惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

aimingoo的专栏
aimingoo的专栏
V
V2EX
G
Google Developers Blog
F
Full Disclosure
Martin Fowler
Martin Fowler
宝玉的分享
宝玉的分享
H
Hacker News: Front Page
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
NISL@THU
NISL@THU
G
GRAHAM CLULEY
V
Vulnerabilities – Threatpost
Hacker News - Newest:
Hacker News - Newest: "LLM"
A
About on SuperTechFans
The Cloudflare Blog
C
Cisco Blogs
D
DataBreaches.Net
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Vercel News
Vercel News
P
Privacy International News Feed
Microsoft Security Blog
Microsoft Security Blog
Help Net Security
Help Net Security
Recorded Future
Recorded Future
PCI Perspectives
PCI Perspectives
S
Schneier on Security
AI
AI
N
News | PayPal Newsroom
雷峰网
雷峰网
C
Cyber Attacks, Cyber Crime and Cyber Security
P
Proofpoint News Feed
The Last Watchdog
The Last Watchdog
L
LINUX DO - 最新话题
Hugging Face - Blog
Hugging Face - Blog
Apple Machine Learning Research
Apple Machine Learning Research
Schneier on Security
Schneier on Security
S
Securelist
云风的 BLOG
云风的 BLOG
Stack Overflow Blog
Stack Overflow Blog
博客园_首页
AWS News Blog
AWS News Blog
TaoSecurity Blog
TaoSecurity Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Recent Commits to openclaw:main
Recent Commits to openclaw:main
博客园 - 三生石上(FineUI控件)
C
CXSECURITY Database RSS Feed - CXSecurity.com
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Cloudbric
Cloudbric
C
Cybersecurity and Infrastructure Security Agency CISA
Project Zero
Project Zero
C
Check Point Blog
S
Security Affairs

