DEV Community: Anushka B

State of Cloud Cost in Indian Mid-Market SaaS 2026 (research paper — executive summary)

Anushka B — Mon, 20 Apr 2026 11:35:22 +0000

This is the executive summary of our 20-page research paper. Read the full paper with methodology, data appendix, and predictions →

Indian mid-market SaaS — companies with 50 to 200 employees and monthly cloud spend between ₹5 lakh and ₹50 lakh — is the fastest-growing, worst-governed cloud cost segment in the country. This report synthesises primary research from 34 founder and engineering-lead conversations, qualitative mining of 128 inbound audit and calculator submissions, and secondary data from Gartner, IDC, NASSCOM, Flexera, the FinOps Foundation, RBI, and MeitY.

The five findings that matter

1. Waste rates cluster at 24–31% of monthly cloud spend — materially higher than the 12–18% Flexera reports for US enterprise. The gap is structural: lower FinOps maturity, narrower engineering headcount, less commitment coverage. It is not a competence gap; it is a governance gap.

2. The modal buyer is a Series B founder-CTO pair, not a dedicated procurement function. Decision committees average 2.7 people. 73% of paid engagements close within 31 days of first conversation. Sales cycles are fast when the price is transparent and honest.

3. Pricing psychology favours hybrid gain-share over flat retainers in Indian mid-market. Flat retainers above ₹1 lakh/month trigger procurement friction; gain-share frames the vendor as an upside partner. We observe a ~2.1× higher close rate on gain-share proposals versus equivalently-scoped flat retainers in our pipeline.

4. Commercial FinOps and CNAPP tooling is structurally misaligned with Indian mid-market budgets. Enterprise tooling (Apptio, CloudZero, Wiz, Prisma) runs ₹20 lakh–₹1 crore per year for this segment — 4–10× the typical tooling allocation. Buyers substitute with native tooling (AWS Security Hub, Azure Defender, GCP Recommender) and open source (Prowler, CloudQuery, Metabase).

5. Regulatory pressure — DPDPA 2023, RBI cyber framework revisions, sectoral audit cadences — is the single biggest demand driver for 2026–2027 in this segment. Every regulated buyer we interviewed had escalated cloud security tooling in the last 12 months; only 38% had upgraded cost tooling in the same period.

What this means

Read alongside these findings, the practical implication for Indian mid-market founders and CFOs is:

You are probably over-spending on cloud by 25% and under-investing in posture governance.

The lowest-leverage thing you can do is buy more tooling.

The highest-leverage thing you can do is install a standing FinOps and posture cadence with one named owner, a 4-hour monthly commitment, and a ROI-gated remediation queue.

Read the full paper

The complete 20-page paper covers:

Full methodology (34 interviews, 128 submission mining, 11 buyer pricing conversations)
Market sizing (cloud spend, FinOps maturity, tooling adoption)
The 7 biggest waste patterns observed across audits
Buyer behavior (who decides, what signals buy, sales cycle)
Pricing psychology for Indian CFOs
8 predictions for 2026–2027
Methodology appendix + data appendix (75 data points)

👉 Read the full paper →
👉 Download PDF
👉 Data appendix CSV

If your AWS/GCP/Azure bill is growing faster than your revenue, start with a free 24-hour audit — we analyze your bill and send a numbers-first report.

Cross-Region Egress: the ₹4L/mo invisible line on your AWS bill

Anushka B — Mon, 20 Apr 2026 11:35:01 +0000

Cross-Region Egress

The single most expensive accidental misuse of AWS we see in Indian mid-market accounts.

Pattern

Prod in ap-south-1. Data-lake S3 in us-east-1. Engineer ships a Glue job that SELECTs from the data-lake — every byte crosses the ocean at ₹7.5/GB egress.

Fix

S3 replication to ap-south-1 for the hot prefixes, once.
VPC Gateway Endpoint for S3 (free, eliminates NAT egress for the in-region reads).
Athena/Glue queries pointed at the regional copy.

