Light Reading

Cloud Providers: Beware DDoS Domino Effect

Tom Bienkowski
7/7/2014
50%
50%

In this day and age, almost every organization is using the Internet as a platform for business as they realize the benefit of outsourcing online operations such as websites, storage, e-commerce, email, and domain name system (DNS). It makes sense because it allows them to focus more on the core business. It also brings about lower costs and requires fewer internal resources. As such, cloud and hosting providers are experiencing significant growth as they meet this market demand. But with this increase in growth comes a proportional increase in risk.

With the proliferation of cyber threat and "hacktivist" movements, any organization can be the target of a cyber attack, specifically distributed denial-of-service (DDoS) attacks. These days, they are occurring daily because of botnet-for-hire services that charge as little as $2 an hour. However, hosting providers incur a higher risk of being the targets of DDoS attacks than other businesses operating online. Why? They aggregate the risk of all their customers.

The Wikipedia definition of the "domino effect" is a chain reaction that occurs when a small change causes a similar change nearby, which then causes another similar change, and so on in linear sequence. The term is used as an analogy to a falling row of dominoes.

A DDoS attack on one hosting customer can potentially take down the entire operation because they all share the same network infrastructure. In the same way cloud hosting providers pool resources such as bandwidth and storage for their customers, they also pool the aggregated risk of all their customers.

Due to the multi-tenancy nature of cloud-based data centers, a volumetric DDoS attack against one tenant can lead to a domino effect of service outages. Imagine that an attack is launched against one tenant. If the massive amount of malicious traffic bombarding this one tenant can cause the cloud data center to go down or clog up the shared resources, the entire data center can be taken offline or severely slowed. If a company's data center is down because of a DDoS attack, its customers will lose revenue, and the hosting provider will lose revenue and credibility which impacts the viability of the business. This type of outage can be devastating to the reputation and finances of all involved. To make matters worse, the aftershock continues long after the attack has been mitigated.

Because of this looming threat, cloud hosting providers need to proactively defend themselves to ensure service remains available to all of their customers in the event of an attack.

How to avoid becoming the bullseye
The good news is that the risks associated with DDoS attacks can be mitigated. If you don't want to be a victim of the DDoS domino effect, consider four simple strategies that any hosting provider can implement to protect service availability for their customers and themselves:

  • Subscribe to "clean pipes" service from all upstream service providers. Clean pipes will ensure that large-scale DDoS attacks are detected and mitigated in the cloud before they have an impact on the cloud data center, and before customers suffer an outage.
  • Implement an on-premise DDoS mitigation solution. It will enable hosting providers to detect and eliminate stealthy, application-layer DDoS attacks. These attacks target specific applications such as log-in forms and downloads. Due to their narrow focus, they do not require a large amount of traffic, making them very difficult to detect.
  • Monitor traffic inside and outside the cloud data center. Monitoring traffic patterns and protocols is essential to detecting network misuse. Certain systems should be communicating with each other while others should not. When those that should not communicate with each other are communicating, it could mean trouble.
  • Offer additional anti-DDoS service to customers. Operators of cloud data centers can generate additional revenue by offering highly valued DDoS mitigation services to customers. For example, customers who subscribe to the service will have malicious traffic directed against them mitigated. Customers who do not subscribe to the service will simply have their traffic blackholed. This type of service can be a true differentiator in the highly competitive hosting space. The difference between winning and losing business is more and more frequently coming down to valued-added services like managed backup, email and DDoS mitigation.

By taking these precautions, hosting providers can increase their reliability and service availability while generating more revenue by offering valued DDoS protection services to their customers.

— Tom Bienkowski, Director of Product Marketing, Arbor Networks.

(1)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
danielcawrey
50%
50%
danielcawrey,
User Rank: Light Sabre
7/7/2014 | 4:45:13 PM
Tenants
With so many different tenants on a cloud provider's plate, it would seem problematic to be able to stop an all-out DDoS. But technology is improving, and it is clear that providers have no choice but to have procedures in place to prevent the so-called domino effect.

Here's hoping that they work, because major cloud outages are always widely reported and gives the technology a bad rap, fair or unfair. 
More Blogs from Column
Broadcom SVP Rich Nelson offers a primer on DOCSIS 3.1.
The web services giants such as Facebook, Amazon and Google might be defining the next generation of 'carrier class' networking technology.
As carriers are partnering with a growing amount of third-party service providers, payments are the next logical step in growing these partnerships.
There are many variants of the CRAN concept, but all have the potential to deliver major capex and opex savings in the network.
The FCC's upcoming 600 MHz spectrum is a novel idea to foster a competitive framework for the future.
Flash Poll
From The Founder
Network architects aiming to upgrade their networks to support agile, open, virtualized services in the 21st century need to consider new criteria when choosing between technology suppliers.
Live Streaming Video
CLOUD / MANAGED SERVICES: Prepping Ethernet for the Cloud
Moderator: Ray LeMaistre Panelists: Jeremy Bye, Leonard Sheahan
Wagner’s Ring
Business Value Trumps Moving Bits for Virtual Networks