Megaport Blog

A Guide to NAT Gateway How the Data Center Is Evolving in 2026 What to Expect When Attending Your First Network Operator Group (NOG) Nine Ways to Connect to Cloud Using Private Connectivity Migrate Your On-premises to the Cloud: A Step-by-Step Guide How to Lower Your Egress Fees in 2026 How to Achieve Data Sovereignty in Europe Cisco and Megaport: Redefining the Edge of Modern Networking How to Reduce Latency in Your Multicloud Environment Introducing Megaport High-Speed Cross-Cloud Encryption Are Businesses Leaving the Cloud? Using Meraki and Megaport Virtual Edge for Multicloud Networking Equinix Metal® is Going Away: Here’s What You Can Do Introducing Megaport On-ramp as a Service Megaport’s Full Solution Portfolio Is Coming to India New Bare-metal GPU Instance Now Available with NVIDIA RTX Pro 6000 A Look Back at 2025: Megaport's Biggest Updates Megaport Expands Into India With Strategic Acquisition of Extreme IX Your 2026 Predictions From AWS re:Invent 2025 What’s Next for NaaS? Top Trends for 2026 What is IPsec? When to Move From Public Internet to Private Connectivity Megaport and Latitude.sh: Bringing Compute and Connectivity Together How to Improve Your Microsoft ExpressRoute Resilience with Megaport Connectivity Comparing Ways to Connect to AWS What is API-First Networking? The Hidden Cost of Running Cloud-Hosted SD-WAN for IaaS How to Overcome NaaS Integration Challenges Introducing SCION with Anapaya and Megaport How You Can Use Network as a Service (NaaS) to Future-Proof Your Network Introducing 400G Ports All the As-a-services, Compared Introducing Megaport IPsec Tunnels High Score: Megaport Hits 1,000 Locations A Guide to Colocation Data Centers Maximizing Peering Through Flow Analysis How to Build Resilient Networks for AI Production Workloads Introducing Packet Filtering on Megaport Cloud Router Building Resilient Government IT: Strategies for Secure, Compliant, and Scalable Connectivity Future-Proofing Government IT: Balancing Innovation, Security, and Sovereignty in a Changing World Telstra Programmable Network Is Being Discontinued. Here’s How to Migrate The Future of WAN Design Depends on Network as a Service (NaaS) Cisco Webex Edge Connect Launches on Megaport Voice and Video Exchange How to Prepare for APRA CPS 230 Regulations Comparing the SD-WAN Licensing Needs of Major Vendors A Guide to Improving Network Performance How Latitude.sh, Wasabi, and Megaport Unlock Cost-Effective Multicloud Four Ways to Connect Your Clouds SD-WAN and MPLS: Weighing the Similarities, Differences, and Benefits What is Network as a Service (NaaS)? How to Arrange Bilateral Peering Sessions Comparing Major SD-WAN Vendors Software Defined Networking in the Healthcare Industry Deploying A Global Network in Minutes With Megaport AWS Direct Connect Gateway (DGW) Data Transfer Outbound Rules Bilateral and Multilateral Peering: What’s the Difference? Multi-Region SD-WAN: Why Megaport SDCI is the Right Choice Microsoft Azure is Going Secure by Default. Are You Ready? Building Production-Ready AI Infrastructure: How Megaport and Vultr Are Solving the Enterprise Challenge Introducing Megaport NAT Gateway A Guide to AWS Security Tools How to Deploy Amazon Bedrock Using AWS Direct Connect and Megaport Azure Private Link, Explained Introducing 100G MCRs Your Questions Answered on Simplifying Hybrid and Multicloud Network Connectivity How to Fix Poor AWS Latency A Look Back at 2024: Megaport’s Biggest Updates Your 2025 Predictions From AWS re:Invent 2024 Six Ways to Get a More Resilient Network in 2025 Multicloud Security: Challenges and Solutions The Real Cost of High Network Latency Why Brazil is Your Key to Unlocking Business Growth in Latin America Why You Need Integrated Network Security Six Key Differences Between Major Cloud Providers How to Automate Your Megaport Infrastructure With APIs Why Italy is Europe’s Next Cloud Expansion Hotspot How to Lower Your Cloud Costs Peering: How Local Is Local? Introducing Megaport AI Exchange Two Scenarios for Hybrid Multicloud Deployment With IBM Cloud and Microsoft Azure How to Connect Equinix and Digital Realty Megaport Enables Microsoft Azure ExpressRoute Metro for More Resilient Network Connectivity Executives, Here’s What Your Network Team Wants You to Know Easy Ways to Interconnect Your Network The Role of the Data Center in Your Network 100G VXC Expansion: Now Available From 597 Data Centers Worldwide Top 10 How-To Guides To Improve Your Network Comparing Encryption in Transit Options A Sustainable Business Strategy Starts With Your Network Solutions to Common API Issues With Megaport Transforming Financial Connectivity: Introducing Megaport Financial Services Exchange (FSX) Megaport Enhancing Connectivity in Adelaide Megaport’s Latest Portal Features and Functionalities Automate Your Network Deployments With The New Megaport Terraform Provider A Recap of the Megaport World Tour 2024 Top 5 Cloud and Networking Announcements From Cisco Live 2024 Megaport Enhancing Connectivity in Canberra AWS PrivateLink, Explained How Megaport and Wasabi Are Simplifying Cloud Storage Megaport Launches First AWS Direct Connect Network Service Offering on AWS Marketplace
A Guide to Cloud Storage
Matt Madawi · 2026-04-01 · via Megaport Blog

By Matt Madawi, Solutions Architect

Learn about cloud storage tiers, costs, performance, and security best practices to optimize your cloud storage and reduce egress fees.

Table of Contents

Types of cloud storage

Cloud storage comes in several types, each suited to different use cases based on how frequently data is accessed and how it’s organized. The four primary types are object storage, file storage, block storage, and cloud file systems.

  • Object storage is ideal for storing large amounts of unstructured data like images, videos, or backups. It scales easily and is typically used for long-term storage (and as the most popular storage type, it’s what we primarily focus on in this blog).
  • File storage organizes data in a hierarchical file system and is best for applications requiring shared access, such as content management or legacy systems.
  • Block storage provides raw storage volumes and is often used for databases and virtual machines, offering high performance and low-latency access.
  • Cloud file systems combine the benefits of traditional file systems with cloud scalability, integrating shared applications across multiple users.

For more detailed information on these storage types and when to use each, check out our blog on the four types of cloud storage.

Types of storage tiers

The major cloud providers—AWS, Azure, GCP, and OCI—all offer a tiered structure for their Object Storage services (S3, Blob Storage, Cloud Storage, and Object Storage, respectively). These tiers are designed to help you optimize costs based on how often you access your data, and how quickly you need to retrieve it. Understanding them is crucial for selecting the right storage solution for your business needs.

