If you’re storing data in Amazon S3 (Simple Storage Service) buckets, it’s highly likely you’ve taken a look at Amazon Macie. If you’re new to the AWS ecosystem, Macie is a tool Amazon built to help S3 users discover, classify, and protect the sensitive data they store in their S3 instances.
On a positive note, offering a tool like Macie is a good thing as Amazon S3 users have had their fair share of challenges keeping their buckets (and the data within them) out of harm’s way. The visibility provided by Macie and similar toolsets is essential for security professionals looking to understand their risk footprint and where the data they need to protect actually resides. On the downside, however, the cost to actually use Amazon Macie may leave a sour taste in your mouth (as this user reported after racking up $60,000 worth of charges in just 24 hours).
Per Amazon’s website, the “Content Classification” component of Macie is priced as such:
“No charge for the first 1 GB processed by the content classification engine
After first GB, $5.00 per GB processed by the content classification engine”
Using 100GB as an example, that’s $495 for your initial scan. If your bucket grows 5GB the next month, that’s no problem. It’s just $25 because you already scanned the other 100GB last month. Let’s say you started in January and your bucket grows 5GB each month. That would mean your total annual cost for performing content classification scans against this bucket would be $495 + ($25*11) = $770. Not bad! But unfortunately, that’s not reality.
So what’s your Amazon Macie alternative?
Stealthbits’ StealthAUDIT is an auditing, reporting, and governance platform supporting dozens of unstructured and structured data repositories, directories, and operating systems located both on-premises and in the cloud. For Amazon S3, StealthAUDIT provides a full-scale, automated solution that helps administrations understand how access has been configured to their S3 buckets and who has permissions to the data within them, who is accessing the data, which files contain sensitive data, and much more. And if you’re like every other organization on the planet and are using technologies other than Amazon S3, like on-premises network file shares, SharePoint and Exchange (on-prem or O365), Dropbox, Box, SQL, Azure SQL, and Oracle databases, StealthAUDIT allows you to aggregate all this access, activity, and sensitive data information into one place to get a global view into what any user or group has access to or who effectively can access any particular resource.
In comparison with Amazon Macie’s Content Classification, StealthAUDIT not only provides a broader set of capabilities for AWS in that it covers far more subject-matter (e.g. Users, Groups, Roles, Policies, Permissions, Content, Activity, and Sensitive Data), but it also provides substantial cost savings allowing organizations to scan even the largest datasets at high frequency for pennies on the dollar – literally. This makes StealthAUDIT one of the most affordable Amazon Macie Alternatives on the market today.
Depending on where Stealthbits’ scanner is deployed (and whether the data is being transferred out to the internet) costs per GB range from $0.02 – $0.09. See the “Data Transfer” tab on Amazon’s S3 pricing page.
Against that same 100GB dataset in our previous example, that’s a 98.2% – 99.6% reduction in content classification costs. The first 100GB would cost between $2.00 – $9.00, and if the results remained within the AWS ecosystem, you could scan a new 100GB every day for over a year (385 days to be exact) before exceeding the costs of the example discussed previously. That’s more like it!
To be clear, this is not a commentary on Amazon Macie as a technology. Amazon makes incredible technology that has and continues to change the world. But for organizations storing massive quantities of files in S3, the price to obtain adequate visibility into the content of those files becomes a real problem. Request a free trial of StealthAUDIT for AWS and we’ll help you see it with your own eyes!
As General Manager, Adam is responsible for product lifecycle and market adoption from concept to implementation through to customer success. He is passionate about market strategies, and developing long-term path for success for our customers and partners.
Previously, Adam served as CMO and has held a variety of senior leadership positions at Stealthbits – now part of Netwrix including Sales, Marketing, Product Management, and Operational Management roles where his focus has consistently been setting product strategy, defining roadmap, driving strategic engagements and product evangelism.
Adam holds a Bachelor of Science degree in Business Administration from Susquehanna University, Selinsgrove, PA.
Adopting a Data Access Governance strategy will help any organization achieve stronger security and control over their unstructured data. Use this free guide to help choose the best available solution available today!Read more
Start a Free Stealthbits Trial!
No risk. No obligation.