Definition

What is data egress? How it works and how to manage costs

Cameron Hashemi-Pour

By

Cameron Hashemi-Pour, Site Editor

Data egress is when data leaves a closed or private network and is transferred to an external location. This occurs within the context of cloud computing when stored data moves out of a private cloud network and into a public cloud or an external network. The term is commonly used in both network security and network and data management.

A cloud storage service provider managing data for customers performs data egress when a client requests to have its data transferred from the cloud to its internal network. Examples of data egress in an enterprise setting include emails sent to clients and other external recipients and on-premises data uploaded to a cloud data storage provider. These are business operations where the data egress is authorized. On the other hand, when a malicious actor steals data from an insecure network, that is unauthorized egress. Egress management is an important business function.

Data egress vs. data ingress

Data ingress happens when data is transferred from an external location into a closed or private network. It's the opposite of data egress. A business uploading a new data set or file to its network is an instance of data ingress. A network's IT staff is responsible for analyzing the flow of inbound and outbound network traffic.

As with data egress, ingress can be either authorized or unauthorized, also referred to as solicited or unsolicited. When data is imported from an external database for business purposes, that's authorized or solicited ingress. Meanwhile, malware hidden in an email or a data set represents unauthorized or unsolicited ingress. Data ingress traffic is typically a bigger security concern for IT teams than egress traffic.

Diagram comparing authorized and unauthorized data ingress — Properly configured cloud security enables authorized data ingress but blocks unauthorized data ingress.

Examples of data egress

An IT department typically uses the following methods when transferring data, all of which are forms of data egress:

Emails. An email message or attachment sent to a recipient outside an organization's internal network is data egress.
Data exports. A more complex egress example is a third-party cloud storage provider sending a large volume of data to a client in response to that client's request for that data.
HTTP transfers. An IT department can interact with a third party or external application programming interface (API). Here, a request is made for specific data from the external network owning the API. From the external network's perspective, the egress occurs as data leaves the network.
Removable storage hardware. A more traditional example involves data leaving a network to be stored on physical storage hardware, such as external hard drives or flash drives.

Data egress threats

Hackers and malicious actors are using increasingly sophisticated cyberattacks to get at data. They have different data exfiltration methods and ways to leak or steal data from a network, including the following:

Malware. Malware and other viruses, such as backdoor Trojans, are introduced to a network through data ingress. They are often hidden within data for the purpose of damaging or stealing sensitive data. This also includes ransomware, where perpetrators lock data and require a ransom from the owner before returning it.
Social engineering. Malicious actors use social engineering techniques in emails, texts or other forms of communication to trick individuals in an organization into revealing sensitive or personal data, such as identity information or passwords. They then use the information against the organization somehow. With phishing attacks, threat actors use urgency or emotional appeal to steal sensitive information.
Denial-of-service attacks. DoS and distributed DoS attacks flood a network with illegitimate traffic so the network becomes slow or unusable. This makes it difficult or nearly impossible to perform normal data transfer operations.
Data interception. Specifically, when data is in transit, bad actors can intercept and steal unencrypted data.
Insider threats. Within a company, an employee with access network credentials can steal sensitive data for uses that violate company policies. This also represents unauthorized egress.

What are data egress costs?

Cloud storage software providers handle an organization's data management needs but often charge data egress fees. While data ingress into these platforms is usually free, users typically are charged to move data out.

End users are charged for the amount of data bandwidth they use per month. Public cloud providers charge a few cents per gigabyte (GB) of data transferred out of their platforms. Depending on the provider, data egress charges can go up or down after a set number of terabytes (TB) are transferred.

For example, Amazon Web Services' (AWS) Elastic Compute Cloud charges $0.09 per GB of outbound data for the first 10 TB transferred in a month for users in North America. That cost decreases slightly after 10 TB are transferred. Microsoft Azure's pricing allows 100 GB of free egressed data per month before also charging from $0.05 to $0.18 per GB, depending on the source continent and the amount of data.

In January 2024, Google Cloud abolished its data egress fees for customers who switch to a new platform and transfer their data out of the platform. AWS and Microsoft did the same within months. This occurred for two reasons: the competitive nature of the cloud market and the need to comply with the European Data Act and other regulations requiring sensitive data to be removed or deleted when no longer in use.