The difference between hot, warm, cold, and archive storage

In cloud computing, the “temperature” of storage—Hot, Warm, Cold, and Archive—refers to how often you need to access your data.

Think of it as a trade-off: the more frequently you need to touch the data, the more you pay for storage but the less you pay for access. Conversely, the less you touch it, the cheaper it is to store, but the more expensive (and slower) it is to access.

Here’s a breakdown of the common tiers you’ll encounter.

Hot/Standard Tier (frequent access)

The Hot or Standard tier is designed for your frequently accessed data. It’s best suited for active workloads, such as live data or applications that need to retrieve data with low latency. This tier offers the fastest retrieval times, but typically comes with a higher cost compared to other tiers.

Provider

Tier name

Best for

Key characteristics

AWS

S3 Standard

Active workloads, dynamic websites, content distribution, data lakes, frequently accessed data.

Highest cost per GB, but no retrieval fees and latency of milliseconds.

Azure

Hot Access Tier

Data in active use, frequent read/write operations.

Highest storage costs, but lowest access and transaction costs (low-latency).

GCP

Standard Storage

"Hot" data, streaming videos, and mobile applications.

Highest storage cost, but no retrieval fees and latency of milliseconds.

OCI

Standard Tier

Primary, default storage for high-performance, frequently accessed data.

Highest storage cost, but no retrieval fees.

Cool/Infrequent Access Tier (infrequent access)

For data that is accessed less frequently, the Cool tier provides a more cost-effective solution. While this tier is still accessible when needed, it’s optimized for occasional data retrieval.

Provider

Tier name

Best for

Key characteristics

AWS

S3 Standard-IA

Disaster recovery files, long-term backups.

Lower storage cost than Standard, but incurs a retrieval fee for data access. Latency of milliseconds.

Azure

Cool Access Tier

Short-term backups, archives, infrequently accessed business data.

Lower storage costs, but higher access/transaction costs. Minimum 30-day retention.

GCP

Nearline Storage

Data accessed at most once a month.

Lower storage cost, but incurs a retrieval fee. Minimum 30-day storage duration.

OCI

Infrequent Access

Data accessed less often than the Standard Tier.

Cheaper storage than Standard, but incurs a retrieval fee. Minimum 31-day retention.

Archive/Cold Tier (long-term storage)

Data that needs to be stored for long periods but isn’t frequently accessed fits well in the Archive/Cold tier. It offers significant cost savings but slower retrieval times that can take hours.

Provider

Tier Name

Best For

Retrieval Time

AWS

S3 Glacier Instant Retrieval

Data accessed once a quarter.

Retrieval in milliseconds.

S3 Glacier Flexible Retrieval

Data accessed 1-2 times per year.

Retrieval options from minutes to hours.

S3 Glacier Deep Archive

Long-term digital preservation and regulatory compliance. Lowest cost.

Retrieval in hours (e.g., 12 hours).

Azure

Cold Access Tier

Online tier for rarely accessed data. Minimum 90-day retention.

Retrieval in milliseconds.

Archive Tier

Data rarely accessed, with flexible latency requirements.

Retrieval in hours (must be rehydrated to a hotter tier first). Minimum 180-day retention.

GCP

Coldline Storage

Data accessed at most once a quarter. Minimum 90-day storage duration.

Retrieval fee applies. Low latency.

Archive Storage

Data accessed less than once a year. Lowest cost. Minimum 365-day storage duration.

Retrieval fee applies. Low latency.

OCI

Archive Tier

Long-term data retention and compliance archives. Lowest cost.

Data is offline and must be restored (rehydrated) before access. Restoration takes at most an hour. Minimum 90-day retention.

Intelligent/Smart Tier (automated)

Providers offer Intelligent or Smart tiering for data that might move between usage patterns over time. These services automatically move data between the Hot and Cool tiers based on actual access patterns, optimizing storage costs.

Examples include:

  • AWS: S3 Intelligent-Tiering
  • Azure: Smart Tier
  • GCP: Autoclass
  • OCI: Auto-Tiering.

The difference between file, block, and object storage

File, block, and object storage refer to how the data is structured and organized. You can compare this to the storage of physical items: a filing cabinet (file), a set of numbered shipping crates (block), or a massive warehouse where every item has a unique barcode and a description tag (object).