7|7|15   |   01:22   |   (0) comments


At the recent Open Networking Summit, carriers described how they're focused on increasing revenue rather than just improving technology. This requires cultural changes, which can be more difficult than technology changes.
LRTV Custom TV
VeEX: Live from the Big Telecom Event 2015

7|7|15   |   2:28   |   (0) comments


VeEX's Carl Goldschmidt provides new product updates, including the RXT modular test platform and TX300s. With the latest technology in pluggable physical interfaces, the RXT platform combines multiple technologies with testing range from 10 Mbit/s to 100 Gbit/s. The TX300s is an "All-in-one" advanced multi-service test platform from 64 Kbit/s to 100 Gbit/s that ...
LRTV Custom TV
Light Reading Interviews MRV: 2015 Big Telecom Event

7|7|15   |   3:45   |   (0) comments


Scott St. John, SVP of Global Sales & Service, discusses MRV's customer-centric culture, the new OptiPacket OP-X1 100G access platform, and recent customer wins with Light Reading at BTE 2015.
LRTV Custom TV
Procera: Enhancing the Subscriber Experience

7|7|15   |   4:53   |   (0) comments


Hear from Procera on the latest in Subscriber Experience solutions. Learn how Procera's RAN Perspective technology helps network operators monitor and manage network traffic, in real-time, solving congestion and other network issues.
Between the CEOs
HP's Prodip Sen: The NFV Journey

7|7|15   |   21:39   |   (0) comments


Prodip Sen, CTO of the Network Functions Virtualization (NFV) business unit at HP, talks to Light Reading founder and CEO Steve Saunders about the four stages of the NFV journey.
LRTV Documentaries
Leading Lights 2015 Winners' Video

7|7|15   |   08:34   |   (2) comments


Hear what the Leading Lights 2015 winners had to say after they picked up their awards in Chicago.
LRTV Documentaries
PSA: The Perils of a Hyper-Connected Society

7|6|15   |   1:38   |   (0) comments


A public service announcement calling attention to the perils of a hyper-connected society.
LRTV Interviews
Guavus Takes Analytics on the Road

7|6|15   |   4:09   |   (3) comments


Guavus CEO Anukool Lakhina tells Light Reading CEO and founder Steve Saunders how the analytics tools developed for telcos are applicable to the transportation industry.
Telecom Innovators Video Showcase
Mellanox's New 25/50/100Gb/s Ethernet Products

7|6|15   |   2:44   |   (0) comments


Mellanox offers a complete 10/25/40/50/56/100Gbit/s solution that delivers industry-leading performance, scalability, reliability and efficiency for optimal application performance and data center ROI.
Telecom Innovators Video Showcase
Arista's CloudVision

7|6|15   |   6:01   |   (0) comments


Anshul Sadana answers questions from Steve Saunders, Light Reading’s founder and CEO, about Arista’s CloudVision, a global cloud network controller for workload orchestration and workflow automation delivering a turnkey solution for cloud networking.
LRTV Custom TV
Red Hat Demo

7|2|15   |   10:53   |   (0) comments


Red Hat's Nicolas Lemieux demonstrates how Red Hat is driving innovation through open source communities.
LRTV Custom TV
Red Hat's Approach to OpenStack Adoption

7|2|15   |   5:17   |   (0) comments


Red Hat's Radhesh Balakrishnan outlines his company's open source strategy for both enterprises and telcos.
Upcoming Live Events
September 16-17, 2015, The Westin Galleria Dallas, Dallas, TX
September 16, 2015, The Westin Galleria Dallas, Dallas, TX
September 29-30, 2015, The Westin Grand Müchen, Munich, Germany
October 6, 2015, The Westin Peachtree Plaza, Atlanta, GA
October 6, 2015, Westin Peachtree Plaza, Atlanta, GA
October 14-15, 2015, New Orleans Ernest N. Morial Convention Center, New Orleans, LA
November 5, 2015, Hilton Santa Clara, Santa Clara, CA
All Upcoming Live Events
Infographics
Equinix walks through the past four digital economy eras from computing to network to connected to today's interconneted world.
Hot Topics
What's a Gigabit Good For?
Carol Wilson, Editor-at-large, 7/1/2015
IBM Sows Seed for New Telco Unit, Plans NFV/SDN Push
Ray Le Maistre, Editor-in-chief, 7/6/2015
FCC Chairman Talks Up SDN/NFV
Mari Silbey, Senior Editor, Cable/Video, 7/2/2015
A&E Launches Lifetime OTT Service
Alan Breznick, Cable/Video Practice Leader, 7/3/2015
What the Helio? MVNO Is Back After First Flop
Sarah Thomas, Editorial Operations Director, 7/6/2015
Like Us on Facebook
Twitter Feed
Webinar Archive
BETWEEN THE CEOs - Executive Interviews
Prodip Sen, CTO of the Network Functions Virtualization (NFV) business unit at HP, talks to Light Reading founder and CEO Steve Saunders about the four stages of the NFV journey.
Casa Systems has been going from strength to strength over the last couple of years. In 2013, it became the first vendor to ship an integrated CCAP device -- the ...
Cats with Phones