Light Reading
Aggregating customer traffic in a multi-tenant setting can also aggregate the risk of DDoS attacks

Cloud Providers: Beware DDoS Domino Effect

Tom Bienkowski
7/7/2014
50%
50%

In this day and age, almost every organization is using the Internet as a platform for business as they realize the benefit of outsourcing online operations such as websites, storage, e-commerce, email, and domain name system (DNS). It makes sense because it allows them to focus more on the core business. It also brings about lower costs and requires fewer internal resources. As such, cloud and hosting providers are experiencing significant growth as they meet this market demand. But with this increase in growth comes a proportional increase in risk.

With the proliferation of cyber threat and "hacktivist" movements, any organization can be the target of a cyber attack, specifically distributed denial-of-service (DDoS) attacks. These days, they are occurring daily because of botnet-for-hire services that charge as little as $2 an hour. However, hosting providers incur a higher risk of being the targets of DDoS attacks than other businesses operating online. Why? They aggregate the risk of all their customers.

The Wikipedia definition of the "domino effect" is a chain reaction that occurs when a small change causes a similar change nearby, which then causes another similar change, and so on in linear sequence. The term is used as an analogy to a falling row of dominoes.

A DDoS attack on one hosting customer can potentially take down the entire operation because they all share the same network infrastructure. In the same way cloud hosting providers pool resources such as bandwidth and storage for their customers, they also pool the aggregated risk of all their customers.

Due to the multi-tenancy nature of cloud-based data centers, a volumetric DDoS attack against one tenant can lead to a domino effect of service outages. Imagine that an attack is launched against one tenant. If the massive amount of malicious traffic bombarding this one tenant can cause the cloud data center to go down or clog up the shared resources, the entire data center can be taken offline or severely slowed. If a company's data center is down because of a DDoS attack, its customers will lose revenue, and the hosting provider will lose revenue and credibility which impacts the viability of the business. This type of outage can be devastating to the reputation and finances of all involved. To make matters worse, the aftershock continues long after the attack has been mitigated.

Because of this looming threat, cloud hosting providers need to proactively defend themselves to ensure service remains available to all of their customers in the event of an attack.

How to avoid becoming the bullseye
The good news is that the risks associated with DDoS attacks can be mitigated. If you don't want to be a victim of the DDoS domino effect, consider four simple strategies that any hosting provider can implement to protect service availability for their customers and themselves:

  • Subscribe to "clean pipes" service from all upstream service providers. Clean pipes will ensure that large-scale DDoS attacks are detected and mitigated in the cloud before they have an impact on the cloud data center, and before customers suffer an outage.
  • Implement an on-premise DDoS mitigation solution. It will enable hosting providers to detect and eliminate stealthy, application-layer DDoS attacks. These attacks target specific applications such as log-in forms and downloads. Due to their narrow focus, they do not require a large amount of traffic, making them very difficult to detect.
  • Monitor traffic inside and outside the cloud data center. Monitoring traffic patterns and protocols is essential to detecting network misuse. Certain systems should be communicating with each other while others should not. When those that should not communicate with each other are communicating, it could mean trouble.
  • Offer additional anti-DDoS service to customers. Operators of cloud data centers can generate additional revenue by offering highly valued DDoS mitigation services to customers. For example, customers who subscribe to the service will have malicious traffic directed against them mitigated. Customers who do not subscribe to the service will simply have their traffic blackholed. This type of service can be a true differentiator in the highly competitive hosting space. The difference between winning and losing business is more and more frequently coming down to valued-added services like managed backup, email and DDoS mitigation.

By taking these precautions, hosting providers can increase their reliability and service availability while generating more revenue by offering valued DDoS protection services to their customers.

— Tom Bienkowski, Director of Product Marketing, Arbor Networks.

(1)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
danielcawrey
50%
50%
danielcawrey,
User Rank: Light Sabre
7/7/2014 | 4:45:13 PM
Tenants
With so many different tenants on a cloud provider's plate, it would seem problematic to be able to stop an all-out DDoS. But technology is improving, and it is clear that providers have no choice but to have procedures in place to prevent the so-called domino effect.

