Light Reading
Aggregating customer traffic in a multi-tenant setting can also aggregate the risk of DDoS attacks

Cloud Providers: Beware DDoS Domino Effect

Tom Bienkowski
7/7/2014
50%
50%

In this day and age, almost every organization is using the Internet as a platform for business as they realize the benefit of outsourcing online operations such as websites, storage, e-commerce, email, and domain name system (DNS). It makes sense because it allows them to focus more on the core business. It also brings about lower costs and requires fewer internal resources. As such, cloud and hosting providers are experiencing significant growth as they meet this market demand. But with this increase in growth comes a proportional increase in risk.

With the proliferation of cyber threat and "hacktivist" movements, any organization can be the target of a cyber attack, specifically distributed denial-of-service (DDoS) attacks. These days, they are occurring daily because of botnet-for-hire services that charge as little as $2 an hour. However, hosting providers incur a higher risk of being the targets of DDoS attacks than other businesses operating online. Why? They aggregate the risk of all their customers.

The Wikipedia definition of the "domino effect" is a chain reaction that occurs when a small change causes a similar change nearby, which then causes another similar change, and so on in linear sequence. The term is used as an analogy to a falling row of dominoes.

A DDoS attack on one hosting customer can potentially take down the entire operation because they all share the same network infrastructure. In the same way cloud hosting providers pool resources such as bandwidth and storage for their customers, they also pool the aggregated risk of all their customers.

Due to the multi-tenancy nature of cloud-based data centers, a volumetric DDoS attack against one tenant can lead to a domino effect of service outages. Imagine that an attack is launched against one tenant. If the massive amount of malicious traffic bombarding this one tenant can cause the cloud data center to go down or clog up the shared resources, the entire data center can be taken offline or severely slowed. If a company's data center is down because of a DDoS attack, its customers will lose revenue, and the hosting provider will lose revenue and credibility which impacts the viability of the business. This type of outage can be devastating to the reputation and finances of all involved. To make matters worse, the aftershock continues long after the attack has been mitigated.

Because of this looming threat, cloud hosting providers need to proactively defend themselves to ensure service remains available to all of their customers in the event of an attack.

How to avoid becoming the bullseye
The good news is that the risks associated with DDoS attacks can be mitigated. If you don't want to be a victim of the DDoS domino effect, consider four simple strategies that any hosting provider can implement to protect service availability for their customers and themselves:

  • Subscribe to "clean pipes" service from all upstream service providers. Clean pipes will ensure that large-scale DDoS attacks are detected and mitigated in the cloud before they have an impact on the cloud data center, and before customers suffer an outage.
  • Implement an on-premise DDoS mitigation solution. It will enable hosting providers to detect and eliminate stealthy, application-layer DDoS attacks. These attacks target specific applications such as log-in forms and downloads. Due to their narrow focus, they do not require a large amount of traffic, making them very difficult to detect.
  • Monitor traffic inside and outside the cloud data center. Monitoring traffic patterns and protocols is essential to detecting network misuse. Certain systems should be communicating with each other while others should not. When those that should not communicate with each other are communicating, it could mean trouble.
  • Offer additional anti-DDoS service to customers. Operators of cloud data centers can generate additional revenue by offering highly valued DDoS mitigation services to customers. For example, customers who subscribe to the service will have malicious traffic directed against them mitigated. Customers who do not subscribe to the service will simply have their traffic blackholed. This type of service can be a true differentiator in the highly competitive hosting space. The difference between winning and losing business is more and more frequently coming down to valued-added services like managed backup, email and DDoS mitigation.

By taking these precautions, hosting providers can increase their reliability and service availability while generating more revenue by offering valued DDoS protection services to their customers.

Tom Bienkowski, Director of Product Marketing, Arbor Networks.

(1)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
danielcawrey
50%
50%
danielcawrey,
User Rank: Light Sabre
7/7/2014 | 4:45:13 PM
Tenants
With so many different tenants on a cloud provider's plate, it would seem problematic to be able to stop an all-out DDoS. But technology is improving, and it is clear that providers have no choice but to have procedures in place to prevent the so-called domino effect.

Here's hoping that they work, because major cloud outages are always widely reported and gives the technology a bad rap, fair or unfair. 
More Blogs from Column
Defining SDN realistically will help carriers cut through the hype, says Sunil Khandekar, CEO of Alcatel-Lucent's Nuage Networks.
They can go from also-rans to leaders -- if they don't mess up.
The benefits of SDN are hard to grasp because they're so big. But NFV provides a nice, finite-value proposition.
Intensive end-to-end test and measurement is essential to ensure the smooth rollout of new services like VoLTE.
European Union roaming regulations are opening the doorway to an enhanced consumer experience and higher market growth.
Flash Poll
LRTV Custom TV
Distributed NFV-Based Business Services by RAD

