- CIOsurge
- Posts
- 💰 AI fuels cloud cost growth despite slowing inflation
💰 AI fuels cloud cost growth despite slowing inflation
AI Cloud Costs Climb, PostgreSQL and BeyondTrust Exploits, New CIOs at Walter P Moore and Ingenovis Health
Zack Tembi
February 24, 2025
Powered by Single Fin
Welcome to this week’s edition of CIOsurge!
This week:
AI workloads continue driving up cloud costs despite slowing inflation, creating opportunities for contract renegotiation.
PostgreSQL and BeyondTrust zero-days highlight the growing risk of chained exploits, prompting urgent patching.
Walter P Moore and Ingenovis Health announce new CIO appointments to lead digital transformation and IT strategy.
Let’s make this week a game-changer.
Stay sharp. Stay ahead.
💰 AI fuels cloud cost growth despite slowing inflation
Cloud cost inflation has eased, but enterprise cloud bills are still rising due to increased consumption, particularly for AI workloads. A Tangoe report highlights how hyperscaler competition among AWS, Microsoft, and Google has driven incremental cost reductions, yet many organizations are locked into outdated contracts with above-market rates. CIOs have an opportunity to renegotiate pricing and optimize hybrid cloud strategies to control costs.
Cloud pricing models are always shifting, and many IT teams are realizing they’re overpaying for compute and storage. If your organization signed a contract in 2022, there's a high chance you're not getting the best rates today. This is the time to reassess cloud commitments and push for better terms.
With AI workloads driving up specialized compute costs, cost control needs to be a strategic priority. Hybrid cloud and workload repatriation are becoming key levers for negotiating with hyperscalers. Showing vendors that you have viable on-prem or multi-cloud alternatives strengthens your bargaining power—use it.
- Zack Tembi
🔓 PostgreSQL and BeyondTrust zero-days exploited in tandem
Threat actors have exploited a newly disclosed SQL injection flaw in PostgreSQL (CVE-2025-1094, CVSS 8.1) alongside a BeyondTrust zero-day, CVE-2024-12356, to achieve remote code execution. PostgreSQL maintainers have issued patches across versions 13-17 to address the vulnerability, which allows attackers to leverage a meta-command shortcut to execute arbitrary shell commands. CISA has also flagged a related SimpleHelp flaw as actively exploited, requiring urgent remediation.
PostgreSQL’s vulnerability is a stark reminder that even well-established databases can have hidden security flaws. Attackers combining CVEs for deeper infiltration isn’t new, but this incident reinforces the need for proactive patching and continuous monitoring, especially for privilege management tools like BeyondTrust. The attack path shows how a single overlooked issue can cascade into full remote code execution.
If your organization relies on PostgreSQL, don’t just apply patches—review database permissions and audit for any unusual activity. The ability to execute shell commands via SQL injection is a high-risk scenario that demands immediate attention. Ensure that database security policies are tight and that web applications interacting with PostgreSQL are hardened against injection attacks.
- Zack Tembi
💬 Zack's Take
Data Auditing, Categorization, and Efficiency
A big trend I’m seeing right now is that organizations are finally starting to audit and categorize their data. For years, companies operated under the assumption that they could just store everything, but as data volumes skyrocket and cloud costs climb, that approach is no longer sustainable. Businesses are now realizing they need a strategy—not just for data storage, but for organizing, prioritizing, and optimizing how data is used. Without a structured approach, data quickly becomes a liability instead of an asset.
Too many companies are sitting on multiple copies of the same data, creating unnecessary costs and inefficiencies. It’s like grandma’s attic—nobody really knows what’s in there, but it keeps piling up, taking up valuable space. Beyond the financial burden, this data sprawl also slows down systems, makes compliance more difficult, and introduces security risks. The lack of visibility into what data exists, where it’s stored, and who has access to it creates blind spots that can lead to performance bottlenecks and regulatory headaches.
The real value comes from efficiency. By eliminating redundancies, properly categorizing high-priority data, and storing information in a way that balances accessibility with cost-effectiveness, organizations free up resources to solve bigger problems. This isn’t just about saving money—it’s about making data work smarter. Companies that actively manage their data lifecycle, implementing tiered storage strategies and automation for retention policies, are positioning themselves to scale more effectively while maintaining security and compliance.
🗞️ At A Glance
💡 CIO Spotlights
Aaron White steps into Chief Information & Digital Officer role at Walter P Moore
Aaron White, with over 25 years at Walter P Moore, has been promoted to Chief Information & Digital Officer.
As former Director of Digital Practice, he spearheaded AI-assisted design, parametric modeling, and real-time data analysis.
White aims to modernize project delivery and enhance efficiency through cutting-edge digital strategies.
Jan Ross steps up as CIO at Ingenovis Health
Jan Ross, previously EVP of tech operations and security, has been promoted to CIO at Ingenovis Health, expanding her leadership over IT applications, engineering, and data strategy.
CEO Ben Mirtes expressed strong confidence in Ross’s ability to steer the company’s technology and network operations.
Ross, who joined in 2023, emphasized her commitment to supporting both the company and frontline healthcare workers.