Payback in 6 weeks on a ₹4L/mo finding.

CNAPP pricing teardown: why Indian mid-market rejects Wiz, Orca, and Prisma Cloud (and what they buy instead)

Anushka B — Mon, 20 Apr 2026 11:29:46 +0000

Every fourth sales call we take with an Indian mid-market CTO now includes a variant of the same sentence: "We looked at Wiz. We can't afford Wiz. What do people actually buy in India?" The question rarely gets a straight answer on the vendor side, because the honest answer — "most Indian 50–200-employee SaaS don't buy a commercial CNAPP at all" — is not the answer CNAPP sales teams are compensated to deliver.

This post is the straight answer. We break down the CNAPP category, walk through the pricing bands for Wiz, Orca, and Prisma Cloud against Indian mid-market budget reality, map the eight vendors that actually show up in Indian RFPs, and give you a decision framework keyed to two variables: regulatory pressure and cost sensitivity.

CNAPP market map (2026)

CNAPP — Cloud-Native Application Protection Platform — is a category Gartner consolidated in 2021 by bundling four sub-categories into one: CSPM (configuration scanning), CWPP (workload protection), CIEM (identity), and increasingly CDR (cloud detection and response). The pitch is "one platform for all cloud security posture". The reality is price compression at the enterprise end and persistent fragmentation at the mid-market end.

The category breaks into four pricing strata:

Enterprise CNAPP : Wiz, Orca, Prisma Cloud, Lacework. Full stack, ₹25L–₹1.5Cr+/year in India for mid-market scale deployments.
Challenger / India-origin : Accuknox, Cloudanix. CNAPP-lite, focused on CSPM + CWPP basics, ₹6–18L/year.
Hyperscaler-native : AWS Security Hub + Config, Azure Defender for Cloud, GCP Security Command Center. ₹4–12L/year at mid-market scale.
Open source / DIY : Prowler, CloudQuery, Kubescape, Falco. Free plus engineering time (~1 FTE-week setup, 8–12 hours/month operate).

Wiz / Orca / Prisma Cloud price bands (India mid-market, 2026)

All three vendors price-by-quote; published list prices are scarce. The figures below are composite estimates from 2024–2026 vendor conversations, partner quotes, and buyer-side RFP readouts for Indian companies with 50–200 employees and 5–15 cloud accounts. Treat them as the ballpark, not the menu.

Vendor	Pricing model	India mid-market (₹/year)	Minimum deal
Wiz	Per-workload (resource)	₹30L–₹1Cr+	~₹30L/year
Orca	Per cloud-account tier	₹25L–₹80L	~₹25L/year
Prisma Cloud	Credit-based modular	₹40L–₹1.5Cr	~₹40L/year
Lacework	Per workload + data volume	₹20L–₹60L	~₹20L/year
Accuknox	Per workload (India-origin)	₹6L–₹18L	~₹6L/year
Defender for Cloud (P2)	Per resource/month	₹4L–₹12L	Usage-based
AWS Security Hub + Config + GuardDuty	Per account + per event	₹4L–₹10L	Usage-based
Prowler (OSS) + CloudQuery	OSS + engineer time	~₹1.5L (engineer cost)	None

Sources: partner quotes shared with us under NDA (Wiz, Orca, Prisma reseller channels, 2024–2026); published Azure and AWS pricing calculators (April 2026); Accuknox public pricing page; Prowler and CloudQuery are OSS. FX rate assumed: ₹84/USD.

Why Indian mid-market rejects the enterprise tier

Three structural reasons recur across buyer conversations, in rough order of importance.

Absolute price vs security budget

A ₹10 crore revenue Indian SaaS with a 2% security budget has ₹20 lakh/year for all security tooling combined — CSPM/CNAPP, WAF, DLP, endpoint, identity governance, SOC tooling, and the occasional penetration test. A ₹30 lakh/year Wiz contract consumes the entire security line and then some. Even if the CTO believes Wiz is the best product on the market (it often is), the trade-off is structural: either half the other controls don't get bought, or the CFO says no. The CFO says no.