7|18|14   |   5:38   |   (0) comments


With the ETSI-approved Distributed NFV PoC running in the background, RAD's CEO, Dror Bin, talks about why D-NFV makes compelling sense for service providers, and about the dollars and cents RAD is putting behind D-NFV.
LRTV Custom TV
MRV Accelerating Packet Optical Convergence

7|15|14   |   6:06   |   (0) comments


Giving you network insight to make your network smarter.
LRTV Custom TV
NFV-Enabled Ethernet for Generating New Revenues

7|15|14   |   5:49   |   (0) comments


Cyan's Planet Orchestrate allows service providers and their end-customers to activate software-based capabilities such as firewalls and encryption on top of existing Ethernet services in just minutes.
LRTV Custom TV
Symkloud NVF-Ready Video Transcoding, Big Data

7|9|14   |   3:41   |   (0) comments


Kontron and ISV partner Vantrix demonstrate high-performance video transcoding and data analytic solutions on same 2U standard platform that is ready for SDN and NFV deployments made by mobile, cable and cloud operators.
LRTV Huawei Video Resource Center
The Evolving Role of Hybrid Video for Competitive Success

7|4|14   |   4:09   |   (0) comments


At Huawei's Global Analysts Summit in Shenzhen, China, Steven C. Hawley from TV Strategies speaks to us about the evolving role of hybrid video for competitive success.
LRTV Huawei Video Resource Center
How CSPs Leverage Big Data in the Digital Economy

7|4|14   |   4:48   |   (2) comments


Justin van der Lande from Analysys Mason shares with us his views on how telecom operators can leverage customer asset monetization with big data. His discusses the current status of big data applications and the challenges and opportunities for telecom operators in the digital economy era.
LRTV Huawei Video Resource Center
Accelerator for Digital Business Future Oriented BSS

7|4|14   |   3:08   |   (0) comments


Mobile and internet are becoming intertwined; IT and CT are integrating; and leading CSPs have begun to transform to information service and entertainment providers. How should the BSS system evolve to enable this transformation? Karl Whitelock, an analyst at Frost & Sullivan, shares his views.
LRTV Huawei Video Resource Center
Orange Tunisia Discusses Multi-Band Antenna With EasyRET Solution

7|4|14   |   2:45   |   (0) comments


As new site acquisition becomes more difficult, Orange Tunisia has requested multi-band antenna to support UMTS and LTE innovation. Some things considered include reducing the cost of antenna maintenance and having high reliability antenna and EasyRET solution.
LRTV Huawei Video Resource Center
How Telefonica Spain Considers Antenna Selection for LTE Network Deployment

7|4|14   |   2:19   |   (0) comments


Tony Conlan, Global CTO of RAN, Telefonica, shares his opinion on antennas in LTE network deployment: Tower space is the premier requirement on antennas; reliability is important to reduce OPEX; and EasyRET solution will be helpful for antenna maintenance.
LRTV Huawei Video Resource Center
dtac Thailand: Multi-band Antenna & Capacity Solution for a Better MBB Experience

7|3|14   |   3:45   |   (0) comments


With the development of LTE, tower space and load are limited for new antenna, but users' capacity requirements are growing fast. To provide a better MBB experience, Panya Vechbanyongratana from dtac Thailand shared his experiences and antenna requirements.
LRTV Documentaries
BTE Panel: Network of the Future

7|2|14   |   1:00:57   |   (0) comments


Full-length video of the ATIS Panel Discussion: 'How Far Away Is the Network of the Future & What Does It Look Like?' from the Big Telecom Event (BTE) in Chicago.
LRTV Custom TV
Redknee Supports BH Telecom With Redknee Unified

7|2|14   |   6.14   |   (0) comments


Lucas Skoczkowski, CEO of Redknee, and Amir Orucevic, Director BH Mobile, discuss how the benefits of the Redknee Unified suite of products provide BH Telecom with innovation and leadership in the market, with the flexibility to launch services faster to the market, provide new and compelling promotions and pricing models, and combine services in order to drive ...
Upcoming Live Events!!
September 16, 2014, Santa Clara, CA
September 16, 2014, Santa Clara, CA
October 29, 2014, New York City
November 11, 2014, Atlanta, GA
December 9-10, 2014, Reykjavik, Iceland
Infographics
Allot's latest MobileTrends Charging Report shows that value-based pricing plans are up from 35% in 2011 to 85% in 2014.
Hot Topics
Microsoft to Axe 12,500 Ex-Nokia Employees
Sarah Reedy, Senior Editor, 7/17/2014
GM: 10 Car Models on Road With AT&T's LTE
Dan Jones, Mobile Editor, 7/18/2014
Have IBM & Apple Partnered Their Way to Cloud Leadership?
Mitch Wagner, West Coast Bureau Chief, Light Reading, 7/18/2014
Will Telecom's 'Open' Be Natural or Organic?
Carol Wilson, Editor-at-large, 7/15/2014
Analytics, Security Key to Apple, IBM Tie-Up
Ray Le Maistre, Editor-in-chief, 7/16/2014
Like Us on Facebook
Twitter Feed