· Michael Avdeev · Insights · 7 min read
What Scanning 10TB of Data Actually Costs: AWS Macie vs. Risk Finder
There’s a spreadsheet that nobody wants to build.
The one where you calculate what it actually costs to scan all your data for sensitive information. Not the marketing page estimate. Not the “it depends” from a sales engineer. The real math for a realistic workload.
We built it. Stared at it for a while.
Here’s what we found.
First, Let’s Talk About 10TB
Ten terabytes sounds like a lot. It isn’t.
A mid-sized healthcare company with seven years of patient records, imaging metadata, and insurance claims? Easily 10TB. Fintech startups processing loan applications blow past that without realizing it. And if you’re an e-commerce company with a decade of order history spread across three S3 buckets and a legacy database dump someone forgot about — yeah, you’re in the club too.
10TB isn’t an edge case. It’s Tuesday.
And if you’re subject to HIPAA, PCI DSS, CCPA, or GLBA, you need to scan all of it. Not a sample. All of it. Regulators don’t accept “we checked most of it.”
So what does that cost?
AWS Macie: The Per-GB Math
AWS Macie charges $1 per gigabyte for sensitive data discovery. That’s the targeted scanning rate — the one you use when you actually need to know what’s in your data, not the automated sampling mode that checks a fraction and calls it a day.
Let’s do the arithmetic that AWS’s pricing page makes you do yourself:
One full scan of 10TB:
| Line item | Calculation | Cost |
|---|---|---|
| Data scanned (targeted discovery) | 10,000 GB × $1.00/GB | $10,000 |
| Bucket evaluation (est. 25 buckets) | 25 × $0.10/month | $2.50 |
| Object monitoring (est. 10M objects) | 100 × $0.01/100K | $1.00 |
| Total for one scan | $10,003.50 |
Ten thousand dollars. For one scan. And you don’t know when it’ll finish.
That’s not an exaggeration. Macie doesn’t give you an estimated completion time. You submit a job, and it runs when it runs. AWS controls the scheduling, the throttling, the resource allocation. A 10TB targeted scan? Could be days. Could be weeks. No SLA, no progress bar you can trust, and no way to pay more to speed it up.
If you’re scanning because a breach just happened and you have 72 hours to tell regulators what was exposed, “it finishes when it finishes” doesn’t work.
But here’s where the cost gets worse — nobody scans once.
Quarterly scanning (the bare minimum for most compliance frameworks):
$10,003.50 × 4 = $40,014 per year
Monthly scanning (what your auditor actually wants to see):
$10,003.50 × 12 = $120,042 per year
And there’s a detail buried in the AWS documentation that most teams don’t discover until it’s too late: Macie has a default quota of 5TB per account for targeted discovery jobs. Your 10TB scan? It’ll hit that ceiling halfway through and pause. You need to file a support request to increase the limit past 25TB. That’s not a billing issue — it’s an operational one. Your compliance scan just stopped in the middle, and now you’re waiting on AWS support to let you finish paying them.
Read that again. You have to ask permission to spend more money.
Risk Finder: The Flat-Rate Math
Risk Finder charges a flat rate starting at $299 per month per scanner. Scan 1TB, scan 100TB — same price.
The bigger difference: you control when it finishes.
Risk Finder scales horizontally. Need results faster? Add capacity. Shorter deadline means more parallel scanning, which costs more that month — but you get predictable completion times.
Here’s what a full 10TB scan costs at different deadlines:
| Your deadline | Scanners | Approximate monthly cost | vs. Macie’s $10,004 |
|---|---|---|---|
| Routine (weeks) | 1 | ~$299 | 97% cheaper |
| 2 weeks | 4 | ~$1,200 | 88% cheaper |
| 1 week | 8 | ~$2,400 | 76% cheaper |
| 72 hours (GDPR deadline) | 18 | ~$5,400 | 46% cheaper |
Even the most urgent scenario — 72-hour GDPR sprint — costs roughly half of one Macie scan. And you actually know it’ll finish on time.
For tighter deadlines, yes, the cost goes up. That’s the trade-off. But you get to make that trade-off. With Macie, there’s no “urgent” tier. You submit a job and hope.
The typical scenario:
Most teams run routine monthly compliance scans. The math is simple:
| Line item | Calculation | Cost |
|---|---|---|
| Risk Finder | $299/month flat | $299 |
| Total for monthly scanning | $299/month |
Quarterly scanning? Already included. $299/month means you can scan every day if you want. The meter doesn’t move.