Pricing model scales with infrastructure, not with risk

Per-workload CNAPP pricing means the bill grows with every new EC2 instance, container, or serverless function. For a growth-stage SaaS adding infrastructure 40–60% year-over-year, this means the CNAPP bill outgrows the FinOps savings the rest of the cloud team is producing. The ROI math inverts within 18 months. Buyers who have watched this play out once at their previous company are suspicious the second time.

Operational absorption capacity

Wiz surfaces ~1,200 check categories. Orca ~800. Prisma ~1,000. An Indian mid-market SaaS with one security engineer (frequently zero) cannot triage that volume. The tool produces a backlog that becomes its own KPI — "reduced findings by 40%" — without the findings mapping to actual attack-surface reduction. Buyers who have been through this once describe it as "buying a car you can't drive".

What they actually buy instead

The buying patterns we see cluster into four archetypes, keyed to regulatory exposure and cloud spend.

Archetype 1: Seed to Series A (≤25 people, ≤₹5L/month spend)

What they buy: Prowler + AWS Config, running on a cron, results dumped to S3 + DuckDB + a Metabase dashboard. GitHub Actions for SAST on pull requests.

Cost: ~₹1.5 lakh/year (setup + ongoing engineer time).

Gaps: No runtime workload protection. No identity governance. Acceptable trade-off at this stage.

Archetype 2: Series A/B (25–100 people, ₹5L–₹15L/month spend, pre-SOC-2)

What they buy: AWS Security Hub + Config + GuardDuty, or Defender for Cloud CSPM-only tier; Vanta or Drata for evidence automation if SOC 2 is on the roadmap; Prowler as a nightly supplement.

Cost: ~₹6–12 lakh/year combined.

Gaps: Multi-cloud view is stitched, not unified. Workload protection is limited to hyperscaler-native.

Archetype 3: Series B/C (100–200 people, ₹15L–₹40L/month spend, SOC 2 in scope or done)

What they buy: Accuknox or Cloudanix for CNAPP-lite with a predominantly Indian sales and support footprint, or — if US customers are driving procurement — an entry-tier Wiz or Orca contract negotiated hard on 2-year pre-pay. Defender for Cloud P2 remains common for Azure-heavy shops.

Cost: ~₹12–30 lakh/year.

Gaps: Choice depends on buyer pressure. US enterprise customers asking "do you have Wiz" drive enterprise CNAPP; Indian-only customer base rarely does.

Archetype 4: Regulated (fintech under RBI, healthtech under NDHM, payroll/insurance)

What they buy: Whatever satisfies the regulator, at whatever price. Commercial CNAPP is more common here because the evidence burden of RBI's cyber framework, DPDPA Significant Data Fiduciary obligations, or IRDAI compliance pushes tooling maturity faster than growth stage would alone.

Cost: 3–5% of revenue, which for a ₹20 crore regulated fintech is ₹60L–₹1Cr.

Gaps: Vendor lock-in is real; assume the tool stays for 3+ years.

Decision framework: regulatory vs cost sensitivity

Plot your company on two axes.

Regulatory intensity : low (unregulated B2B SaaS), medium (DPDPA-exposed consumer-facing), high (RBI/IRDAI/NDHM/SOC 2 Type II for US enterprise).
Cost sensitivity : low (>₹40L/month cloud spend, >3% security budget), medium (₹10L–₹40L/month, 2–3%), high (<₹10L/month, 1–2%).