Which one to use

Choosing between file, block, and object storage depends on who (or what) is accessing the data and how fast it needs to be.

File storage is designed for human organization and multiple systems that need to “share” the same folder, e.g. shared office folders, content management or legacy applications (many older applications are hard-coded to look for a specific file path).

Block storage is the “rawest” form of storage. It behaves like a physical hard drive plugged directly into a server, making it ideal for databases, virtual machine (VM) disks, or transactional apps.

Object storage is built for the modern web. It doesn’t care how the data is organized; it cares about IDs and metadata, e.g. public assets, backups and archives (standard for long-term “cold” storage), and data lakes for AI.

How to achieve high-performance cloud storage

Achieving low-latency cloud storage isn’t just about the speed of the storage tier itself. It’s also a balance between two key factors: disk speed (the storage tier you choose) and the network pipe (how the data reaches you).

For example, if you’re using fast, low-latency Hot storage but accessing it over a congested public internet connection, your network can quickly become a performance bottleneck. As traffic competes for bandwidth, it not only slows down your data retrieval but also impacts other applications running on the same connection, resulting in the denial of your own services.

On the other hand, if you use a high-speed private fiber link to access slower Archive-tier storage, your network is essentially “waiting” for the storage to catch up. Even with a fast network connection, the slower retrieval times of the Archive tier will be your limiting factor, creating delays.

To optimize performance, it’s important to consider both your storage tier and network architecture to ensure they work together seamlessly.

How to reduce latency for cloud storage access

Reducing latency when accessing cloud storage involves minimizing both the number of hops and the processing time between your resources. To achieve this, it’s essential to leverage regional cloud services that are close to your compute resources, ensuring that data travels a shorter path.

Additionally, connecting your cloud storage via private connections can further reduce latency. Cloud solutions like Direct Connect (AWS), ExpressRoute (Azure), VLAN Interconnect (GCP), and FastConnect (OCI)—and Network as a Service solutions like Megaport—provide dedicated, high-performance links that bypass the public internet. Used end to end, these links reduce latency and provide more consistent and reliable data access, so going private should be a priority when optimizing your storage performance.

Where cloud storage costs come from

Cloud providers typically offer free incoming data (ingress), but charge for outgoing data (egress) and accessing data in colder storage tiers.

When retrieving data from the cloud, you often pay for two separate fees:

1. Retrieval fee (storage fee)

This fee applies when you access data in Cold or Archive tiers. Providers charge you for the effort of “rehydrating” or reading data that is meant to remain idle.

For example:

  • Pulling 1TB from Hot storage could cost around $90 in network fees.
  • Pulling that same 1TB from Archive storage could cost $140+ ($90 for the network transfer + $50 for retrieval).

2. Egress fee (network fee)

Egress fees are for moving data from the cloud provider’s data center to your location. Most providers offer a free tier for the first 100 GB of egress each month. Beyond that, costs apply.

  • Private egress is approximately 70% cheaper than public internet egress.
  • For instance, moving 1TB via private egress could cost around $20, whereas internet egress for the same amount would cost about $80 (example: AWS S3).

Hidden costs that can lead to surprise bills

Cloud storage pricing is often likened to the “Hotel California” model: It’s free to check in your data (ingress), but getting it out—or even accessing it once it’s stored—can become unexpectedly expensive.

These surprise costs are driven by two main factors:

  1. Data egress fees: These fees are charged when you move data out of the cloud or even between different regions. The more data you transfer, the more it costs, and these fees can quickly add up if you’re not careful.
  2. API request fees: Providers charge you for every command your software performs, such as reading, writing, or listing files. Even seemingly small operations can lead to significant costs, particularly if your applications are making frequent requests.

Additionally, unexpected “ghost” bills can appear in the form of:

  • Early deletion penalties: If you delete data from colder storage tiers before the required retention period expires, you could incur additional fees.
  • Data bloat: The hidden accumulation of unnecessary data, like old versions or snapshots, can increase your storage usage without you realizing it.

Understanding transfer fees across regions and clouds

When transferring data between regions within the same cloud provider (e.g. from Azure East US to Azure West US), staying within the provider’s private backbone typically costs around $0.01 to $0.02 per GB. However, these costs can spike when the data crosses continental borders. For instance, moving data from North America to Asia could cost between $0.08 and $0.12 per GB.

