When we audit an advisory firm's cloud bill — the M365 tenant, the custodian-adjacent tooling, the file-sync-and-share service, the SIEM and backup retention — we almost always find 20–40% waste. The five patterns below are the ones we see most.
For an advisory firm specifically, cost optimization isn't just a finance problem. The wrong storage tier can quietly break your books-and-records retention. The wrong egress configuration can move advisory communications between regions in ways your Reg S-P safeguards aren't sized for. So this isn't pure savings — it's also hygiene.
1. Idle and orphaned resources
Every cloud account we've audited has them: VMs running for an old project, unattached storage volumes, load balancers pointing to nothing, mailboxes belonging to people who left two years ago but were never decommissioned. One firm had $8,400/month in orphaned storage volumes alone — and an unrelated retention problem hiding inside one of them.
How to find it
- Cloud-vendor advisor tools (AWS Trusted Advisor, Azure Advisor, M365 admin reports) flag idle resources for free.
- Tag everything with an owner and an expiration date.
- Set up a weekly report of resources with zero traffic over the last 14 days. Reconcile against your asset inventory — if it's not in the inventory, ask why.
2. Over-provisioned compute
Most advisory-firm workloads run at 15–25% utilization on average. A 40-advisor RIA we worked with reduced compute spend by 31% by systematically right-sizing based on actual 30-day utilization data. The savings funded three years of an upgraded SIEM tier.
The best time to right-size was three years ago. The second best time is in your next quarterly vCIO review.
3. Wrong storage tiers
The price difference between hot and cold storage can be 20× or more. But for advisory firms, cold storage isn't free — it's slow. SEC Rule 204-2 expects the first two years of records to be “readily accessible.” Glacier-style retrieval times don't qualify. Tier intentionally: years 0–2 hot, years 3–5 warm/nearline, years 5+ archive. Run a quarterly retrieval test so “readily accessible” means what an examiner thinks it means.
4. Egress and data-transfer surprises
We once found a client spending $4,200/month on cross-region traffic between two services that had no business being in different regions — and the cross-region path also moved nonpublic personal information through a region the firm's Reg S-P documentation hadn't covered. Cost problem. Compliance problem. Same fix.
5. Committed-use discounts left on the table
Reserved instances and savings plans cut compute costs 30–72%. Analyze your 30-day baseline — commit for that, pay on-demand for the spike. One advisory-firm client saved $47,000 annually with a one-year savings plan that took an afternoon to set up.
Making it continuous
Cloud cost optimization isn't a one-time project for an advisory firm — it's an ongoing hygiene check. We bake it into the Virtual CIO cadence and the Disaster Recovery & Business Continuity retention review. If your cloud bill has been creeping up — or if your retention strategy hasn't been pressure-tested against an exam letter recently — the Free Compliance Assessment walks both at once.