How Cloud Storage Fees Can Make You More Vulnerable to Cyber Attacks

Security often comes at a price, a reality that is felt acutely with hyperscale cloud storage where charges for data security countermeasures can add up—sometimes to the point where enterprises elect to go without, suffering risk exposure as a result.

Where do these variable fees come from, what are they for, and how do they create a disincentive to apply data security countermeasures? Let’s begin with the data.

The impact of fees on cloud storage budgets

The 2025 Wasabi Cloud Storage Index, a survey of over 1,500 IT decision-makers, found that 62% of organizations exceeded their budgeted spend for cloud object storage last year due to additional fees beyond simple storage capacity. These cloud storage fees, typically based on usage, arise for nearly every type of data access and management operation, including API requests, transport, replication, egress, and more. At first glance, these fees appear low—just a fraction of a penny per 1,000 API requests, for example—but for enterprises that routinely store millions, if not tens of millions of objects, a simple but business-critical task such as verifying and testing your backups can add thousands of dollars to your monthly bill.

The impact of fees on security practices

In the same survey, nearly all (99%) respondents stated that using public cloud storage helps increase their security posture. Yet, fewer than half (47%) use Object Lock today. This feature “locks” objects or storage buckets by creating a Write Once, Read Many (WORM) storage architecture. It’s a baseline immutability feature that prevents objects from being deleted or overwritten for a specified period of time—an essential tool in the fight against ransomware.

What’s going on? Could excessive costs be a factor? While hyperscale services like AWS don’t charge you to turn on Object Lock, multiple API operations are required to enable and maintain locked objects and their associated retention and lifecycle policies—and these API requests do come with a cost.

As a result, backup applications that frequently utilize object lock can generate a significant number of related API operations, like PutObjectRetention, GetObjectVersion, or GetBucketObjectLockConfiguration, all of which can add up to a price tag that is nearly half the cost of your total storage capacity!

The hidden costs of data backup

Utilizing cloud object storage for backup is fundamental to many cyber-resilience strategies, but here, too, data access fees can fun afoul of your budget. How? Popular backup software solutions like Veeam, Rubrik, and Commvault don’t just upload data and then “set it and forget it,” they also:

• Regularly verify backups: These applications routinely LIST objects in your bucket to ensure that every backup file is still there.

• Perform metadata checks: Operations like HEAD object requests (to check timestamps or version details) are run frequently.

Furthermore, many organizations test and validate their backups weekly or biweekly—that’s 4-8 additional full checks per month. To demonstrate how quickly these fees can add up, our chart includes LIST and HEAD request fees for just 1 full check. Multiply that figure by the number of times you validate your own backups in a given month to get a better idea where your money is going.

Do the fees make you less secure? No, not on their own. However, if budget constraints force you to perform fewer backup tests, then your risk exposure starts to go up, and you run the risk of not having the most recent data to restore in the event of a cyber attack. Your preparedness decreases, all because it was too expensive to prepare in the first place.

Wasabi’s solution

We believe security shouldn’t be a surcharge—it’s integral to your organization’s cloud storage strategy.

Wasabi doesn’t charge for Object Lock or Object Lock-related features like setting and updating retention periods, or for any API requests or security features. Why should you pay extra to ensure your data is protected? Wasabi gives you the freedom to test, restore, and validate your backups so that you’re always ready to recover.