The adoption of cloud computing and, in particular, use of public cloud services like AWS, GCP, and Microsoft Azure has skyrocketed in recent years, and so too have the cloud budgets. Organizations have rushed to the cloud in a way akin to a modern day gold rush.
As the pandemic accelerated digital transformation initiatives, organizations looked to the cloud as a way to increase mobility, scalability, reduce infrastructure costs, and generally improve their digital capabilities. Like the gold rush, the rush to the cloud has required organizations to overcome many challenges. And, not unlike those “miner 49ers1,” unfortunately some organizations have been left poorer in pursuit of the promised land, while the cloud service providers have raked in the riches of selling them more shovels than they will ever need.
The 1849 Gold Rush is not unlike that of the rush to “cloud.”
Why Do Organizations Struggle to Keep the Cloud Data Costs Under Control?
Cloud computing can quickly become unexpectedly expensive, if left unmanaged. While data storage is relatively inexpensive, and getting cheaper every day, the cost of even a small amount of unnecessary storage can accumulate over time and can be coupled with the significant risk of million-dollar-plus fines and penalties, if handled inappropriately. The ease of enabling and reserving cloud services can also quickly lead to overprovisioning and committed expenses, where organizations end up paying upfront for resources they don’t need. An extreme example of this might be the selection of a three-year reserved ra3.16xlarge instance of Amazon Redshift with upfront payment. This could incur an upfront, three-year committed binding expense of at least $142,148 in a few clicks; regardless of how much storage is used.
3-Year Reserved Pricing for Amazon Redshift
The reality is that cloud service providers offer a similar confusing array of service options with cost influenced by committed usage, actual consumption, performance, and a variety of other factors for almost every type of data storage. As a result, organizations need to accurately estimate their usage to optimize their cloud spend. But growth can be unpredictable—particularly with the increasing amount of data that organizations generate and store. Without proper monitoring and management tools, organizations may not have the visibility they need to understand and optimize their cloud usage.
Another factor that can result in a shocking cloud bill is a denial-of-wallet attack. These types of attacks occur when an attacker intentionally uses a large amount of cloud resources with the goal of increasing an organization’s cloud bill. These attacks can be difficult to detect and can lead to significant and recurring financial losses for organizations, as described in this blog by Summit Route.
In the current economic environment, even the slightest increase in costs could be disastrous, but a successful denial-of-wallet attack could be catastrophic.
Keep Your Cloud Data Costs Under Control with DSPM
One way to manage and even reduce the cost is through the use of Data Security Posture Management (DSPM) to keep your cloud data costs under control. In this blog, I provide a quick refresher on DSPM, and outline seven ways you can use DSPM to control your cloud data costs. Like always, the collective wisdom of the awesome team at Symmetry Systems was involved and in particular Landen Brown and Christopher Maul provided invaluable insight.
You can read more about the origin of Data Security Posture Management in one of my previous blogs, but essentially it is a category of data security products that allows organizations to keep their eyes on what is happening to their data.
#1—Identify and Archive Dormant Data
DSPM products can be used to identify dormant data and even dormant data stores, providing organizations with clear cost saving opportunities. Data that is no longer needed or is rarely accessed, can then be archived to lower cost storage or even deleted. DSPM can also ensure that tightened access controls and increased monitoring and mandatory encryption is implemented to not only reduce the cost, but also to simultaneously increase the security of the archived data.
#2—Identify and Reduce Errors
DSPM products can be used to identify and alert on recurring errors. These errors could be an error code from unauthorized access attempts, whether due to use of incorrect credentials, coding error, or even a denial-of-wallet style attack. Most organizations do not realize these errors can come with a cost in the cloud, where almost every data transaction comes at a cost, whether successful or not.
#3—Determine the Right Storage Tiers Based on Accurate Usage
DSPM products can help determine the appropriate storage tiers based on accurate usage patterns. Some DSPMs, like Symmetry Systems DataGuard, track the usage patterns of different data stores, and data sets within those data stores, allowing for the identification of which storage tier is best suited to handle individual datasets. By comparing this usage to the performance metrics of each storage tier, including factors such as access speed, capacity, and cost, DSPM can help determine the optimal storage tier for a particular data set based on its usage characteristics.
#4—Monitor User-Based Database Licenses
DSPM products can monitor and control user-based database licenses. Yes it’s true, some database licenses remain user based. Non-compliance with these licensing terms can result in significant costs in penalties, legal action and backdated licensing fees. By utilizing DSPM, organizations can identify users consuming more licenses than they are utilizing and take corrective actions, such as revoking unnecessary licenses or reallocating them to other users. By optimizing their licensing costs in this way, organizations can reduce their cloud spending while still maintaining the level of service that their users require.
#5—Reduce Data Sprawl
DSPM products can control data sprawl by enforcing data perimeters and alerting on unexpected data flows. Data sprawl is a growing problem for organizations, as data is often scattered across multiple cloud accounts, multiple data stores, and even geo-locations. This not only makes it harder to secure sensitive information, but also can also result in significant cost implications as a result of storing and utilizing data in multiple places, and even compliance related fines and penalties.
#6—Limit Data Egress Fees
Similarly DSPM products can reduce unnecessary data egress fees by enforcing data perimeters and alerting on unexpected data egress. Cloud service providers can charge data egress fees whenever data is transferred out of their cloud environment. The fees can add up particularly when an organization frequently moves large amounts of data out of the cloud, between different cloud providers or between on-premises and cloud environments. The data egress fees could be triggered by routine backups, disaster recovery processes, and data analytics workloads that require access to large volumes of data.
Unfortunately, unlike DataGuard which adopts a customer-native implementation approach and avoids the need to move data out of the customer’s cloud, other DSPM products can themselves result in significant data egress fees for their customers.
#7—Optimize Cost and Compliance of Data Workloads
By using DSPM products, organizations can gain visibility into data like never before. Whether it’s sensitivity, compliance requirements, usage, performance needs, size or frequency of use, these insights can help organizations make informed decisions about workload placement and data management. Organizations need to balance the cost implications of workload placement, such as data transfer fees, storage costs, and compute costs with the data compliance requirements and performance requirements such as latency.
By understanding what data is regulated, and therefore, which data must be stored in specific locations or use specific security protocols, organizations can determine the optimal placement for their data workloads in the cloud, enabling them to optimize cost and improve compliance.
This Is the Way
In today’s economic environment, organizations are going to succeed by monitoring where their money and data is going. Cloud data costs can quickly become unmanageable in surprising ways, leading to unexpected expenses. While there is no magic formula for controlling cloud data costs when the amount of data being collected and stored continues to grow exponentially, a data security posture management (DSPM) solution can be an immense help in controlling data, the costs associated with it and making strategic decisions.
By right-sizing resources, implementing security controls, automating security tasks, improving compliance management, and identifying and mitigating security risks, companies can optimize their cloud costs and improve their overall security posture. DSPM is a must-have for any organization that wants to take full advantage of the benefits of cloud computing while reducing costs and mitigating security risks.
To learn more about DSPM or see a DSPM solution in action, please reach out. We’d love to show you how DataGuard can help drastically improve the number of dormant accounts and the length of their dormancy.
1Miner 49ers or 49ers are people that took part in the 1949 California gold rush.