Annual cost: $299 × 12 = $3,588 per year
No quotas. No support tickets to increase limits. No surprise bills. And you actually know when it’ll be done.
Side by Side
Cost comparison (routine monthly scanning):
| Scenario | AWS Macie | Risk Finder | You save |
|---|---|---|---|
| Single scan (10TB) | $10,004 | $299 | $9,705 (97%) |
| Quarterly scanning (annual) | $40,014 | $3,588 | $36,426 (91%) |
| Monthly scanning (annual) | $120,042 | $3,588 | $116,454 (97%) |
Time comparison (10TB scan):
| AWS Macie | Risk Finder | |
|---|---|---|
| Estimated completion | Unknown | Predictable |
| Can you speed it up? | No | Yes |
| 72-hour GDPR deadline feasible? | No guarantee | Yes |
| Progress visibility | Limited | Full |
$116,454 per year in savings. That’s an engineer’s salary. At most startups, that’s the entire security tool budget.
In an emergency — full 10TB scan, regulatory deadline breathing down your neck — Risk Finder gives you options. Macie gives you a support ticket.
The Costs That Don’t Show Up on the Invoice
The numbers above are just what you pay AWS or us. There’s more.
Coverage gaps. When scanning costs $1/GB, teams make rational but dangerous decisions. They scan production but skip staging. They scan this quarter’s data but not the 2019 archive. They scan the database exports but not the Docker containers that might have cached copies of customer records. Every gigabyte skipped is a gigabyte of unknown risk.
Flat-rate removes the excuse. Scan the archive. Scan the forgotten dev bucket. Scan the container image that intern built two years ago. It costs the same.
Frequency trade-offs. Compliance isn’t a snapshot. Data changes constantly. Someone copies production to a test environment “just for a minute.” Per-GB pricing forces you to choose between scanning frequently or scanning thoroughly. You can’t afford both.
Flat pricing means you can scan everything, every month, and still spend less per year than one Macie scan costs. Want to run incremental scans because your team is constantly changing files? Go ahead. You’re not going to get hit with a surprise bill at the end of the month. That flexibility to scan anywhere, anytime, without watching a meter — that’s the point.
”But We’re Already on AWS”
Fair point. If your data lives in S3, Macie is right there. No deployment, no Docker container, no new vendor to vet. That’s convenient.
But that convenience costs $1/GB and comes with zero control over timing.
Risk Finder asks you to pull a Docker image and run a command. Five minutes. Do it on your AWS infrastructure if you want — your data never leaves your environment. It runs locally, scans locally, outputs metadata. No data exfiltration risk.
And when you’re up against a deadline — breach notification, M&A close, board meeting Thursday — you can scale up and hit it. Try asking AWS to speed up Macie. The support ticket will outlast the deadline.
Five minutes of setup. $116,000 a year in savings. Predictable timelines. That’s the trade.
What 10TB of Scanning Actually Finds
Numbers are abstract. Here’s what’s concrete.
A 10TB scan with Risk Finder typically surfaces: thousands of Social Security Numbers in PDFs that were supposed to be redacted but weren’t. Credit card numbers in log files that should have been masked at the app layer. Medical record numbers in CSV exports that compliance thought were purged three migrations ago. Driver’s license images in a shared drive that “nobody uses anymore.”
Every one of those is a breach notification waiting to happen. And every one was invisible before the scan.
With Macie’s per-GB pricing, most companies only discover this stuff after the breach — when the cost is measured in legal fees, not gigabytes.
What This Comes Down To
Per-GB pricing is a perverse incentive. The more thorough you want to be, the more you pay. That rewards scanning less. It rewards skipping corners. It rewards the exact behavior that leads to breaches.
Flat-rate flips that. Scan everything, pay the same. Be paranoid. Check the forgotten bucket. Run the scan again next week.
Your security tool shouldn’t punish you for doing your job well.
→ See what Risk Finder finds in your data. Start a 7-day free trial at inspect-data.com/pricing — no quota limits, no per-GB surprises.
All AWS Macie pricing based on publicly available rates at aws.amazon.com/macie/pricing as of early 2026. Risk Finder pricing reflects current published rates at inspect-data.com/pricing. Your actual costs may vary based on data composition, region, and scanning configuration.