Cloud Cost Control
Cloud Cost Control
Breadcrumbs

GCP Cost Control

Status: GA | Audience: Customers and partners | Owner: SoftwareOne BI & Data Solutions

A FinOps platform for managing and optimizing Google Cloud spend, part of the Cloud Cost Control (CCC) suite from SoftwareOne (formerly Crayon). The product gives you visibility across organizations, billing accounts, projects, services, regions, and labels, and surfaces concrete optimization actions through Committed Use Discount (CUD) recommendations and the full Google Cloud Recommender feed.

GCP Cost Control is the leanest module in the CCC suite today. It does the cost visibility and CUD optimization work well, and exposes Google's Recommender insights directly so you have one place to see cost, security, and performance recommendations across the estate. It does not yet have the breadth of Azure Cost Control, no separate Realized Savings, Right-Sizing, Unused Resources, AHUB, anomaly detection, or emissions pages. See Known limitations below for the full picture and roadmap context.

On this page

  • What it does

  • Who it's for

  • The three report pages

  • Committed Use Discounts (CUDs)

  • Insights (Google Cloud Recommender feed)

  • What we need to onboard you

  • Known limitations

  • FAQ

  • Offboarding

  • Support

What it does

GCP Cost Control reads your Cloud Billing data and Recommender exports from BigQuery, normalizes them to the FinOps Open Cost and Usage Specification (FOCUS), and produces a Power BI report covering three views of your GCP estate: Cost Overview, Recommendations, and Insights.

Every page shares a header with the same key metrics (cost over the last 30 days, monthly savings potential, savings potential as a percentage) and a last-refresh timestamp. A right-side filter panel slices data by target currency, organization, billing account, project, resource type, region, and label.

The optimization paths surfaced in the platform are:

  • Committed Use Discount (CUD) purchase recommendations on Compute Engine VCPU and memory commitments, with break-even analysis

  • Under-committed project insights flagged by Google's Recommender when existing CUD coverage is insufficient

  • Security, cost, and performance insights from the Google Cloud Recommender (e.g. excess IAM permissions, slow Cloud SQL queries, missing indexes)

The product is read-only. It produces recommendations and insights; your team makes the actual changes in the Google Cloud Console.

Who it's for

The platform makes sense for customers running GCP at enough scale that CUD optimization is a real finance conversation, typically organizations with multiple projects and meaningful annual GCP spend on Compute Engine. Below that, the optimization math still works, but the engagement overhead doesn't always pay back.

The people who use it day-to-day are FinOps practitioners running monthly cost reviews, cloud architects evaluating CUD purchases, and platform teams triaging the Google Cloud Recommender feed across cost, security, and performance.

If you're looking for parity with Azure Cost Control (Realized Savings tracking, separate Right-Sizing and Unused Resources pages, AHUB, anomaly detection, emissions), the GCP module isn't there yet. Talk to your account team about timeline and priorities.

The three report pages

The product is delivered as a Power BI report. Each page answers a different question.

1. Cost Overview

The primary cost visibility page. Header shows cost over the last 30 days (e.g. EUR 516,617), monthly savings potential, and that potential as a percentage of spend.

A monthly stacked bar chart shows cost by service category (Compute, Databases, Storage, Networking, Analytics, AI and Machine Learning, Management and Governance, Mobile, Security, Integration, Developer Tools, Other) over the trailing months. A geographic map plots cost distribution by region. A horizontal bar chart ranks service categories by trailing 30-day spend.

A detailed cost table at the bottom breaks spend down by service category, service name, and charge description per month, expandable to whatever level of detail finance needs for chargeback or capacity planning.

Filters: Target Currency, Organization, Billing Account, Project, Resource Type, Resource Name, Region, TagKey/TagValue, Slice by Cost.

2. Recommendations

CUD purchase recommendations from Google's commitment recommender, with break-even modeling.

The big number at the top is Total Commitment Savings, the percentage savings achievable by acting on the recommendations (e.g. 55.0%). Below it: Spend without Commitment (the projected on-demand cost over the term), Commitment Cost (the cost of purchasing the recommended CUDs), and Break-even Term in months (e.g. 16.18).

The break-even chart plots commitment cost against on-demand cost over the term, with a dashed line marking the month at which cumulative CUD spend becomes cheaper than on-demand.

