Light Reading

Cloud Providers: Beware DDoS Domino Effect

Tom Bienkowski
7/7/2014
50%
50%

In this day and age, almost every organization is using the Internet as a platform for business as they realize the benefit of outsourcing online operations such as websites, storage, e-commerce, email, and domain name system (DNS). It makes sense because it allows them to focus more on the core business. It also brings about lower costs and requires fewer internal resources. As such, cloud and hosting providers are experiencing significant growth as they meet this market demand. But with this increase in growth comes a proportional increase in risk.

With the proliferation of cyber threat and "hacktivist" movements, any organization can be the target of a cyber attack, specifically distributed denial-of-service (DDoS) attacks. These days, they are occurring daily because of botnet-for-hire services that charge as little as $2 an hour. However, hosting providers incur a higher risk of being the targets of DDoS attacks than other businesses operating online. Why? They aggregate the risk of all their customers.

The Wikipedia definition of the "domino effect" is a chain reaction that occurs when a small change causes a similar change nearby, which then causes another similar change, and so on in linear sequence. The term is used as an analogy to a falling row of dominoes.

A DDoS attack on one hosting customer can potentially take down the entire operation because they all share the same network infrastructure. In the same way cloud hosting providers pool resources such as bandwidth and storage for their customers, they also pool the aggregated risk of all their customers.

Due to the multi-tenancy nature of cloud-based data centers, a volumetric DDoS attack against one tenant can lead to a domino effect of service outages. Imagine that an attack is launched against one tenant. If the massive amount of malicious traffic bombarding this one tenant can cause the cloud data center to go down or clog up the shared resources, the entire data center can be taken offline or severely slowed. If a company's data center is down because of a DDoS attack, its customers will lose revenue, and the hosting provider will lose revenue and credibility which impacts the viability of the business. This type of outage can be devastating to the reputation and finances of all involved. To make matters worse, the aftershock continues long after the attack has been mitigated.

Because of this looming threat, cloud hosting providers need to proactively defend themselves to ensure service remains available to all of their customers in the event of an attack.

How to avoid becoming the bullseye
The good news is that the risks associated with DDoS attacks can be mitigated. If you don't want to be a victim of the DDoS domino effect, consider four simple strategies that any hosting provider can implement to protect service availability for their customers and themselves:

  • Subscribe to "clean pipes" service from all upstream service providers. Clean pipes will ensure that large-scale DDoS attacks are detected and mitigated in the cloud before they have an impact on the cloud data center, and before customers suffer an outage.
  • Implement an on-premise DDoS mitigation solution. It will enable hosting providers to detect and eliminate stealthy, application-layer DDoS attacks. These attacks target specific applications such as log-in forms and downloads. Due to their narrow focus, they do not require a large amount of traffic, making them very difficult to detect.
  • Monitor traffic inside and outside the cloud data center. Monitoring traffic patterns and protocols is essential to detecting network misuse. Certain systems should be communicating with each other while others should not. When those that should not communicate with each other are communicating, it could mean trouble.
  • Offer additional anti-DDoS service to customers. Operators of cloud data centers can generate additional revenue by offering highly valued DDoS mitigation services to customers. For example, customers who subscribe to the service will have malicious traffic directed against them mitigated. Customers who do not subscribe to the service will simply have their traffic blackholed. This type of service can be a true differentiator in the highly competitive hosting space. The difference between winning and losing business is more and more frequently coming down to valued-added services like managed backup, email and DDoS mitigation.

By taking these precautions, hosting providers can increase their reliability and service availability while generating more revenue by offering valued DDoS protection services to their customers.

— Tom Bienkowski, Director of Product Marketing, Arbor Networks.

(1)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
danielcawrey
50%
50%
danielcawrey,
User Rank: Light Sabre
7/7/2014 | 4:45:13 PM
Tenants
With so many different tenants on a cloud provider's plate, it would seem problematic to be able to stop an all-out DDoS. But technology is improving, and it is clear that providers have no choice but to have procedures in place to prevent the so-called domino effect.

Here's hoping that they work, because major cloud outages are always widely reported and gives the technology a bad rap, fair or unfair. 
More Blogs from Column
Dan Pitt of the Open Networking Foundation (ONF) lays down a challenge to OpenFlow's naysayers.
Telecom carriers need to build, buy or partner for many of the technology enhancements they put into the networks or customer solutions each year.
The future of communications depends on technology licensing, according to Ericsson's Monica Magnusson.
Reflecting on the pivotal role this technology played in the history of computing on its 10th birthday.
This is what industry leadership looks like.
From The Founder
Against the odds, Huawei is growing its telecoms networking equipment business in the US -- that should be ringing some alarm bells for domestic vendors.
Flash Poll
Live Streaming Video
CLOUD / MANAGED SERVICES: Prepping Ethernet for the Cloud
Moderator: Ray LeMaistre Panelists: Jeremy Bye, Leonard Sheahan
LRTV Huawei Video Resource Center
Vodafone: Mobile Money Is About Customer Trust

