Amazon Web Services (AWS) Microsoft Azure Total Cost of Ownership

Data Egress: Costs, Cloud Provider Pricing Models, Challenges & How to Minimize Them

The recent shift to a hybrid work model has seen organizations move their data and IT resources from on-premises legacy systems to cloud-supported technology. This has resulted in mission-critical data dispersed haphazardly across multiple locations, such as data centers, endpoints, the cloud and Software-as-a-Service (SaaS) applications. With such wide distribution comes the problem of monitoring

9 minute read

The recent shift to a hybrid work model has seen organizations move their data and IT resources from on-premises legacy systems to cloud-supported technology. This has resulted in mission-critical data dispersed haphazardly across multiple locations, such as data centers, endpoints, the cloud and Software-as-a-Service (SaaS) applications. With such wide distribution comes the problem of monitoring the data and the challenge of data egress, which poses a serious security threat to organizations.

While not every act of data egress leads to security threats, having fundamental knowledge about the process and the associated costs is crucial.

In this blog, we’ll delve deep into what data egress is, the egress pricing models of popular cloud providers, the reason behind data egress charges and the challenges associated with it. We’ll also show you how our backup solution can help your organization eliminate egress charges and accomplish foolproof backup and disaster recovery.

What is data egress?

Data egress describes the process of data moving out of a local network and getting transferred to an external location. Here, the data type is irrelevant since any type of information can be egressed. Instead, it’s the very act of leaving the network, with the data getting shared externally via a network’s outbound traffic.

Difference between data egress and ingress

When it comes to the basic difference between data ingress and egress, the former refers to the traffic that originates outside an organization’s network and is transferred to it. In other words, it’s unsolicited data sent to a private network from the internet. The request for data transfer is not made from within the organization’s network.

On the other hand, egress means data traffic is leaving from inside a private network to the public internet. Organizations can monitor egress traffic to spot any signs of malicious activities via egress filtering. This helps businesses block the transfer of sensitive data outside their networks and limits high-volume data transfers.

What are examples of data egress?

Any form of data transfer from the local network can be termed data egress. This includes outbound email messages, cloud/website uploads and transfer of files to removable media like USB drives and external hard drives. Common channels like File Transfer Protocol (FTP) or HTTP transfers also fall under the data egress umbrella.

What are data egress costs?

Common cloud providers like AWS and Microsoft Azure operate with a “pay-as-you-go” model, offering flexibility and free data uploads to their infrastructure. However, downloading or even moving data within the cloud environment from its storage location comes at a cost.

Data egress costs are “hidden” costs of cloud computing since they appear to be billed in arrears. This means your applications, workloads or users may continue to extract data and mount up the fees, making a project so expensive that it’s no longer in control. Therefore, it’s challenging, particularly for larger organizations, to monitor and manage data egress charges.

Fees levied by service providers extend beyond downloading. They can charge when data:

  • Moves to another cloud provider.
  • Moves to another region or availability zone.
  • Gets transferred between cloud-based applications. In one such instance, a company moves data from archives to an analytics application. Although the uploads to the analysis packages are free, the cloud provider hosting the archive will charge egress fees for the data leaving the archive storage.

Some providers also charge for moving data from storage to memory, and in some scenarios, SaaS applications add their egress charges for downloading data.

Different cloud services have various tiers of pricing and the costs per service vary. Egress fees vary depending on the volume of data being moved and its destination. The more the volume of data moved, the more expensive the process gets. Location matters as well. Transfer of data between availability zones or within regions will incur the lowest cost, whereas transferring data across regions will incur the highest fees.

Here’s a look at the egress costs of some common cloud providers.

AWS egress costs

AWS users can usually incur data egress costs when linking several AWS services and/or moving data from one availability region to another. These costs are applicable when using routing services and Content Delivery Networks (CDNs). The most common scenarios to incur such outbound data transfer costs are:

  • Leveraging a two-way data transfer model with an additional cost for inbound or outbound data transfer.
  • When moving data from one availability region to another with higher data transfer costs.
  • When linking multiple services, such as Elastic Cloud Compute (EC2), Simple Storage Service (S3) and CDN.

Google Cloud Platform egress costs

The concept of egress within Google Cloud applies when moving or copying data from one Cloud Storage bucket to another and/or when another Google Cloud service accesses data in your Cloud Storage bucket. The pricing here is mainly determined by the bucket and destination location.

In the case of the special Google Cloud network products, the egress fees are based on the pricing model of the particular platforms, such as Cloud CDN, CDB Interconnect, Cloud Interconnect and Direct Peering. For compressed objects transcoded during download, the egress rate depends on the uncompressed size of the object.

Azure egress costs

In recent times, the pricing options for data egress in the case of Microsoft have depended on traffic origins, availability zones, regions, services and so on. Azure doesn’t charge for the inbound flow of data (ingress) or traffic coming from the WAN. Instead, it charges for:

  • Data flowing out of your Azure network (out of Azure completely)
  • Data transferred between different availability zones
  • Data transferred between different Azure regions
  • Data that is moved between peered (the connection between virtual networks) and Virtual Network (VNET). Both data ingress and egress are chargeable for this scenario.

