There are two different deployment modes for deploying Orca. Of the two modes, the regular SaaS deployment mode is usually recommended as it is easier to maintain, and doesn't incur the additional cost of hosting VMs within the customer's environment for the SideScanners.
Option 1: SaaS deployment (Default)
This option is the standard mode of deployment. We recommend this deployment mode for most applications. When choosing this deployment mode, SideScanning is delivered completely by Orca. The only resource that is created on the target account are snapshots, and they are created only for a very short period of time and are then deleted. Because all of the services are provided by Orca, on-boarding and maintenance is the easiest in this mode.
In the SaaS deployment mode, the data is processed in the same region as the target host and analyzed by the SideScanner that is hosted on the Orca Account for that region. Only metadata from the SideScanner to Orca is sent to the Orca back-end. The data is analyzed and alerts are created on the back-end. The SaaS deployment mode has an option for geo-restriction to US or EU.
Option 2: In-Account deployment (Orca Pod)
In-Account deployment is also sometimes referred to as deploying an Orca Pod. This deployment method allows the Orca SideScanner to run inside your AWS/Azure/GCP account. In this deployment mode, the Orca SaaS will generate ephemeral scanners (VMs) inside your cloud service provider account that will be able to perform the same actions as the SaaS deployment mode except that the scanners are logically hosted inside the customer account.
In this deployment mode, all of your raw data is processed inside of your account. The Orca SaaS scanner is not granted access to raw data, i.e. VMs, storage buckets, etc.). The SideScanner only sends metadata to the Orca Security Platform back-end, which analyzes the metadata, correlates it to assets and alerts, and produces a picture of the security posture of the account.
This deployment mode gives more visibility on the Orca scanning process to the customer, at the expense of higher operational and maintenance costs, as the customer is paying for the VMs that host the SideScanning process and the process is slightly more complex.