8|27|15   |   06.36   |   (0) comments


Light Reading spoke with Vodafone's Ian Ravenscroft about the unique responsibilities and opportunities facing operators handling customers' financial transactions over the network.
Telecom Innovators Video Showcase
Palo Alto Networks on Expanding in the Carrier/Service Provider Market

8|26|15   |   07:54   |   (0) comments


Alfred Lee from Palo Alto Networks tells Steve Saunders about their new chassis-based system, the PA-7080, and how it can benefit service providers compared to legacy firewalls.
LRTV Custom TV
Global Services Forum Preview

8|25|15   |   02:36   |   (0) comments


Light Reading's CEO and Founder Steve Saunders talks about Huawei's upcoming Global Services Forum with the help of Heavy Reading's Patrick Donegan and Teresa Mastrangelo.
Telecom Innovators Video Showcase
Infoblox on DNS Threat Index

8|19|15   |   04:39   |   (0) comments


Dilip Pillaipakam from Infoblox talks to Steve Saunders about his company's core network services.
Between the CEOs
CEO Chat With Ihab Tarazi, Equinix

8|14|15   |   20:18   |   (1) comment


Equinix CTO Ihab Tarazi talks to Light Reading founder and CEO Steve Saunders about the dramatic changes in the data center, cloud and interconnect markets and discusses the impact of SDN and NFV in the coming years.
Telecom Innovators Video Showcase
The Netformx Ecosystem

8|14|15   |   09:39   |   (1) comment


Ittai Bareket, CEO of Netformx, talks with Steve Saunders about the Netformx Ecosystem, which employs cutting-edge prescriptive analytics to help solution providers maximize profits.
Telecom Innovators Video Showcase
Versa Networks on Leveraging VNFs

8|12|15   |   07:37   |   (0) comments


Kumar Mehta, founder and CEO of stealth mode startup Versa Networks, talks with Steve Saunders about how providers can best leverage virtualized network functions (VNFs).
LRTV Custom TV
Transforming the Network Through OPNFV

8|5|15   |   7:09   |   (0) comments


Sandra Rivera, VP Data Center Group; GM Network Platforms Group, Intel Corporation, on OPNFV Arno and how the industry is coming together to accelerate the deployment of NFV and transform the network.
LRTV Huawei Video Resource Center
Huawei ONS Product Demo

8|3|15   |   6:01   |   (0) comments


Huawei shows at Open Networking Summit 2015 in Santa Clara how its SDN and NFV solutions embrace openness.
LRTV Custom TV
End-User or Enterprise Benefits to the New IP

7|30|15   |   04:27   |   (1) comment


Andrew Coward discusses what the New IP means to end users or enterprise customers. He explains compelling reasons, including how every customer can get their own network, from the transformation to the New IP.
LRTV Custom TV
Network Visibility & the New IP

7|30|15   |   02:23   |   (0) comments


Mukund Srigopal provides an explanation of what network visibility is and how it is essential as service providers transition to the New IP. In addition, the importance of the network packet broker is discussed.
Between the CEOs
CEO Chat With Basil Alwan, Alcatel-Lucent

7|24|15   |   26:44   |   (5) comments


Basil Alwan, President of IP Routing & Transport at Alcatel-Lucent, discusses virtualization, cultural challenges, the capex crunch and more with Light Reading founder and CEO Steve Saunders.
Upcoming Live Events
September 16-17, 2015, The Westin Galleria Dallas, Dallas, TX
September 16, 2015, The Westin Galleria Dallas, Dallas, TX
September 16, 2015, The Westin Galleria Dallas, Dallas, TX
September 29-30, 2015, The Westin Grand Müchen, Munich, Germany
October 14-15, 2015, New Orleans Ernest N. Morial Convention Center, New Orleans, LA
November 5, 2015, Hilton Santa Clara, Santa Clara, CA
November 17, 2015, Santa Clara, California
December 1, 2015, The Westin Times Square, New York City
December 2, 2015, The Westin Times Square, New York City
All Upcoming Live Events
Infographics
Cisco's cloud and virtualization portfolio can increase business agility and innovation by building a more flexible network architecture.
Hot Topics
Verizon Hums a Driving Tune
Sarah Thomas, Editorial Operations Director, 8/26/2015
Gogo Approved to Speed Up In-Flight WiFi
Sarah Thomas, Editorial Operations Director, 8/24/2015
Could Market Volatility Hurt Tech IPOs?
Dan Jones, Mobile Editor, 8/24/2015
Fact-Checking the Future of 'Silence Like Diamonds'
Mitch Wagner, West Coast Bureau Chief, Light Reading, 8/21/2015
Like Us on Facebook
Twitter Feed
September 22, 2015
Media Begins With “Me”
Webinar Archive
BETWEEN THE CEOs - Executive Interviews
Equinix CTO Ihab Tarazi talks to Light Reading founder and CEO Steve Saunders about data center, cloud and the impact of virtualization in the coming years.
They say there's no such thing as a stupid question, but I probably sail pretty close to the wind in some of my interviews for LR. But then that's one of the things I ...
Cats with Phones
Cats & Boxes: A Love Affair Click Here