Also, there’s another data transfer scenario where a hybrid connection between Azure data centers and on-prem infrastructures (or in a colocation environment) is set up through ExpressRoute services. Egress charges are applicable here as well.

Egress pricing also applies to built-in backup management and disaster recovery services, such as Azure Backup and Azure Site Recovery.

Why do cloud providers charge egress?

Cloud providers charge egress fees for data transfer when it leaves their network. It’s a way to discourage customers from leaving their ecosystem and transferring data to other cloud providers or on-premise systems.

This is also a subtle way of charging more for cloud management over time. With companies growing more dependent on the cloud and with the growth of the sophistication of a company’s IT stack, more data has to travel between most of their applications across clouds. So, there’s more data to move, which is why the egress tax increases. However, at this point, the customer has invested a lot in their cloud infrastructure and cannot back out, resulting in vendor lock-in.

Challenges and threats associated with data egress

Unlike subscriptions, data egress costs are not fixed and are usually not negotiated in advance. They rack up as businesses change their IT strategy, make an acquisition, enter a new market or come under regulations forcing data relocation.

Surprise egress fees from cloud providers can prevent organizations from having the flexibility to readily pivot from one provider to another better suited to their needs, or can push an organization to impose data limits to reduce billing complexity. Even a single cloud strategy can lead to risks like vendor lock-in and ultimately hinder innovation and growth.

Also, there’s a lack of transparency regarding egress fees. The billing complexity makes it hard for organizations to predict and model the pricing structure. Another facet of the complex ecosystem is the unpredictability of data transfer charges for certain instances. In some cases, the transfer (upload or ingress) is free. For example, in the case of Amazon, you need to know if the data is traversing the internet, moving between regions or passing through different availability zones.

Data egress also presents many risks to organizations, especially if the data is shared with unauthorized recipients. Bad actors can use various data exfiltration techniques to steal, intercept or snoop on networks and data in transit, resulting in data loss. They can even leverage social engineering tactics to disguise attacks as regular network traffic. Another major threat related to data egress are insider threats, which can be either malicious or accidental.

All of these make a comprehensive backup and recovery solution with minimal egress charges an absolute necessity.

How to avoid egress charges

To reduce egress charges, IT departments can opt for demand management to limit cloud storage and data transfers. However, putting limits on data downloads can risk breaking business processes. Egress fees can be reduced by understanding the mechanics of cloud networking.

The first thing to do is to host applications in the cloud that don’t need to interact frequently with the on-prem portion of a hybrid cloud environment. This keeps your overall IT operations bill low and helps you save big on compliance.

Another sure-shot way to bypass exorbitant egress fees is to use on-demand private connectivity. In a private circuit, you are not paying high rates for data leaving the cloud (for example, Azure) and traveling across the public internet back to the on-prem infrastructure.

In a cloud provider like Azure, a specific service like ExpressRoute can be a smart solution in reducing the egress cost. When transferring a large volume of data over a private connection, using ExpressRoute Local can help achieve big egress fee savings. ExpressRoute connections do not go over the public internet and can offer faster speed, low latency, reliability and higher security than other connections.

However, using a third-party service to manage or even mitigate data egress early in your cloud journey can be immensely helpful since it can help you receive valuable recommendations on reducing egress fees. This is where Unitrends Backup for Microsoft Azure can become a key player.

Eliminate egress charges with Unitrends Backup for Microsoft Azure

Due to its hidden nature, data egress charges are often unexpected and unpredictable. This is one of the many incremental variable costs for Azure Backup and Azure Site Recovery, which can increase your organization’s cloud bill by 20–30%.

However, with Unitrends Backup for Microsoft Azure, a purpose-built solution for backup and disaster recovery of Azure VMs, you pay ZERO egress fees for the replication of backups to a redundant, secure Unitrends cloud data center, where they’re stored in a warm state, ready for instant virtualization. This eliminates single cloud risk, while removing the “sticker shock” aspect of disaster recovery in the cloud, for complete peace of mind. The below table shows how direct costs for Unitrends compare with the native Azure services and their TCO.

Unitrends Backup for Microsoft AzureAzure BackupAzure Backup and Azure Site Recovery
Direct Cost$170$55–$65$215–$235
Backup verificationDaily, automatic, included in priceManual, weekly incremental $15–$25 internal ops cost per testManual, weekly incremental $15–$25 internal ops cost per test
Failover operationInstantly failover to the Unitrends Cloud, included in priceIncur variable fees based on VMs in use, estimated at $5 monthlyIncur variable fees and egress charges, estimated at $10–$15 monthly
24/7 technical supportIncludedAdditional costAdditional cost
Monthly TCO$170$135–$155$300–$325

Additionally, multiple features are included with Unitrends Backup for Microsoft Azure at no extra cost, such as daily backup verification, 24/7 technical support, 24/7 Unitrends Cloud security monitoring, DR failover and DR testing in Unitrends Cloud.

Want to save big on your data egress costs and lower your cloud TCO? Contact our Azure specialists today.

See Everything Unitrends Backup Appliances Have to Offer

Appliances range from 2-120TB and are available in high-performance desktop and robust rackmount formfactors. Regardless of the use case, there’s a backup appliance that caters to it.

Request a Demo