Vogt, U. (2024). Developing a cloud-based air quality monitoring platform using low-cost sensors. Sensors, 24. https://doi.org/10.3390/s24030945
Deineka, O., Harasymchuk, O., Partyka, A., Obshta, A., & Korshun, N. (2024). Designing data classification and secure storage policy according to SOC 2 Type II. In CEUR Workshop Proceedings, 3654 (pp. 398–409).
Brid, R. (2025). Monitoring distributed cloud-based microservices applications: Concepts and best practices. International Journal of Innovative Research in Engineering & Multidisciplinary Physical Sciences.
Harasymchuk, O., Deineka, O., Partyka, A., & Kozachok, V. (2024). Information classification framework according to SOC 2 Type II. In CEUR Workshop Proceedings, 3826 (pp. 182–189).
Kumar, C. H. (2025). Secure WebCloud: Enforcing security contracts in cloud environments. International Journal for Research in Applied Science and Engineering Technology, 13, 109–115. https://doi.org/10.22214/ijraset.2025.67187
Venkatesh, K., Konijeti, J., Inavoli, P., Jujjavarapu, G., & Mandapati, T. (2025). IoT-based air quality monitoring and prediction system. International Journal for Multidisciplinary Research, 7. https://doi.org/10.36948/ijfmr.2025.v07i02.40370
Pashikanti, S. (2025). Proactive threat detection in cloud ecosystems: SIEM, monitoring, and automated remediation. International Scientific Journal of Engineering and Management, 4, 1–7. https://doi.org/10.55041/ISJEM01417
Samuel, M., Obira, O., & Sansa, K. (2024). Implementation of infrastructure as code template for low-cost cloud infrastructure operations. East African Journal of Information Technology, 7, 462–474. https://doi.org/10.37284/eajit.7.1.2538
Thummala, V., & Singh, P. (2025). Developing cloud migration strategies for cost-efficiency and compliance. International Journal of Islamic Education Research and Multiculturalism.
Gupta, A., & Singh, S. (2025). Seamlessly integrating SAP Cloud ALM with hybrid cloud architectures for improved operations. International Journal of Computer Science and Engineering, 13, 923–954.
Yadav, S. (2025). Cloud database optimization: Strategies for performance, scalability, and cost-efficiency. International Journal of Scientific Research in Computer Science, Engineering and Information Technology, 11, 2958–2967. https://doi.org/10.32628/CSEIT25112738
Malaraju, S. (2025). Securing cloud environments with bastion hosts. International Journal for Multidisciplinary Research, 7. https://doi.org/10.36948/ijfmr.2025.v07i02.40257
Pochu, S., Nersu, S., & Kathram, S. (2024). AI-powered monitoring: Next-generation observability solutions for cloud infrastructure. Journal of AI-Powered Medical Innovations, 2, 140–152. https://doi.org/10.60087/Japmi.Vol.02.Issue.01.Id.010
Guerbaoui, M., El Faiz, S., Ed-Dahhak, A., Lachhab, A., Benhala, B., Bakziz, Z., Ichou, I., & Selmani, A. (2025). From data to decisions: A smart IoT and cloud approach to environmental monitoring. E3S Web of Conferences, 601. https://doi.org/10.1051/e3sconf/202560100008
Patwardhan, A., & Karim, R. (2025). Health monitoring of ground support systems through point-cloud processing: Rockbolts extraction phase. International Journal of System Assurance Engineering and Management. https://doi.org/10.1007/s13198-025-02758-9
Shah, B., Jain, S., & Taqa, A. (2025). Hybrid cloud architectures for multi-modal AI systems.
Singh, A. (2025). Intent-based networking in multi-cloud environments. Journal of Engineering and Applied Sciences Technology, 1–7. https://doi.org/10.47363/JEAST/2025(7)288
Varadaraj, P. (2025). Multi-cloud and hybrid infrastructure: Addressing consistency challenges across cloud providers. International Journal of Advanced Research in Science, Communication and Technology, 520–526.
Madupati, B. (2025). Kubernetes for multi-cloud and hybrid cloud: Orchestration, scaling, and security challenges. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.5076649
Perumal, A. P., & Ahire, V. (2025). Multi-cloud observability: Tools and techniques for monitoring and troubleshooting complex hybrid cloud environments. International Journal on Recent and Innovation Trends in Computing and Communication, 13.
Shelke, P., & Frantti, T. (2025). Exploring the possibilities of Splunk enterprise security in advanced cyber threat detection. In Proceedings of the International Conference on Cyber Warfare and Security (pp. 605–613). https://doi.org/10.34190/iccws.20.1.3326
Mehta, D. (2021). Splunk certified study guide: Prepare for the user, power user, and enterprise admin certifications. https://doi.org/10.1007/978-1-4842-6669-4
Smith, J., & Ok, E. (2025). The future of cloud security: How unified security management tools transform multi-cloud policy enforcement.
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Євгеній Марценюк, Олег Дейнека, Андрій Партика, Олег Гарасимчук
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