The recommendations:

Low regulatory + high cost sensitivity : Prowler + Config. Revisit annually.
Medium regulatory + medium cost sensitivity : Security Hub / Defender + Vanta/Drata + Prowler supplement. Revisit when you cross ₹30L/month spend.
High regulatory + medium cost sensitivity : Accuknox or Cloudanix. Pay for the Indian support and the data-residency narrative.
High regulatory + low cost sensitivity : Enterprise CNAPP is defensible. Negotiate on 2-year pre-pay and scope the minimum deal to your actual workload count, not the "recommended" tier.
Low regulatory + low cost sensitivity : Unusual combination; either you are over-budgeting or under-exposing. Audit the assumptions.

How AICS Secure fits

Our Security module installs the Archetype 2 stack — native tooling + a Prowler supplement + a DPDPA posture runbook — for Indian mid-market SaaS in 2 weeks. Engagement is ₹1,00,000–₹2,00,000 depending on cloud footprint. Unlike commercial CNAPPs, we deliver the configuration, the runbook, and the first 30 days of monitoring, then hand the operation to your team. No per-workload billing, no lock-in.

If you're in Archetype 3 or 4 and already evaluating enterprise CNAPPs, we do vendor-selection engagements — read your AWS/Azure footprint, map it against Wiz/Orca/Prisma/Accuknox requirements, and produce a negotiating package with comparable-deal references from our network. Flat fee ₹1,50,000 for the decision memo.

Start with a free posture audit

Before you buy anything, run the free 24-hour audit. We produce a report that maps your current posture against a realistic Archetype 2 stack and tells you what you actually need to buy — and what you don't. No call required. Written report in your inbox within one business day.

Founder-led by Anushka B. AICloudStrategist is a founding-cohort security and FinOps consultancy for Indian mid-market SaaS (50–200 employees, ₹5L–₹50L/month cloud spend). First three customers at ₹40,000 for a full FinOps QuickStart, or ₹1,00,000 for a Security posture review. We publish our numbers and our pricing honestly. See how we prove what we claim.

AICloudStrategist · Founder-led. Enterprise-reviewed. · Written by Anushka B, Founder.

Related writing

Why 73% of AWS Trusted Advisor recommendations are ignored (and what founders should do about it)

Anushka B — Mon, 20 Apr 2026 11:29:31 +0000

Gartner's 2024 FinOps practitioner survey ran one of the least-read but most useful data points of the year: across 412 respondents spanning 23 countries, 73% of cost-optimisation recommendations from native cloud advisors — AWS Trusted Advisor, Azure Advisor, GCP Recommender — remained unactioned for 90+ days after they were surfaced. The median time-to-action for the remaining 27% was 42 days. For the Indian mid-market accounts we've audited in the last year, the ignored rate is closer to 80%.

This isn't because teams don't see the recommendations. They see them. They click through them. They nod. And then nothing happens. We've watched this pattern in twelve Indian mid-market audits in a row: the Trusted Advisor dashboard lights up like a cricket scoreboard, showing ₹1.5–4 lakh per month of potential savings — and the account proceeds as if the dashboard isn't there.

The interesting question is not "why is AWS Trusted Advisor bad" (it isn't — the recommendations are fine). The interesting question is: what structural property of a mid-market engineering org makes ignoring the recommendations cheaper than actioning them? That's what this post unpacks. Seven reasons. Then a founder-led framework to fix it. Then a real-audit pattern where a 50-person fintech found ₹3.2 lakh/month of ignored recommendations sitting in their dashboard for 14 months.

The seven reasons recommendations get ignored

1. No named owner

The Trusted Advisor dashboard is visible to everyone on the account. Which means, in practice, no one. "Someone should look at that" is the universal response when we ask who reviews it. Shared ownership without a named human is the oldest failure pattern in engineering org design, and it applies to FinOps signals exactly as hard as it applies to production alerts.

The fix is not more visibility. It's less. One person owns Trusted Advisor review. Their name is on it. They report monthly. They have the authority to action or defer each recommendation with a written rationale.