Best practices to manage data egress costs

Following a set of data management best practices positions an organization to reduce unnecessary data egress costs before they accrue. These practices include the following:

Vet cloud services. Organizations should research several cloud services to identify platforms that fit their needs and budget. Some providers enable direct or dedicated network connections to cut costs.
Place data in one cloud network or region. Data transfer costs are often lower within the same network or region. One specific approach is to cache frequently accessed data locally to reduce the need for transfers.
Compress data. Data volume is one of the factors affecting egress costs. Data compression reduces transfer volumes and costs.
Analyze use patterns. An organization should monitor how it's using data over time to identify inefficient transfer methods.
Schedule strategically. Peak use times are when a cloud provider experiences the highest network traffic; lower rates during off-peak times encourage customers to transfer when network traffic is lighter.

Best practices to manage data egress security

Data egress costs aren't limited to data transfer costs from cloud services. They also come from loss or theft of sensitive data. The cost of data breaches includes lost productivity and legal fees.

There are a number of best practices to follow to prevent data egress security issues and avoid data breach costs:

Monitor traffic. IT departments should monitor and log network traffic for signs of malicious activity. Tools such as security information and event management are used for these analyses.
Create enforcement policies. Having an organizationwide policy ensures everyone knows acceptable data handling and egress practices.
Set firewall rules. Implementing a firewall and configuring it with rules to restrict unauthorized egress are key to securing a network.
Apply security measures. Various security measures, such as encryption, data loss prevention and virtual private networks, also secure IT networks.
Set user permissions. Permissions make it so only authorized, trusted personnel can access sensitive data.
Train employees. Once policies are set and security measures are in place, employees should be trained to ensure rules are followed and data is managed properly.

Cloud block storage comes with its own set of challenges, and managing data egress costs makes the list. Learn what to watch for.

This was last updated in November 2024

Continue Reading About What is data egress? How it works and how to manage costs

Cloud egress costs: What they are and how to dodge them

Rules to avoid high multi-cloud integration cost

Hybrid cloud connectivity best practices and considerations

A guide to AWS storage cost

A guide to Microsoft Azure storage pricing

Dig Deeper on Data management strategies

Search Business Analytics

How to implement a business intelligence project in 7 steps
The BI implementation process involves a series of steps that organizations need to take to ensure projects are completed ...
Big data analytics and business intelligence: A comparison
BI and big data analytics support different types of analytics applications and using them in complementary ways enables a ...
How to build an effective business intelligence strategy
Explore the eight steps organizations need to develop and implement a successful business intelligence strategy, as well as some ...

Search AWS

Compare Datadog vs. New Relic for IT monitoring in 2024
Compare Datadog vs. New Relic capabilities including alerts, log management, incident management and more. Learn which tool is ...
AWS Control Tower aims to simplify multi-account management
Many organizations struggle to manage their vast collection of AWS accounts, but Control Tower can help. The service automates ...
Break down the Amazon EKS pricing model
There are several important variables within the Amazon EKS pricing model. Dig into the numbers to ensure you deploy the service ...

Search Content Management

What are the top Microsoft Power Apps limitations?
Limitations include constrained licensing, limited support for different device sizes, lack of mature third-party integrations ...
Box expands AI capabilities with apps, app builder
The GenAI tools are part of a new subscription named Enterprise Advanced.
12 advantages and disadvantages of video conferencing
Video conferencing can help businesses save money and make employees more productive, but it can make personal connections ...

Search Oracle

Oracle sets lofty national EHR goal with Cerner acquisition
With its Cerner acquisition, Oracle sets its sights on creating a national, anonymized patient database -- a road filled with ...
With Cerner, Oracle Cloud Infrastructure gets a boost
Oracle plans to acquire Cerner in a deal valued at about $30B. The second-largest EHR vendor in the U.S. could inject new life ...
Supreme Court sides with Google in Oracle API copyright suit
The Supreme Court ruled 6-2 that Java APIs used in Android phones are not subject to American copyright law, ending a ...

Search SAP

SAP aims to simplify spend management with AI copilot
SAP is injecting more generative AI into its Intelligent Spend Group via its Joule copilot. It also introduced new services for ...
SAP focuses on developer efficiency in Joule, Build update
At SAP TechEd, the vendor unveiled new functionality for its generative AI copilot, Joule, as well as ABAP capabilities in its ...
Rise with SAP sweetens U.S. Sugar's cloud move
Faced with an aging on-premises ERP system, U.S. Sugar took time to plan a move to S/4HANA Cloud and settled on Rise with SAP ...

Close