An Amazon Macie Alternative

An Amazon Macie Alternative

If you’re storing data in Amazon S3 (Simple Storage Service) buckets, it’s highly likely you’ve taken a look at Amazon Macie. If you’re new to the AWS ecosystem, Macie is a tool Amazon built to help S3 users discover, classify, and protect the sensitive data they store in their S3 instances.

On a positive note, offering a tool like Macie is a good thing as Amazon S3 users have had their fair share of challenges keeping their buckets (and the data within them) out of harm’s way. The visibility provided by Macie and similar toolsets is essential for security professionals looking to understand their risk footprint and where the data they need to protect actually resides. On the downside, however, the cost to actually use Amazon Macie may leave a sour taste in your mouth (as this user reported after racking up $60,000 worth of charges in just 24 hours).

Amazon Macie Pricing

Per Amazon’s website, the “Content Classification” component of Macie is priced as such:

“No charge for the first 1 GB processed by the content classification engine

After first GB, $5.00 per GB processed by the content classification engine”

Amazon Macie Content Classification Cost
Figure 1: Amazon Macie Content Classification Cost – https://aws.amazon.com/macie/pricing/

Using 100GB as an example, that’s $495 for your initial scan. If your bucket grows 5GB the next month, that’s no problem. It’s just $25 because you already scanned the other 100GB last month. Let’s say you started in January and your bucket grows 5GB each month. That would mean your total annual cost for performing content classification scans against this bucket would be $495 + ($25*11) = $770. Not bad! But unfortunately, that’s not reality.

Here’s why…

  1. Data (especially file data) is created at alarming rates and is rarely deleted (so it’s just going to keep growing and growing)
  2. Active data changes (so it’s going to need to be re-scanned)
  3. Requirements change and you’ll want to look for new things (which means you’ll have to scan it ALL again, every time)
  4. You’re probably going to have multiple buckets (so that $770 might begin to compound very quickly)
  5. Scan frequency matters (and once per month is probably not going to make you feel like you’re on top of what’s in these buckets)

So what’s your Amazon Macie alternative?

An Affordable Alternative to Amazon Macie

Stealthbits’ StealthAUDIT is an auditing, reporting, and governance platform supporting dozens of unstructured and structured data repositories, directories, and operating systems located both on-premises and in the cloud. For Amazon S3, StealthAUDIT provides a full-scale, automated solution that helps administrations understand how access has been configured to their S3 buckets and who has permissions to the data within them, who is accessing the data, which files contain sensitive data, and much more. And if you’re like every other organization on the planet and are using technologies other than Amazon S3, like on-premises network file shares, SharePoint and Exchange (on-prem or O365), Dropbox, Box, SQL, Azure SQL, and Oracle databases, StealthAUDIT allows you to aggregate all this access, activity, and sensitive data information into one place to get a global view into what any user or group has access to or who effectively can access any particular resource.

In comparison with Amazon Macie’s Content Classification, StealthAUDIT not only provides a broader set of capabilities for AWS in that it covers far more subject-matter (e.g. Users, Groups, Roles, Policies, Permissions, Content, Activity, and Sensitive Data), but it also provides substantial cost savings allowing organizations to scan even the largest datasets at high frequency for pennies on the dollar – literally. This makes StealthAUDIT one of the most affordable Amazon Macie Alternatives on the market today.

Cost Savings – Stealthbits StealthAUDIT vs. Amazon Macie

Depending on where Stealthbits’ scanner is deployed (and whether the data is being transferred out to the internet) costs per GB range from $0.02 – $0.09. See the “Data Transfer” tab on Amazon’s S3 pricing page.

Figure 2: Amazon S3 Data Transfer Costs – https://aws.amazon.com/s3/pricing/

Against that same 100GB dataset in our previous example, that’s a 98.2% – 99.6% reduction in content classification costs. The first 100GB would cost between $2.00 – $9.00, and if the results remained within the AWS ecosystem, you could scan a new 100GB every day for over a year (385 days to be exact) before exceeding the costs of the example discussed previously. That’s more like it!

Next Steps

To be clear, this is not a commentary on Amazon Macie as a technology. Amazon makes incredible technology that has and continues to change the world. But for organizations storing massive quantities of files in S3, the price to obtain adequate visibility into the content of those files becomes a real problem. Request a free trial of StealthAUDIT for AWS and we’ll help you see it with your own eyes!

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Start a Free Stealthbits Trial!

No risk. No obligation.

Privacy Preference Center

      Necessary

      Advertising

      Analytics

      Other