2. Political cost of changing another team's resource

Trusted Advisor flagged an oversized db.r5.xlarge owned by the data team. The platform engineer who reviewed it does not have the authority to resize it. She files a Jira ticket. The data team has a Q2 roadmap full of real features. The ticket sits. Six months later the recommendation is still there, still correct, and the rightsizing is now politically awkward because "you've been telling us about this for months".

The fix is organisational, not technical: the Trusted Advisor owner needs a direct escalation path to the CTO or VP Eng with a 30-day SLA on cross-team remediations. Without the escalation, every recommendation that crosses a team boundary dies in the gap.

3. Unclear revenue or business impact of the fix

"Rightsize this m5.2xlarge to m5.large, save ₹18,000/month" is a number, not a business case. An engineer weighing whether to action it needs to know: is ₹18,000/month meaningful against our gross margin? Does the founder care? Will finance notice? For a ₹6 crore/year SaaS with 70% gross margin, ₹18,000/month is meaningful — about 0.3% of revenue, which beats most feature work's contribution at the margin. But nobody in the engineering org has ever been told that. So the recommendation feels small.

The fix is translation. The Trusted Advisor owner, once a month, converts the rupee savings into percentage of revenue, percentage of cloud bill, and implied engineer-month equivalent. Then it lives on a slide the founder sees.

4. The recommendation is stale by the time anyone reads it

Trusted Advisor refreshes most cost checks every 24 hours. That is fast enough. But the review cadence in most mid-market teams is not — the dashboard gets looked at during the annual AWS account review. By then, the workload has scaled twice, the recommendation is now wrong in three directions, and the engineer who opens it spends 40 minutes determining that none of the current listings apply. Next year, same thing.

The fix is a standing monthly review, not a quarterly or annual one. 30 minutes. Same day of the month. Recurring calendar invite. Attendees: the Trusted Advisor owner, one finance stakeholder, one engineer with commit access.

5. Aggregated totals without per-team breakdown

Trusted Advisor tells you "₹2.4 lakh/month of potential savings". It does not tell you which team owns each recommendation. Without tagging + a per-team rollup, the ₹2.4 lakh is an org-wide number that belongs to everyone and therefore no one. Per-team chargebacks convert a shared-pool number into a per-owner one, and per-owner numbers get actioned.

The fix is tagging discipline upstream. Every EC2 instance, RDS cluster, EBS volume, Load Balancer has owner + env + product tags enforced at deploy time via IaC + AWS Config. Trusted Advisor output then filters to per-team dashboards, and each team lead sees their own ₹ number.

6. No governance cadence

Trusted Advisor review is the kind of work that disappears under a sprint planning session. If it's not on a calendar, it doesn't happen. If it's on a calendar that gets cancelled when a production incident hits, it doesn't happen either. The governance fix is simple but requires leadership air cover: the monthly review is protected. Only a SEV1 displaces it.

7. No rollback plan for the remediation

Engineers are trained — correctly — to treat every change as a potential production risk. Trusted Advisor says "delete 38 unattached EBS volumes to save ₹8,400/month". The engineer responsible knows that one of those volumes might contain data that someone, somewhere, thought was backed up. Without a documented rollback, the safe move is to not action it. And the safe move is what gets chosen.

The fix is to productise remediation: a standing runbook per recommendation type. Snapshot before delete. 30-day soft-delete window. Written rollback path. Once the process is cheap, actioning is cheap.

The founder-led framework to fix it

You don't need a FinOps platform to fix this. You need three things:

One named owner , 4 hours/month, reports to the founder or CTO.
A ROI threshold — the line below which a recommendation is auto-dismissed (we default to ₹5,000/month for Indian mid-market; above the threshold, the recommendation must have an action decision within 30 days).
A standing monthly review , 30 minutes, three slides: top 10 recommendations by ₹, decisions on each, recurrence rate.

That's the whole system. It fits on one page, it runs on any cloud, and it moves the actioned-recommendation rate from under 20% to above 70% in two quarters of running it. Not because the system is clever. Because the system exists.

