Sombra Self-Hosting Costs
The hosting costs of Sombra can vary depending on a few variables. Sombra is a simple web server hosted on a Dockerfile. It can be hosted in whatever framework you typically would use to run a Dockerfile.
Our out-of-the-box Terraform module for AWS has hosting costs around $170-$180/month which can be used as a benchmark. The image below is a breakdown of the bill that you would typically see for the AWS resources required to run the gateway:
Our out of the box Terraform module uses AWS Fargate to simplify the process of managing and deploying container-based images. This gateway will receive a fair amount of traffic that is initiated by your customers, your employees and also Transcend's integrations. For improved performance and availability, we recommend running 2 instances to add more resiliency when there may be spikes in traffic (e.g. privacy policy update announced in an email chain).
If you are looking to cut costs, we recommend experimenting with smaller instance sizes before removing replication of instances. If you have a small volume of DSRs or discovery plugins, you could try 1vCPU and 5GB to bring the bill down to around $90/month.
It's common to replace Fargate with another framework for managing Dockerfile deployment (e.g. Kubernetes, EC2s, Nomad, Docker Swarm, etc.). If you don't want to use our Terraform module with Fargate, our recommendation is to deploy the Dockerfile using whatever framework your team may use for internal Dockerfiles.
Load balancers will be needed for communication between Sombra and Transcend, as well as your internal systems and Sombra.
Data Usage costs are variable based on a number of things:
- Number of DSRs submitted
- Number of Data Silos in a DSR
- Number of discovery Plugins and the Frequency that the scans run at
The $2/month baseline is a reference point of around 100,000 DSRs per month, processed across 8 different systems with a couple discovery plugins. 100,000 DSRs per month is much higher than the average company. Although you may see fluctuation in your bill related to request volume, in most cases this cost is negligible compared to the total hosting costs.
The Sombra gateway produces detailed logs of any sensitive operations that happen within your organization, this includes:
- Your Data Subjects submitting a DSR
- Your Employees submitting a DSR
- Your Data Subjects downloading their data
- Your Employees previewing data in an Access request
- Transcend sending a network request to your SaaS vendors for the purposes of fulfilling a DSR or Structured Discovery scan
- Transcend running an employee-verified SQL statement against one of your databases to fulfill a DSR or for a Structured Discovery scan
The Dockerfile produces these logs in a standard JSON format and they can be ported into your log tool of choice. Transcend ports logging into Datadog which we use to get visibility into logs and set alerts & metrics. We use AWS FireLens to do this. The cost of those logs is dependent on which vendor you use. Price per log and log retention policies factor into the pricing, but for Transcend it ends up being around $5-10/month per Sombra cluster per month.