The recommendation table lists each proposed commitment with:

  • Description (e.g. "Purchase a 3 year new standard CUD for T2D Core CPU")

  • Priority (P1–P4 from the Recommender)

  • Type (VCPU or MEMORY)

  • Monthly Savings Potential (in your billing currency)

  • Break Even (Months)

  • Savings Percentage

  • Link to the Google Cloud Console where you can complete the purchase

  • Total Spend Without Commitment and Total Commitment Cost over the term

Filters: Target Currency, Organization, Billing Account, Project, Recommendation Type, Term (1Y / 3Y), Algorithm (default BREAK_EVEN_POINT).

Today the Recommendations page covers Compute Engine resource-based CUDs only (VCPU and MEMORY components, broken down by machine series such as T2D, E2). Flexible (spend-based) CUDs and CUDs for other services are on the roadmap but not yet in the report.

3. Insights

A direct feed from the Google Cloud Recommender, organized by severity. Header shows cost over the last 30 days and the total Insights count (e.g. 11).

Four severity tiles at the top show counts at a glance:

  • 🔥 CRITICAL

  • 🚨 HIGH

  • ⚠️ MEDIUM

  • LOW

The detail table lists every active insight with severity, category (COST, SECURITY, PERFORMANCE), type, resource type, resource, the insight description, and state (ACTIVE / DISMISSED).

Common insight types you'll see in practice:

  • UNDER_COMMITTED_PROJECT (COST) Project's CUD coverage is insufficient given current usage. Surfaced per machine series (T2D_CORE, T2D_RAM, E2_RAM, etc.) and per project / region. Complements the Recommendations page by showing which specific projects are driving the gap.

  • REPLACE_ROLE (SECURITY) IAM service accounts with excessive permissions. The insight typically shows the count of excess permissions and a recommended replacement role.

  • CREATE_INDEX (PERFORMANCE) Slow queries detected on a Cloud SQL instance, with a recommended index to add.

Filters: Target Currency, Organization, Billing Account, Project, Resource Type, Insight Category (COST / SECURITY / PERFORMANCE), Slice by Cost.

The Insights page is essentially a structured, filterable view of google.cloud.recommender.* recommendations brought into the same report as your cost data. If your team isn't actively triaging the Recommender feed in the Cloud Console, this page is usually the highest-leverage thing in the report, a lot of customers find security and performance wins they hadn't surfaced internally.

Committed Use Discounts (CUDs)

GCP offers two main CUD types. Today the platform covers one of them in the Recommendations page.

Resource-based CUDs commit to specific machine types in a specific region. Highest discount, lowest flexibility. Supported in the Recommendations page today.

Flexible CUDs (Spend-based) commit to a dollar-per-hour spend on a family of services (e.g. Compute Engine). Lower discount, much more flexibility for changing workloads. Not yet covered in the report. If your strategy is to blend both, the Flex side currently has to be evaluated outside the platform.

For Compute Engine resource-based CUDs, the Recommendations page surfaces both 1Y and 3Y term options where they apply, with break-even math and projected savings for each. The Recommender produces these per machine series (T2D, E2, N2, etc.) and per resource component (VCPU and MEMORY), so a single workload can show up as multiple recommendations that you act on together.

Insights (Google Cloud Recommender feed)

The Insights page is a near-direct view of Google's Recommender API output, with three categories.

COST insights. Most commonly UNDER_COMMITTED_PROJECT flagged when a project has uncovered Compute usage that would benefit from a CUD. The Recommender is conservative about this, so when it flags a project there's usually a real opportunity. The Recommendations page is the actionable counterpart; Insights gives you the per-project breakdown.

SECURITY insights. Surfaced from IAM Recommender typically REPLACE_ROLE for service accounts with excess permissions. These aren't cost-saving, but they're surfaced in the same report so security and platform teams have one place to look.

PERFORMANCE insights. Surfaced from Cloud SQL Recommender typically CREATE_INDEX for slow queries. Like security, these aren't cost-saving directly, but they often correlate with cost (a slow query that runs frequently burns CPU on an oversized instance).

The platform does not currently filter Recommender output beyond what Google produces. If you've dismissed a recommendation in the Cloud Console, it'll typically not appear here on the next refresh, but the cadence depends on how frequently the Recommender export updates.