The real audit pattern: ₹3.2 lakh/month ignored for 14 months

This is a composite example based on audit patterns across several Indian mid-market fintech clients. Specific figures approximate the modal case we see.

A 50-person Indian fintech, Series A, ₹9.4 lakh/month AWS bill, mostly in ap-south-1 with a secondary us-east-1 for analytics. Engineering team of 22. No named FinOps owner. Trusted Advisor enabled on Business Support; dashboard visited by two engineers, historically, when the bill spiked and the founder asked.

When we ran our free 24-hour audit in March 2026, the Trusted Advisor output alone showed:

₹1,16,000/month of Reserved Instance and Savings Plan opportunities (42% coverage, with 18 months of stable baseline eligible for a 3-year commitment).
₹68,000/month of low-utilisation EC2 instances — four m5.2xlarge workers at median 8% CPU, three r5.xlarge databases reporting zero connections over the last 30 days.
₹42,000/month of idle Load Balancers, 11 of them, from staging environments that had been torn down without the ELB cleanup step.
₹24,000/month of unassociated Elastic IPs — cost per unattached EIP is small but they accumulate.
₹71,000/month of storage-tier recommendations — S3 buckets holding analytics raw data in Standard that had not been read in >120 days, eligible for Intelligent-Tiering or Glacier.

Total: ₹3.21 lakh/month. Of the recommendations, 62% were older than 9 months. Two were older than 14. When we walked the engineering lead through the dashboard, his response was genuine: "We knew all of this was in there. Nobody owns it."

The remediation was not technical. It was process. We installed the framework above: one owner, ₹5,000 threshold, monthly review. We helped structure the first two reviews. Within 60 days the team had actioned ₹2.38 lakh/month (74% of the identified total), deferred ₹47,000 with a written architecture reason, and dismissed ₹36,000 as not-applicable-at-current-scale. The Trusted Advisor dashboard, which had been a scoreboard of shame, became a governed queue.

The engagement paid for itself in 11 days. The customer is now on a ₹50,000/month gain-share retainer where we continue to own the monthly review cadence against a frozen baseline. Verified savings through month three: ₹2.14 lakh/month.

What a useful Trusted Advisor practice looks like at Indian mid-market scale

One owner, one meeting, one threshold. Not a platform. Not a consultant on call. Not a Slack channel that nobody reads.
Monthly rupee rollup to the founder. Three lines of a CFO slide: "identified this month", "actioned this month", "cumulative run-rate saved YTD".
A documented reason for every ignored recommendation. Not to shame anyone; to avoid re-reviewing the same dismissal five times a year.
A rollback runbook for the top 5 remediation types. Delete-with-snapshot, resize-with-revert, retag-with-audit, terminate-with-30-day-hold, downgrade-storage-with-read-test.
Escalation to the CTO at 30 days for any cross-team recommendation the owner can't action alone.

This is what a founder-led FinOps practice looks like at this stage. It doesn't need a platform. It needs a cadence.

Want us to run the first review with you?

Our Cost module installs this operating model in 2–3 weeks. The free 24-hour audit shows you the ₹ number you're sitting on before you commit to anything. If you already know the number and want the framework delivered turnkey, FinOps QuickStart is ₹40,000 for the first three customers in our founding cohort, ₹75,000–₹1,00,000 thereafter, and includes the first 60 days of the owned monthly review.

Start your free audit → aicloudstrategist.com/audit.html

Or, if you'd rather talk first, book a 30-minute Cloud Cost Health Check call.

Founder-led by Anushka B. AICloudStrategist is a founding-cohort FinOps consultancy for Indian mid-market companies (₹5L–₹50L/month cloud spend). First three customers at ₹40,000 for a full FinOps QuickStart. We publish our numbers honestly — including the ones that don't yet exist. See how we prove what we claim.

AICloudStrategist · Founder-led. Enterprise-reviewed. · Written by Anushka B, Founder.