BYOC Observability: Why Your Data Should Stay in Your Cloud
Shipping telemetry to SaaS vendors costs $0.135/GB minimum in AWS networking fees alone. At 10TB/day, that is $453K/year before the observability subscription. BYOC eliminates this while simplifying compliance.
The cloud egress problem
Every byte you ship to a SaaS observability vendor crosses your cloud's network boundary. AWS, GCP, and Azure all charge for this traffic.
AWS pricing (2025-2026)
| Transfer Type | Cost/GB |
|---|---|
| Internet Egress (first 100GB) | FREE |
| Internet Egress (next 10TB) | $0.09 |
| Internet Egress (next 40TB) | $0.085 |
| NAT Gateway Processing | $0.045 |
| Transit Gateway Processing | $0.02 |
| PrivateLink Data Processing | $0.01 |
GCP pricing
| Transfer Type | Cost/GB |
|---|---|
| Premium Tier Egress (US) | $0.12 |
| Standard Tier Egress | $0.085 |
| Cloud NAT Processing | $0.045 |
Azure pricing
| Transfer Type | Cost/GB |
|---|---|
| Internet Egress (next 10TB, N.America) | $0.087 |
| Cross-AZ (same region) | FREE (as of 2024) |
| VNET Peering | $0.01 |
Real networking cost calculation
For a typical AWS deployment shipping telemetry to a SaaS vendor:
Without Transit Gateway
- NAT Gateway: $0.045/GB
- Internet Egress: $0.09/GB
- Total: $0.135/GB
With Transit Gateway (multi-VPC)
- Transit Gateway: $0.02/GB
- NAT Gateway: $0.045/GB
- Internet Egress: $0.09/GB
- Total: $0.155/GB
Annual costs by volume
| Daily Volume | Monthly | Annual Networking Cost |
|---|---|---|
| 100GB/day | 3TB | ~$5,250 |
| 1TB/day | 30TB | ~$48,600 |
| 10TB/day | 300TB | ~$453,000 |
These are just networking costs. Not the observability subscription. Not the engineering time to optimize sampling. Just AWS charges for moving your data out of your cloud.
How BYOC eliminates these costs
BYOC (Bring Your Own Cloud) observability deploys the entire platform within your cloud account:
- OpenTelemetry collectors run in your VPC
- Kafka buffering happens in your account
- ClickHouse storage uses your cloud resources
- ALBA analytics processes data locally
Data never leaves your cloud boundary. The only traffic that crosses account boundaries is aggregated query results, measured in kilobytes rather than terabytes.
Networking costs drop from $450K+ to essentially zero.
BYOC vendors in the market
| Vendor | BYOC Offering | Notes |
|---|---|---|
| Sampleless | Full BYOC (AWS, GCP, Azure) | Cross-cloud federation, flat pricing |
| Groundcover | Full BYOC | eBPF-based, per-host pricing |
| Grafana Labs | Grafana BYOC | 3-year minimum commitment |
| Chronosphere | Control Plane approach | Being acquired by Palo Alto ($3.35B) |
Data sovereignty and compliance
Beyond cost savings, BYOC dramatically simplifies compliance.
GDPR
Telemetry data often contains personal information:
- IP addresses
- User IDs
- Location data
- Session identifiers
Cross-border transfers require "adequate level of protection." GDPR fines can reach €20 million or 4% of global annual turnover.
BYOC eliminates cross-border transfer concerns. Data stays in your region, under your control.
HIPAA
PHI (Protected Health Information) in telemetry requires BAAs (Business Associate Agreements) with any vendor handling the data.
BYOC keeps PHI in your HIPAA-compliant infrastructure. You already have controls in place. The observability vendor never touches the data.
FedRAMP
Only ~124 providers are FedRAMP authorized as of 2024. If your observability vendor is not on the list, you cannot use them for federal workloads.
BYOC keeps data in your existing FedRAMP boundary. The observability platform does not need separate authorization.
SOC 2
When data stays in your cloud, your existing SOC 2 controls apply. You do not need to add the observability vendor as a subservice organization or extend your audit scope.
Sampleless BYOC architecture
Sampleless deploys a complete observability stack in your cloud account:
- OpenTelemetry Collectors receive traces, metrics, and logs
- Kafka buffers telemetry for parallel processing
- ClickHouse provides columnar storage with 10-20x compression
- ALBA Engine calculates anomaly and risk scores
- Query Federation aggregates results across clouds
For multi-cloud environments, Sampleless deploys independently in each cloud account and federates queries through a central hub. You get a single dashboard across AWS, GCP, and Azure while data stays in each respective cloud.
Frequently asked questions
What is BYOC observability?
BYOC (Bring Your Own Cloud) means the observability platform deploys entirely within your AWS, GCP, or Azure account. Your telemetry data never leaves your cloud environment. Only aggregated query results cross account boundaries.
How much can I save on networking costs with BYOC?
At 10TB/day telemetry volume, networking costs (NAT Gateway + egress) total approximately $453,000/year when shipping to SaaS vendors. BYOC reduces this to essentially zero since data stays in-cloud.
Does BYOC simplify compliance?
Yes. GDPR, HIPAA, FedRAMP, and SOC 2 requirements are significantly simpler when data never leaves your controlled environment. You avoid cross-border transfer concerns, BAA requirements with vendors, and extending audit scope to third parties.
The bottom line
BYOC observability is not just about cost savings, though $450K+/year in networking costs is significant. It is about data sovereignty, compliance simplicity, and eliminating the economic pressure to sample.
When data stays in your cloud, you control it completely. You can collect 100% without egress costs. You simplify compliance without extending audit scope. And you avoid the entire category of networking costs that surprise finance teams.
See BYOC observability in action
We will walk you through the architecture and show you exactly what deploys in your cloud.