What we need to onboard you

GCP onboarding is different from the Azure or M365 products. Rather than a single consent click or a service principal in your tenant, GCP onboarding requires you to enable the Cloud Billing BigQuery export and grant our service account read access to that dataset.

Get in touch with your SoftwareOne account team to scope the engagement. Typical inputs we'll need:

  • Customer name, country, and reporting currency

  • Organization ID (10-digit identifier)

  • Project ID where the BigQuery billing export is enabled

  • BigQuery dataset ID (typically billing_export_v1_XXXXXX or similar)

  • Resource-level billing export table name (e.g. gcp_billing_export_resource_v1_*)

  • For the Recommendations and Insights pages: separate exports for recommendations_export and insights_export

  • Service Account JSON key with read access to the billing dataset (we store this in Azure Key Vault on our side)

  • Refresh frequency (daily default)

  • Email addresses for dashboard access

If you haven't enabled the Cloud Billing BigQuery export yet, the GCP documentation walks through the setup. The Recommender exports for insights and recommendations are configured separately from the same Cloud Billing console.

Required IAM roles for our service account

The Service Account you create for SoftwareOne needs three predefined roles:

  • roles/bigquery.dataViewer at the dataset level read access to the billing tables

  • roles/bigquery.jobUser at the project level to run the queries

  • roles/bigquery.readSessionUser at the project level to use the BigQuery Storage API for efficient streaming reads

All three are read-only. The platform cannot modify or delete data in your BigQuery datasets, and cannot access any GCP resources outside the billing dataset.

For most customers, the technical setup takes a few business days once the BigQuery exports are in place. The first useful Cost Overview is available on the next refresh after exports start landing data. Recommendations and Insights need a usage baseline before they're meaningful typically two to four weeks for the Recommender to produce stable output.

Known limitations

The GCP module is leaner than Azure today. Here's what's not in scope yet, so there are no surprises.

No Realized Savings page. Azure tracks savings already achieved through implemented optimizations as a separate executive-friendly view. GCP doesn't yet realized CUD credits are visible in the Cost Overview drill-down but not surfaced as a dedicated tracking page.

No dedicated Right-Sizing page. Right-sizing recommendations from Google's machine type recommender aren't surfaced as a standalone page with current-to-target SKU mapping, P95 utilization, and cost impact. They appear in the Insights feed where applicable, but the deeper modeling Azure has isn't there for GCP yet.

No dedicated Unused Resources page. Idle VMs, unattached persistent disks, and unused IPs aren't called out as a separate page. They surface in the Insights feed when the Recommender flags them, but there's no dedicated quick-wins list.

No CUD Coverage / Utilization page. Active commitments and expiration dates aren't broken out as a renewal-planning view today. The Recommendations page focuses on what to buy, not on what you already own.

No Cost Guardian / anomaly detection. The AI-powered anomaly explanation page is currently Azure-only. Cost Overview's month-over-month chart is your tool for spotting unexpected spikes today.

No emissions tracking. Cloud carbon footprint data from Google's Carbon Footprint export isn't currently in the report. Azure is the only cloud module with sustainability reporting at the moment.

No forecasting. A forecasted-cost view exists for Azure but hasn't been built for GCP. Cost Overview shows historical trend; forward-looking forecasts will be added in a future release.

No project and folder hierarchy page. Cost can be filtered by project, but the hierarchical organization → folders → projects rollup view isn't a dedicated page yet. The data is in the model, just not surfaced as a navigation experience.

Resource-based CUDs only. The Recommendations page covers Compute Engine resource-based CUDs (VCPU and MEMORY by machine series). Flexible (spend-based) CUDs and CUDs for other GCP services aren't recommended in the report yet.

No write-back. The platform doesn't modify anything in your GCP estate. CUD purchases and any actions on Insights happen in the Google Cloud Console under your control.

Customer-managed BigQuery exports. Unlike Azure where we connect to Microsoft's APIs directly, GCP cost data flows through your BigQuery billing export. If the export breaks (export disabled, dataset deleted, table renamed), data flow stops. We monitor freshness on our side and reach out, but the export itself is owned by your team.

Recommendations are based on historical usage. GCP's recommender uses 8 days of utilization data for machine-type recommendations and longer windows for CUDs. Forward-looking events the platform can't see a planned product launch, a workload migration off Compute Engine should be factored in manually before committing to multi-year CUDs.

