Comparison of Varonis On-Prem and Varonis SaaS and Why Varonis SaaS is More Cost Effective
Author: Laurence Everitt
Release Date: 07/05/2025
The Varonis SaaS has fewer third party licensing costs, is cheaper and quicker to install, easier to use, automates the important workflows, includes most of what people want, keeps your data inside of your walls, has a bundled proactive incident response service, is cheaper to run and cuts out much of what I like to do: consultancy!
What is the Varonis platform?
Varonis is a comprehensive data security platform that delivers unparalleled visibility, control, and protection for your organisation's most valuable asset: its data. With Varonis, you can confidently monitor, manage, and secure sensitive information across diverse platforms, including file servers, cloud storage, and collaboration tools.
Key Benefits:
- Uncover and Classify Your Data: Identify and categorise sensitive data, ensuring that it's properly protected.
- Manage Access and Permissions: Implement granular access controls to prevent unauthorised data access.
- Detect Insider Threats and Anomalies: Leverage user behavior analytics (UBA) to spot suspicious activity and potential threats.
- Respond Swiftly to Security Incidents: Detect and respond to threats in real time, minimising the impact of data breaches.
- Achieve and Maintain Compliance: Simplify compliance with data protection regulations and industry standards.
- Automate Data Remediation: Streamline data management processes to reduce risk and improve efficiency.
Varonis seamlessly integrates with your existing infrastructure, including Microsoft 365, Windows file servers, SharePoint, SharePoint Online, OneDrive, NAS devices, and cloud storage providers. Join the countless organizations that trust Varonis to secure their data, mitigate insider threats, and achieve regulatory compliance.
Why Do I Like Varonis Self-Hosted?
Varonis Self-Hosted (historically Varonis DataAdvantage) has been my bread and butter for the last 8 years and it is extremely good at finding and countering customers' weak points in their unstructured data storage and if customers do not have the manpower to implement and maintain it, then this can mean valuable consultancy - work for me! However, we have a new kid on the block - Varonis SaaS and it upsets me quite a bit. There are lots of reasons why consultancies prefer Varonis Self-Hosted over Varonis SaaS and why customers will enjoy SaaS:
Third Party Licensing and Maintenance Costs
With Varonis Self-Hosted, the third party license and maintenance costs can be quite high - the customer will need to license, install and maintain patching on:
- One-or-more based Apache Solr servers
- One-or-more Microsoft SQL Servers (Standard or above, depending on your situation - remember the license costs?),
- One Varonis DSP Server and
- One Collector server per Data Centre
Below is an illustration of a typical production Varonis Self-Hosted environment:
Yes, it is true that the SQL Server and Collector can be installed on the same server as the DSP, but that is only for non-production or extremely small customers with only a few Varonis functions licensed.
However, the Varonis SaaS infrastructure will usually be implemented with as little as the following, but even then, all of the SaaS services can be run upon one server:
- One Deployment Hub/Privacy Automation Server
- One Collector per Data Centre
This means that Varonis’ footprint within a customer’s infrastructure can be much reduced when comparing a like-for-like system and that is bad news for a consultancy that resells the Microsoft licenses, but good news for the customer.
By the way, people keep on asking me, “Why do I still need a Collector with Varonis SaaS? Why isn’t that subsumed into the Varonis SaaS cloud?” Well, the answer to that question is, all data analysis is performed in the Collector and only metadata, file structure and file classification is sent to Varonis SaaS in the cloud, so their data remains within the customer’s premises.
Implementation Time
There is a difference in consultancy time between Self-Hosted and SaaS. Depending on the readiness of the customer and the speed at which servers and networks can be set up, the implementation time for Varonis Self-Hosted can be as little as 3 days and several weeks of consultancy time. However, for Varonis SaaS, the implementation time can be as little as 2 days, which is again, bad news for me and my consultancy and will be welcome news for the customer.
Operating Costs
As Varonis SaaS is a Software as a Service product, upgrades (which I used to manage for my Varonis Self-Hosted customers) are regularly periodic, are now out of my hands and are looked after by the Varonis SaaS Team. The on-premises elements of the SaaS upgrades are automatically applied from the SaaS systems. Again, this means that the SaaS product reduces costs next to my Legacy Varonis Friend.
Managed Data Detection & Response
Varonis provides a bundled proactive response team service called Managed Data Detection & Response (MDDR) with Varonis SaaS. This team is paid to watch the outputs of my customers’ SaaS alerts 24x7, so that when an incident is found by the system, they look at the output, triage it and then will call the customer’s SoC to call attention to the situation. SaaS wins again.
Automation
One of the many security use cases that Varonis Self-Hosted provides is to surface where my customers’ documents have been over-shared (or perhaps even made global) and facilitate the removal. In order to understand what I mean by this, consider this entirely fictional (but realistic) scenario:
A user called John at Axionate creates a spreadsheet in Sharepoint Online which contains up-coming product prices and then shares it with Susan, James and Bob as a working group. Bob is an external person who works for a reseller.
That’s all okay and above board. Nothing wrong is done at this point. Bob has access to the file and he works with the information and gets ready for the launch.
However, a few months later, Susan’s boss finds the spreadsheet and likes what he sees, but needs it to include the Bill-of-Materials Cost for the company in a presentation to the Board and so he asks for the Bill-of-Materials (BoM) Totals to be added:
The problem with this is that Susan has forgotten that the file was shared with Bob, who gets excited and then downloads the file and then shares it on the Internet. The extremely low Bill-of-Materials information for future products has just been leaked and this may cause problems with some regulatory authorities.
To reduce the possibility of this happening, as a consultant, with the Self-Hosted Varonis DatAdvantage, I can then detect that a stale file has been shared outside of the organisation and then report upon it so that the permission can be removed by the IT department. However, Varonis SaaS goes one further it includes policies out-of-the-box which will find exactly this sort of issue and then remove the permission automatically. Sadly, no specialist knowledge is required to set up SaaS automation - the customer just needs to tell their IT Support that SaaS is deleting permissions for stale documents, in case anyone enquires about the missing permissions (which rarely happens).
Reporting
Varonis Self-Hosted has a very rich library of reports and this is where a lot of my work has resided in the past. There are 300 reports, split into 19 categories of reports and they cover all of the use cases that Varonis is aimed at, after all, Varonis is ALL about reporting, either at high level or at low level. My favourite report template is 4.f.01, which is reporting upon folders and files on the system - out of any version of this report template, many, many use cases can be catered for!
However, Varonis SaaS works differently and splits the reporting into looking at 7 different objects:
- Events
- Alerts
- Resources
- Physical Permissions
- Effective Permissions
- Directory Accounts
- Directory Group Memberships
Varonis SaaS is just too easy to report on and Varonis even include Athena AI, which will provide a report based upon a prompt such as “Please provide a list of all of my documents with global links on them.”
The annoying thing is that you don’t even need to know how to structure the filters, like you had to in Varonis Self-Hosted, to get the right report output! It is just too easy for Varonis SaaS users to get data out of the system.
Do Consultancies Still Have Room in Varonis SaaS?
Varonis SaaS is designed to save its customers money and be easy to use, but many customers do not want to devote time to training and still want to know, “Yes, I can set up this policy, but I also want to exclude this folder from alerting. How do I do it?” That is where we can help - showing the customer the whole of the process and taking them through what we call, “The Varonis Road to Data Security”, and ensure our customers' success.
…but that is the subject of another blog post!
More Resources like this one:
Varonis SaaS Explained:
What is Varonis SaaS | Short Video Series
Varonis and Sensitive Data: Classification, Preparing for AI and SaaS Data | On-Demand Events
