Free diagnostic scan, fixed-fee audit, productized engine, and an operated practice — pick the depth that fits this quarter. Every path is bounded by scope, priced before commit, and aligned to DORA / NIS2 / ISO 27001.
The median EU SME cloud estate wastes 20-40% of monthly spend on resources nobody uses, nobody tagged and nobody owns. Every month it compounds, and every audit makes it worse.
Idle EC2, un-attached EBS, forgotten NAT gateways, oversized RDS. Nobody notices until the invoice lands at quarter-end.
Inconsistent tagging, no per-team showback, anomaly detection off. Finance and engineering argue from different spreadsheets.
Half your stack lives in the AWS console, the rest in stale Terraform state. Audits, DR rehearsals and migrations all hurt.
Start with the free scan to know where you are. Take the audit to know what it costs to fix. Buy the SEAWALL Engine product to own the controls. Engage the FinOps service for the full multi-cloud + SaaS practice. Pick one or sequence all four.
48 hours
Read-only IAM access. We surface zombie resources, tagging gaps and compliance risks — written report + 30-min walkthrough.
Scan my estate5 business days
Productized diagnostic. Quantified monthly savings plan per workload, DORA / NIS2 / ISO readiness snapshot, board-ready PDF + 60-min walkthrough.
Book auditAfternoon to 3 weeks
The product itself. Buy DIY (€199), have us deploy it for you, or subscribe to managed operations (€490-€1,490 / mo). Terraform + Grafana + SCPs + evidence pack.
See SEAWALL EngineOngoing
For multi-cloud estates across AWS, Azure, GCP and SaaS. Human-led FinOps council, monthly cadence with named savings owners, FOCUS-aligned reporting.
FinOps serviceA read-only 48-hour scan of your AWS or Azure estate. We surface zombie resources, tagging gaps and compliance risks — and hand you a prioritised savings plan with quantified Euros attached.
Under the hood
Scan runs the ITSailor AWS Inspector engine over Cost Explorer, pricing APIs and your resource inventory. Results are reconciled by a senior engineer — never shipped raw.
The productized diagnostic. Five business days. Walk away with a number you can take to the CFO and a written plan you can take to the platform team.
Independent of any SEAWALL purchase. No lock-in.
Top 30 cost-saving opportunities ranked by realisable monthly Euro, with effort-to-realise tagged per item.
Per-service, per-account, per-team spend over the prior 90 days with anomaly attribution and trend analysis.
Per-account tag coverage with the specific resources blocking accurate showback / chargeback.
Service Control Policies, Budgets, and anomaly-detection configurations vs the SEAWALL recommended baseline.
DORA Article 6, NIS2 Article 21 and ISO 27001 Annex A.5/A.8 readiness scored per control.
Whether you buy SEAWALL Engine, build internally, or do nothing — a written plan with sequenced phases and dependencies.
The Audit tells you what to fix. These are the two shapes the fix takes — productized for AWS-centric estates, operated for multi-cloud + SaaS practices.
Terraform-managed AWS cost guardrails: Budgets, CUR pipeline, Service Control Policies, Grafana Bloodbath dashboard, anomaly detection. Buy DIY (€199), have us deploy it for you, or subscribe to managed operations (€490-€1,490 / mo).
Human-led FinOps across AWS, Azure, GCP, Microsoft 365 and your top SaaS spend. Monthly FinOps council, quarterly business review with named savings owners, FOCUS-aligned reporting. Scoped from a baseline engagement to multi-currency Sovereign tier.
ITSailor delivers from the EU. Every Cloud FinOps engagement ships with an explicit mapping to the clauses your auditor will ask about.
Article 6 — ICT risk management framework. Budgets, anomaly detection and SCP guardrails map directly to the ICT control objectives.
Article 21 — cyber security risk management measures. Tagging SOP, IAM baseline and logging evidence covered in the handover pack.
Annex A.5 / A.8 — cloud cost management, change management and segregation of duties mapped for regulated EU operators.
Cloud FinOps is the strategic narrative — the broader practice covering AWS, Azure, GCP, M365 and SaaS spend. SEAWALL Engine is the productized AWS implementation: Terraform modules, Grafana dashboard, SCP guardrails, anomaly detection. Most clients enter via the free Bloodbath Scan, take the Bloodbath Audit to quantify the opportunity, then either buy SEAWALL Engine (AWS-focused) or engage the full FinOps service (multi-cloud + SaaS). Both paths share the same diagnostic.
The Bloodbath Scan is read-only. You provision an IAM role or scoped access key with ReadOnlyAccess and (optionally) a Cost Explorer permission. We never receive write credentials, never touch workloads, and you can revoke access the moment the scan ends. All evidence is stored encrypted in the EU (Hetzner Falkenstein) and destroyed on request.
Those are dashboards — they tell you something is wrong, then bill you per user for showing you. We ship the controls that stop the bleed: Terraform-managed Budgets, Service Control Policies, anomaly detection wired to your comms channel, and a tagging SOP your engineers actually follow. You keep the IaC. No per-seat SaaS fee, no vendor lock-in.
Every SEAWALL control carries an explicit mapping to DORA Article 6 (ICT risk management), NIS2 Article 21 and ISO 27001 Annex A. At the end of any engagement (Bloodbath Audit or SEAWALL Implementation), you receive an evidence pack formatted for your next supervisory review or internal audit.
Net reduction in monthly invoice — measured against a frozen 90-day baseline, with anomalies and one-off spikes excluded. We do not count reservations, commitments or promotional credits as savings. If the post-implementation invoice does not drop, you do not pay the success component of any retainer.
One senior engineer — the same one you meet on the discovery call. No account managers, no offshore hand-off, no junior rotation. You get a single Slack channel and a direct line to the person holding the Terraform plan.
For the Bloodbath Scan: yes, AWS + Azure both covered today. For the SEAWALL Engine product: AWS first (the largest waste surface in our client base), with an Azure-equivalent module set in beta. For broader multi-cloud + SaaS spend: the FinOps & Cost Management service handles AWS, Azure, GCP, Microsoft 365, and the top SaaS spend categories as one operated practice.
One senior specialist. Zero hand-holding. Results in weeks.