When transferring data between different cloud providers (e.g. from AWS to Azure), the cost is treated as internet egress. The standard rates for this type of transfer generally range from $0.08 to $0.12 per GB after the first 100 GB (which most providers now offer for free).

For example, if you replicate a 10TB database from AWS to Google Cloud every month, you could face egress fees of around $800 to $900 just for the data transfer – and you still need to factor in the storage costs on your destination cloud.

Understanding these cross-region and cross-cloud transfer fees is essential for managing costs and avoiding unexpected expenses when moving large amounts of data.

How to reduce egress fees

To reduce excessive egress fees, private egress is a highly effective solution. Using private connectivity options like Direct Connect (AWS), ExpressRoute (Azure), VLAN Interconnect (GCP), and FastConnect (OCI) can save you up to 70% compared to standard internet-based egress.

Megaport optimizes this by providing private connectivity between clouds, helping you take advantage of these significant savings. Megaport Cloud Router (MCR) enables seamless cloud-to-cloud communication and allows dynamic routing via Border Gateway Protocol (BGP). This lets you efficiently manage and advertise your routes, helping you reduce egress costs.

Learn more ways to lower your cloud costs.

Below is a best-practice “cloud only” design, but we also have other reference diagrams to meet any use case.

Cloud-only design with Megaport
Cloud-only design with Megaport

How to keep your cloud storage secure

Cloud storage presents a broad range of security risks, from basic user errors (like unintentionally making a private repository public) to more complex identity-based attacks targeting overprivileged accounts or unmanaged machine identities.

To protect against these threats, businesses should adopt a Zero Trust security model. This approach enforces multi-factor authentication and adheres to the principle of least privilege, ensuring that users and systems only have access to the resources they absolutely need, minimizing exposure in the event of a breach.

In addition to access controls, organizations should encrypt all data end to end (in transit and at rest) to protect it from unauthorized access. Lastly, maintaining immutable backups is crucial, as they act as a last line of defense against accidental deletions and the rising threat of cloud-specific ransomware.

By implementing these security practices, businesses can significantly reduce the risks associated with cloud storage and ensure their data remains protected.

The security trade-off of hot vs cold storage

Choosing between cold and hot storage involves balancing accessibility with long-term data integrity. While both storage types typically use standard AES-256 encryption, they each come with unique security implications.

Hot storage offers quick access to your data but may expose it to more frequent access risks, including the potential loss of encryption keys as can happen with AES-256. Cold storage, on the other hand, enhances security through “rehydration” latency – the time it takes to move data from cold storage to a hotter tier. This delay, which can span hours, provides a natural buffer that can help security teams detect and prevent unauthorized data exfiltration before it happens.

Thus, while hot storage prioritizes faster access, cold storage offers additional time for monitoring and defense, making them a more secure option for long-term, infrequently accessed data.

Why you should use private connectivity for your cloud storage

Improved security

Private connectivity enhances cloud storage security by removing your resources from the public internet. This effectively reduces the risk of accidental exposure due to misconfigurations, and protects against internet-based threats like botnets or DDoS attacks.

By assigning your storage a private IP address within your virtual network, you can enforce granular access controls to prevent unauthorized data access and exfiltration. This isolation keeps your sensitive data in a controlled environment, making it easier to comply with regulatory requirements and protecting long-term data integrity.

Better performance

Architecting your cloud storage with private connectivity not only strengthens security but also significantly improves performance. By routing data through dedicated, isolated paths, you reduce latency and avoid the congestion of the public internet, resulting in a more efficient network.

This setup also gives you more consistent, immediate access to your data, while private endpoints allow you to enforce granular security policies and prevent unauthorized data movement. Plus, by keeping your sensitive data off the public internet, private connectivity simplifies compliance and protects your data integrity.

Private connectivity with Megaport

Megaport makes managing cloud storage easier, faster, and more secure. Our private connectivity solutions reduce latency, lower egress costs, and keep your data safe by keeping it off the public internet.

Our platform lets you quickly set up secure, dedicated connections across our massive global ecosystem on demand, ensuring your storage performs at its best while reducing costs.

Get more cloud tips and guides in our blog.