Cloud Sentry
Proof

The $70,000 line item.

A 100-employee company typically spends about $70,000 a year on this stack of tool subscriptions alone, before anyone operates any of it.

This page is the math behind that sentence. Seven subscription categories (one usually rides along inside the compliance platform), three spend scenarios, and a source with a date on every line. It was written to be forwarded.

Prepared July 20267 line items, 3 scenariosUSD, annual

Where the typical year goes

In the typical scenario the tool stack comes to $69,500 a year. Detection and response and compliance automation together carry nearly two thirds of it.

  • Service desk and portal$3,400 · 4.9%
  • Compliance automation$20,000 · 28.8%
  • Risk register and GRC$0 · 0.0%
  • Security awareness training$3,000 · 4.3%
  • Access lifecycle$8,400 · 12.1%
  • Detection and response (MDR)$24,500 · 35.3%
  • Trust center and questionnaire response$10,200 · 14.7%

Shares are rounded to one decimal and may not sum to exactly 100.

Schedule ARef CS/PROOF/2026-07 · Rev A

Annual tool subscription spend, 100-employee baseline

Basis: published list prices and marketplace contract mediansScope: software subscriptions onlyCurrency: USD per yearPrepared: July 2026

Annual tool subscription spend for a 100-employee company across seven categories, with low, typical, and high scenarios in US dollars per year, and the sources behind each line.
LineCategorySources and datesLowTypicalHigh
01Service desk and portalTicketing and a help center for a two-to-four-agent support team.Jira Service Management median actual contract $588 per year (Costbench, July 2026); Freshservice median $3,400 per year (Costbench); high derived from Zendesk Suite Professional at $115 per agent per month for four agents (zendesk.com, July 2026).$588$3,400$6,000
02Compliance automationControl monitoring and evidence collection for SOC 2 and ISO 27001.Vanta median $20,000 per year across 365 recorded purchases (Vendr, fetched July 2026); low anchored to the Secureframe low of $7,733 (Vendr, fetched July 2026); high is the top of the 50-200 employee band with per-framework add-ons.$7,500$20,000$35,000
03Risk register and GRCA living risk register with owners and review dates.Bundled inside the compliance platform at low and typical, though risk management is gated to Vanta's higher tiers (vanta.com/pricing, July 2026), so bundling can force a tier upcharge; high reflects a standalone tool at entry level, about $12,000 per year (estimated, third-party pricing guides).$0$0$12,000
04Security awareness trainingAnnual training campaigns and phishing simulation.KnowBe4 SAT Foundation list price of $1.97 per seat per month at 100 seats (knowbe4.com, May 2026 list); Hoxhunt median $13,625 (Vendr, fetched July 2026).$2,364$3,000$13,625
05Access lifecycleJoiner, mover, and leaver automation across the identity stack.JumpCloud lifecycle at $3 per user per month (jumpcloud.com, July 2026); Microsoft Entra ID Governance at $7 per user per month (microsoft.com); Okta lifecycle plus governance at about $14 per user per month (published list, April 2026).$3,600$8,400$16,800
06Detection and response (MDR)Managed detection and response across endpoints.Huntress direct at $8.99 per endpoint per month (June 2026); lowest verified Arctic Wolf transaction $24,469 per year (Vendr, fetched July 2026); about $50,000 for a foundational 100-endpoint concierge package (Netrix, October 2025).$10,788$24,500$50,000
07Trust center and questionnaire responsePublishing a security profile and answering customer questionnaires.Free publishing tiers exist (Conveyor and Whistic); HyperComply median $10,200 per year (Vendr, fetched July 2026); SecurityPal concierge median $33,000 per year (Vendr, fetched July 2026).$0$10,200$33,000
Total, tool subscriptions$24,840$69,500$166,425
Rounded for prose$24.8K$69.5K$166.4K

Contract medians courtesy of Vendr marketplace data, fetched July 2026. Vendr medians describe negotiated contracts across many buyer sizes, so they can run above what a 100-employee company usually signs; where that skew matters, the low column models beneath the median and the line says so.

Reconciliation to the headline number

The typical column totals $69,500. Everywhere else on this site we round that to about $70,000. Every dollar of it is subscription spend; the people to run these tools are extra.

The low, typical, and high figures are Cloud Sentry estimates built on the anchors cited on each line. Prices drift, so check the dates before you circulate this.

Deliberately excluded from the schedule

These costs sit on top of the subscriptions. We left them out so the baseline stays conservative.

CPA audit fees

The audit is a pass-through, typically $10,000-$50,000 for a Type 2 in this segment. Compliance automation prepares the evidence; the CPA firm that signs the report bills separately.

Advisory and fractional-leadership retainers

The advisor who interprets what the dashboards say, whether fractional security leadership or outside counsel, bills on a separate retainer.

Separately billed assessments

Penetration tests and other point-in-time assessments are quoted and invoiced on their own, outside every subscription above.

Internal time to run the stack

Independent field research puts manual compliance work at twelve working weeks a year (Vanta State of Trust 2025). That time belongs to someone on your payroll.

Internal IT operations labor

Day-to-day administration of endpoints, identities, and tickets assumes staff you already pay. The schedule prices the licenses and none of the hours.

Microsoft 365 and endpoint licensing

Productivity suites and device licensing sit beneath all seven categories and are not counted here.

Cyber insurance

The premium is its own line item and its own renewal; nothing above includes it.

Each exclusion pushes the real number up.

Ship status, stated plainly

How to read this against the platform

Six of the seven categories are absorbed by the platform and its operators today; the risk register runs natively in the platform, with operator review. Security awareness is the seventh: we operate it as part of the service, and the platform module for it is on the roadmap.

The schedule prices one layer of three. Beneath the subscriptions sit the processes they feed: access reviews, evidence collection, questionnaire answers, the tickets themselves. Around them sit the separate relationships: the advisor on retainer, the operator who runs the tools day to day, and the audit-prep engagement before each report.

This page puts no dollar figure on those outer layers. The claim is narrower and it holds on its own: about $70,000 a year goes to the licenses alone.

That is the stack. Nobody in it is accountable for the outcome.

Seven line items, each with its own console, renewal, and vendor who assumes you brought your own staff. Cloud Sentry runs IT, security, and compliance as one function, and the work shows up in one place you can see.

The operated partnership starts with a conversation about what you run today. Send us the renewal invoices and we will rebuild this schedule with your figures before anything gets signed.

Tour the operations platform: the requests, the evidence, and the live status of what the operators run for you.