Multi-cloud cost views aren't part of this product. GCP Cost Control covers GCP. Azure, AWS, and M365 are covered by their respective CCC modules. The underlying data model is FOCUS-aligned across all four, so a unified cross-cloud report is on the roadmap, but it's a separate conversation about CCC platform delivery.

FAQ

Why is the GCP report smaller than Azure?

Honest answer: Azure is our oldest and most mature cloud module, and we've been building dedicated pages for each optimization category there for several years. GCP came later and is at an earlier stage. The Recommender feed in the Insights page covers a lot of ground (cost, security, performance) in one view, which is actually how a lot of GCP teams already work but the dedicated pages Azure has for Realized Savings, Right-Sizing, Unused Resources, and so on aren't there for GCP yet. Roadmap items, not deliberate omissions.

Why does the platform need three different IAM roles? Can't we just give it one?

Google separates BigQuery access into three concerns: reading dataset metadata and content (dataViewer), creating jobs to run queries (jobUser), and using the Storage Read API to stream data efficiently (readSessionUser). All three are needed to extract billing data at scale. They're all read-only and they're all scoped to the project and dataset you specify no broader access is granted.

Can we trust the CUD break-even analysis enough to commit to a 3-year purchase?

The break-even math is based on your actual trailing usage from the BigQuery export and Google's published commitment pricing, so the underlying numbers are reliable. A 3-year commitment is still a 3-year commitment, though. If you're planning workload migrations or major architectural changes within that window moving off Compute Engine to GKE Autopilot, or off Cloud SQL to Spanner, for example factor those in before committing. The platform gives you the math; the business decision sits with you.

The Insights page shows security and performance items, not just cost. Is that intentional?

Yes. The Insights page surfaces the Google Cloud Recommender feed in full, not just cost recommendations. Most customers we work with prefer this having one report that covers cost, security (IAM), and performance (Cloud SQL) means the FinOps and platform conversations happen in the same room. If you only want cost, the Insight Category filter restricts the view.

What's the difference between the Recommendations page and the under-committed-project items on the Insights page?

Same underlying data, two views. The Recommendations page aggregates the CUD opportunity across the estate and gives you the break-even math at a portfolio level. The Insights page shows the per-project, per-machine-series breakdown of where the under-coverage is. Use Recommendations to decide what to buy; use Insights to understand which projects are driving the gap.

Can we filter by labels?

Yes. Most pages support filtering by label key and value, which is how customers typically isolate environments (Production, Staging, Dev), business units, or cost centers. System labels (goog-*, k8s-*) are filtered out by default to keep the dimension space clean. Note that GCP labels are case-sensitive if your tagging is inconsistent, the report will surface that.

How often does the data refresh?

The default is daily. GCP billing data has a typical lag of 24–48 hours from Google's side (the billing export updates several times per day, but final figures stabilize after about a day). Recommender exports refresh on Google's cadence, typically daily.

Will recommendations conflict with our existing CUDs?

No. The recommendation engine accounts for your existing commitment coverage. CUD recommendations only flag uncovered usage if you already have full coverage on a workload, you won't see it recommended again.

What happens if our billing export breaks?

The data refresh will stop producing fresh data for that customer. We monitor refresh freshness on our side and reach out if we detect a stale export, but ultimately the export lives in your project and is your team's responsibility to maintain. The most common causes are a deleted dataset, a renamed table, or removed permissions on the service account.

Offboarding

Contact your SoftwareOne account manager or email CloudCostControl@crayon.com. Because GCP access is granted via a service account in your project rather than through a single consent application, offboarding is straightforward: you remove the IAM role bindings on the service account (or delete the service account entirely), and we delete the corresponding JSON key from our Azure Key Vault. We'll walk you through the specific steps.

If you'd like us to delete your data from our platform after offboarding, let us know in writing and we'll confirm completion.

Support

Need

Contact

Onboarding, offboarding, technical support

CloudCostControl@crayon.com

Demo request or commercial questions

Your SoftwareOne account team

White-label or partner enquiries

SoftwareOne BI & Data Solutions team

Maintained by the SoftwareOne BI & Data Solutions team. This page describes the customer-facing product. For internal architecture and engineering documentation, see the CCC team space in Notion.