This document explains Security Command Center pricing details.
If you pay in a currency other than USD, the prices listed in your currency on Cloud Platform SKUs apply.
Pricing overview
When you use Security Command Center Premium or Standard tier, you might be charged for the following:
- Any costs associated with the Security Command Center tier you select, as described later on this page.
- Any costs associated with additional paid scanners like Cloud Data Loss Prevention (Cloud DLP) or a third-party partner scanner to add data to Security Command Center. You will be billed by the scanner provider based on their usage fees.
- Any App Engine costs associated with using Web Security Scanner, as described later on this page.
Security Command Center tier pricing
Security Command Center pricing is based on the Security Command Center tier that you select:
Tier details |
---|
Standard tier features
|
The Premium tier includes all Standard tier features and adds the following:
|
Standard tier pricing
Security Command Center Standard tier is free of charge.
Premium tier pricing
Security Command Center Premium tier is available as either a one year or multi-year fixed price subscription. The annual cost of the subscription is 5% of the larger of:
- Your committed annual Google Cloud spend; or
- Your actual annual current annualized Google Cloud spend.
There is a minimum annual cost of $25,000. You can attach the Security Command Center Premium tier subscription to your new commit deals, or add-on Security Command Center Premium to an existing commit deal. In both cases, the Security Command Center Premium tier subscription is co-terminus with your commit deal. The subscription is billed monthly over the term of the subscription.
For specific details, contact your sales representative.
Premium tier pricing examples
Following are examples of Security Command Center Premium tier subscription costs:
Based on commit deal
If you have a multi-year commit deal structured at:
- Year 1 at $1 million
- Year 2 at $2 milion
- Year 3 at $4 million
Then your Security Command Center Premium tier fixed price would be:
- Year 1 at $50,000
- Year 2 at $100,000
- Year 3 at $200,000
In the preceding scenario, even if your annual spend on Google Cloud in year one was actually $1.2 million, the Security Command Center Premium charges for that year would still be fixed at $4,167 per month, or $50,000 total.
Your total cost for the preceding multi-year deal would be $350,000. Even if your usage during the three year term goes above the commit, your total Security Command Center Premium tier costs during the three year commit will still be $350,000.
When current annual spend rate is greater than your existing commit deal
If you have a multi-year commit deal structured at:
- Year 1 at $1 million
- Year 2 at $2 milion
- Year 3 at $4 million
but currently in year 1 your annual spend rate is $1.5M, then your Security Command Center Premium tier fixed price would be:
- Year 1 at $75,000 (since $1.5 million annual spend rate is higher than your $1 million commit
- Year 2 at $100,000
- Year 3 at $200,000
In the preceding scenario, even if, after subscribing to Security Command Center Premium tier, your actual spend on Google Cloud in year 1 grew even higher to $1.9 million, the Security Command Center Premium tier charges for that year would still be fixed at $6,250 per month, or $75,000 total.
Your total cost for the preceding multi-year deal would be $375,000. Even if your usage during the 3 year term goes above the commit, your total Security Command Center Premium tier costs during the 3 year commit will still be $375,000.
Security Command Center Premium tier pricing not based on log consumption or usage
When you subscribe to the Security Command Center Premium tier, all of the processing of required log data for Event Threat Detection in your organization is included. You won't be charged based on the volumes of log data consumed.
Related charges that are the side effect of using SCC Premium
The Security Command Center Premium tier includes setup of Web Security Scanner autoscans, however, the operation of these autoscans could impact the following:
- App Engine, Compute Engine, and GKE instance quota limits, and bandwidth (traffic) charges.
- Quotas for API calls to App Engine services like mail and search, and Compute Engine and GKE services.
The actual amount of traffic generated from a scan depends on the application and the number of URLs, event handlers, forms, and parameters.
Web Security Scanner is optimized to keep traffic to a minimum. By default, the scan rate is throttled to approximately 15 queries per second (QPS), with slight variations in the rate due to the asynchronous nature of many web applications. Currently, a large scan stops after 100,000 test requests, not including requests related to site crawling. Site crawling requests are not capped.
Legacy pricing
Expand the following section for information about the pricing that applies if you haven't migrated to the Security Command Center Premium or Standard tier.
Web Security Scanner pricing
While managed capabilities of Web Security Scanner are only included as part of Security Command Center Premium, and there is no direct charge for using Web Security Scanner. However, you might incur indirect charges when using Web Security Scanner.
Using Web Security Scanner impacts App Engine instance quota limits, bandwidth (traffic) charges, and quotas for API calls to App Engine services like mail and search. The actual amount of traffic generated from a scan depends on the application and the number of URLs, event handlers, forms, and parameters.
Web Security Scanner is optimized to keep traffic to a minimum. By default, the scan rate is throttled to approximately 15 queries per second (QPS), with slight variations in the rate due to the asynchronous nature of many web applications. Currently, a large scan stops after 100,000 test requests, not including requests related to site crawling. Site crawling requests are not capped.