Here's hoping that they work, because major cloud outages are always widely reported and gives the technology a bad rap, fair or unfair. 
More Blogs from Column
CSPs armed with real-time operational intelligence are uniquely positioned to realize the true monetary value of the new data economy.
Share your views on the next five years and find out what your peers think too.
The complexity of cloud service sourcing will boost demand for infrastructure-as-a-service.
Automation saves you from repeating the same things over and over again.
Terabit Demonstrator Project to be unveiled at SC14 in New Orleans.
Flash Poll
From The Founder
It's clear to me that the communications industry is divided into two types of people, and only one is living in the real world.
LRTV Huawei Video Resource Center
Building a Secure Telefonica Network With Huawei's High-End Firewall

11|24|14   |   4:37   |   (0) comments


Andrew Davies, IP architect of the Telefonica, a leading digital communications company, discusses the Huawei security gateway solution and putting the solution into the testbed.
LRTV Huawei Video Resource Center
Huawei Partners with Spirent to Verify CE12816's 10GE Port & TRILL Networking Capabilities

11|24|14   |   2:50   |   (0) comments


Spirent Communications is the world's leading supplier for telecom testing appliances and solutions. Spirent has been in a close partnership with Huawei for a long time.
LRTV Huawei Video Resource Center
Saudi Airlines & Its ICT Transformation

11|24|14   |   2:07   |   (0) comments


In this video, Saudi Airlines discusses its network problems and how Huawei's Agile Network is its all-in-one solution.
LRTV Huawei Video Resource Center
Huawei's Agile Switch Benefiting Saudi Arabia's Yamamah Hospital

11|24|14   |   2:40   |   (0) comments


Saudi Arabia's Yamamah Hospital speaks about how Huawei's Agile Switch has improved the medical service's network infrastructure.
LRTV Huawei Video Resource Center
FanPlay & Huawei Build a Wireless Agile Smart Stadium

11|24|14   |   2:13   |   (0) comments


FanPlay is a cloud-based white label service, which is effectively a football fan engagement platform underpinned by mobile payment technology.
LRTV Huawei Video Resource Center
Building an Agile Stadium

11|24|14   |   3:54   |   (0) comments


Stadiums may be thousands of tons of concrete and steel, but they now need to be agile. Being at the stadium may not be as alluring as it once was. Sports franchises and stadium operators discuss how to get fans back.
LRTV Huawei Video Resource Center
Huawei Helps ChinaCache Tackle Challenges in the Internet Industry

11|24|14   |   3:09   |   (0) comments


ChinaCache is China's largest content distribution network supplier. Huawei's CE12800 has provided ChinaCache with very strong support in its establishment of an infrastructure network.
LRTV Huawei Video Resource Center
Cefinity on Managed Security Services & Next-Generation Firewall

11|24|14   |   7:05   |   (0) comments


Cefinity is a cloud management service provider in Southeast Asia. Ivan Zhang, CEO of the company, discusses the implementation of security service management in the cloud era.
LRTV Huawei Video Resource Center
Huawei's Agile Gateway in the Eyes of Cefinity

11|24|14   |   2:11   |   (0) comments


Cefinity is a managed service provider for enterprise networks. The company currently uses Huawei's AR series routers for the most complete range of functions. CEO Ivan Zhang speaks about the advantages of the AR series routers.
LRTV Huawei Video Resource Center
CTO of Bus-Online Talks About Huawei's Agile Gateway

11|24|14   |   2:53   |   (0) comments


Bus-Online covers around 100 million users everyday. In addition to providing mobile TV, and advertising services to the public, Bus-Online has also entered the field of mobile Internet.
LRTV Huawei Video Resource Center
Amsterdam ArenA as an Agile Campus

11|24|14   |   3:31   |   (0) comments


The Amsterdam ArenA, home of the Ajax soccer team, can be a crowded space. ArenA has partnered with Huawei to work on bringing ample bandwidth to 53,000 people at the same time.
LRTV Huawei Video Resource Center
Building a Gigabit Wireless Network

11|24|14   |   3:15   |   (0) comments


3W is dedicated to customer-centric services such as catering, incubator and PR. To do this requires a solid IT structure. In this video, 3W discusses how Huawei has helped to achieve its goals.
Upcoming Live Events
December 2, 2014, New York City
December 3, 2014, New York City
December 8-10, 2014, Reykjavik, Iceland
February 12, 2015, Atlanta, GA
April 14, 2015, New York City, NY
May 6, 2015, McCormick Convention Center, Chicago, IL
May 13-14, 2015, The Westin Peachtree, Atlanta, GA
June 9-10, 2015, Chicago, IL
Infographics
Irish Telecom outlines the rise of VoIP technology, including its adoption within businesses and their perception of its quality.
Hot Topics
Bell Labs Chief Slams 'Toy' Networks
Robert Clark, 11/19/2014
$38.3M: Ain't That a Kik in the SMS
Sarah Reedy, Senior Editor, 11/20/2014
Do You Have a 2020 Vision?
Dennis Mendyk, Vice President of Research, Heavy Reading, 11/21/2014
The New Wave of IP + Optical Integration
Ray Le Maistre, Editor-in-chief, 11/21/2014
$35B+ Spectrum Auction Dings Verizon, Shines Dish
Dan Jones, Mobile Editor, 11/24/2014
Like Us on Facebook
Twitter Feed