Cloud cost intelligence for Azure, plus AWS and GCP in pilot.

Cloud cost intelligence for Azure,
measured and accounted for.

Costframe reads your cloud billing and utilization data over a read-only connection, finds idle, unused, and oversized resources, prices each finding at your net rate, and reports savings in figures finance can check against the invoice.

Read-only · Reader + Cost Management Reader

Supports read-only analysis across AWS, Azure, and Google Cloud with verified security compliance.

AWS
Azure
GCP
SOC 2 TYPE II
ISO 27001
Spend Under Management

€1.9B

Continuous invoice ledger tracking across enterprises.

Average Active Savings

23.7%

Direct net-rate reduction verified by actual billings.

Active Engineering Teams

312

Running automated daily audits on read-only connections.

01 · SECURE

Read-only connection

Reader and Cost Management Reader roles only. The Azure clients contain no write paths.

02 · ACCURATE

Net-price aware findings

Savings are quoted at your net rate, derived from your organization discount, not Azure list price.

03 · VERIFIABLE

Evidence attached

Each finding carries the resource ID, the CPU history that triggered it, and the price math behind the number.

04 · AUDITABLE

Invoice reconciled

Savings reconcile against ActualCost billing data synced daily from Azure Cost Management.

idle_computeoversized_vmreservation_gapunattached_diskstopped_vmlow_util_sqlstorage_hot_tierold_snapshotunused_public_ipempty_app_service_planunused_load_balancercost_anomaly

One invoice total is verified against your providers. Scroll to dissect.

Preparing the audit…
Audit workflow

A continuous audit, not a dashboard

Connect once, read-only. Costframe syncs cost data daily and keeps every finding tied to the evidence that produced it.

01

See the whole estate

Costframe ingests billing records, resource inventory, and tags into one normalized catalog. Every subscription, every resource.

02

Verify, don’t guess

Each savings opportunity is a finding with evidence attached: the resource specification, the catalog price reference, and the utilization history that flagged it.

03

Recover with confidence

Track findings to resolution. Resolved items move to the realized savings column, documented for finance and engineering alike.

Product Preview · Example Audit Output

connected

Spend by service

month to date · net rates

VMs
SQL
Stor
AKS
Net
App

▲ storage anomaly detected

Top findings

12 active

vm-prod-east-04

oversized_vm

+€1184/mo

ri-gap · eastus

reservation_gap

+€2030/mo

aks-batch-pool

idle_compute

+€612/mo

sql-reporting-02

low_util_sql

+€510/mo
Illustrative Savings Model€4,582/mo
The working surface

Built for the people who own the number.

Engineers get findings with evidence. Finance gets reports that reconcile to the bill. Leadership gets one continuous view of cloud spend.

Audit findings

Each finding names the resource, the detector that flagged it, and the monthly savings at your net rate.

Visual illustration of cloud cost audit findings categorized with status, evidence, and savings pills.

Cost explorer

Slice spend by service, subscription, or resource group. Daily ActualCost data, shown at the rates you pay.

Stylized bar chart tracing spend with detailed segments for accounts, services, and regions.

Anomaly detection

Day-over-day spikes are flagged against your historical baseline before the monthly statement lands.

TIMELINE_ANALYSISSTABLE_MONITOR
0.00msANOMALY_MONITOR100.00%

Unified subscriptions

Every connected Azure subscription lands in one normalized ledger that survives account reshuffles.

Abstract subscriptions mapped into a single normalized ledger card for multi-tenant billing verification.

Executive reporting

PDF reports where every number traces back to a finding and a resource ID.

Executive report document preview with key metrics, charts, and clean B2B SaaS dashboard styling.

Forecasting

Spend projections built from your own daily cost history, scoped per subscription.

Calm area chart transitioning historical data into a dotted forecast line for cloud spend projecting.
service-principal · read-only permissions
# roles requested
Reader
Cost Management Reader

# roles refused
Contributor, Owner, or write privileges

# storage keys
AES-256-GCM · decrypted inside workers only

Security Model

Read-only by construction

The Azure clients construct read-only endpoints and nothing else. Credentials are decrypted inside isolated workers, never on web servers. Costframe cannot modify, deploy, or delete anything in your tenant.

Read the security architecture →
Pilot Feedback Themes

What pilot partners ask us to prove

We engineered Costframe around strict enterprise procurement requirements. Below are the recurring validation themes and security questions we are built to answer during proof-of-concept reviews.

Finance & ProcurementInvoice Match Validation

“Can we verify savings against invoice-backed net rates?”

Enterprise finance teams ask us to match actual enterprise discounts. Costframe models custom net rates rather than public retail price cards, keeping audit calculations fully aligned with the final monthly invoice, with no list-price inflation.

Review Theme

Contract Rate Reconciliation

Net Rate Match

No List-Price Inflation

Security AssuranceZero-Write Posture

“Can security confirm the integration is read-only?”

Third-party write-access to core cloud infrastructure is a non-starter. Costframe is designed around strict read-only access, requesting only standard Reader and Cost Management Reader scopes. Zero capability to modify, provision, or delete resources.

Review Theme

Architectural Security

Engineering ValidationEvidence & Lineage

“Can engineering trace each finding to evidence before acting?”

Engineers rightly ignore black-box optimization suggestions. Costframe attaches full context to every finding, including raw telemetry records, specific resource IDs, and the exact pricing formula, so teams can audit and verify before making changes.

Review Theme

Actionability & Data Trust

Posture Verification

Security ControlActive
Role Audit PolicyEnforced
Decryption BoundaryIsolated
Compliance AuditAligned

Turn cloud waste into a verified action list.

Grant Reader and Cost Management Reader, run the first audit, and review the findings with engineering and finance at the same table.