& cplSiteName &

Cloud Providers: Beware DDoS Domino Effect

Tom Bienkowski
7/7/2014
50%
50%

In this day and age, almost every organization is using the Internet as a platform for business as they realize the benefit of outsourcing online operations such as websites, storage, e-commerce, email, and domain name system (DNS). It makes sense because it allows them to focus more on the core business. It also brings about lower costs and requires fewer internal resources. As such, cloud and hosting providers are experiencing significant growth as they meet this market demand. But with this increase in growth comes a proportional increase in risk.

With the proliferation of cyber threat and "hacktivist" movements, any organization can be the target of a cyber attack, specifically distributed denial-of-service (DDoS) attacks. These days, they are occurring daily because of botnet-for-hire services that charge as little as $2 an hour. However, hosting providers incur a higher risk of being the targets of DDoS attacks than other businesses operating online. Why? They aggregate the risk of all their customers.

The Wikipedia definition of the "domino effect" is a chain reaction that occurs when a small change causes a similar change nearby, which then causes another similar change, and so on in linear sequence. The term is used as an analogy to a falling row of dominoes.

A DDoS attack on one hosting customer can potentially take down the entire operation because they all share the same network infrastructure. In the same way cloud hosting providers pool resources such as bandwidth and storage for their customers, they also pool the aggregated risk of all their customers.

Due to the multi-tenancy nature of cloud-based data centers, a volumetric DDoS attack against one tenant can lead to a domino effect of service outages. Imagine that an attack is launched against one tenant. If the massive amount of malicious traffic bombarding this one tenant can cause the cloud data center to go down or clog up the shared resources, the entire data center can be taken offline or severely slowed. If a company's data center is down because of a DDoS attack, its customers will lose revenue, and the hosting provider will lose revenue and credibility which impacts the viability of the business. This type of outage can be devastating to the reputation and finances of all involved. To make matters worse, the aftershock continues long after the attack has been mitigated.

Because of this looming threat, cloud hosting providers need to proactively defend themselves to ensure service remains available to all of their customers in the event of an attack.

How to avoid becoming the bullseye
The good news is that the risks associated with DDoS attacks can be mitigated. If you don't want to be a victim of the DDoS domino effect, consider four simple strategies that any hosting provider can implement to protect service availability for their customers and themselves:

  • Subscribe to "clean pipes" service from all upstream service providers. Clean pipes will ensure that large-scale DDoS attacks are detected and mitigated in the cloud before they have an impact on the cloud data center, and before customers suffer an outage.
  • Implement an on-premise DDoS mitigation solution. It will enable hosting providers to detect and eliminate stealthy, application-layer DDoS attacks. These attacks target specific applications such as log-in forms and downloads. Due to their narrow focus, they do not require a large amount of traffic, making them very difficult to detect.
  • Monitor traffic inside and outside the cloud data center. Monitoring traffic patterns and protocols is essential to detecting network misuse. Certain systems should be communicating with each other while others should not. When those that should not communicate with each other are communicating, it could mean trouble.
  • Offer additional anti-DDoS service to customers. Operators of cloud data centers can generate additional revenue by offering highly valued DDoS mitigation services to customers. For example, customers who subscribe to the service will have malicious traffic directed against them mitigated. Customers who do not subscribe to the service will simply have their traffic blackholed. This type of service can be a true differentiator in the highly competitive hosting space. The difference between winning and losing business is more and more frequently coming down to valued-added services like managed backup, email and DDoS mitigation.

By taking these precautions, hosting providers can increase their reliability and service availability while generating more revenue by offering valued DDoS protection services to their customers.

— Tom Bienkowski, Director of Product Marketing, Arbor Networks.

(1)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
danielcawrey
50%
50%
danielcawrey,
User Rank: Light Sabre
7/7/2014 | 4:45:13 PM
Tenants
With so many different tenants on a cloud provider's plate, it would seem problematic to be able to stop an all-out DDoS. But technology is improving, and it is clear that providers have no choice but to have procedures in place to prevent the so-called domino effect.

Here's hoping that they work, because major cloud outages are always widely reported and gives the technology a bad rap, fair or unfair. 
More Blogs from Column
WiFi is offering a challenge to the network-centric cellular status quo and that's something that mobile network operator CEOs recognize, believes Devicescape CEO Dave Fraser.
NFV can bring operational headaches as well as operational gains, argues Andy Huckridge.
5G is about so much more than just very high bandwidth and low latency – and SDN is going to play a key role in enabling 5G full potential, argues ONF Executive Director Dan Pitt.
To ensure the best possible customer experience, service providers must find ways to make more performance metrics available to users.
How cable operators can prepare to grasp the mobility opportunity.
From The Founder
Download our complete guide to de-risking NFV deployment in 2016, including:
  • An eight-step strategy to deploying NFV safely, based on input from the companies that have already started virtualizing their production networks.
  • Interviews with leading executives at Colt, AT&T, Deutsche Telekom, Cisco, Nokia, ZTE, Ericsson and Heavy Reading.
  • Flash Poll
    Live Streaming Video
    Prepping for the Future: Upskill U Explained
    During this short kick-off video, Doug Webster, Vice President of Service Provider Marketing, Cisco, and Light Reading’s CEO & Founder Steve Saunders give an overview of Upskill U.
    LRTV Interviews
    Demand Surges for On-Demand Ads

    5|5|16   |     |   (0) comments


    Ed Knudson, VP, Product and Strategy at Canoe Ventures, discusses the rising appeal of VoD ads and the challenges on inserting ads dynamically in live TV programming.
    LRTV Custom TV
    Exclusive: Video Interview With Sckipio CEO David Baum

    5|5|16   |     |   (0) comments


    At his headquarters in Tel Aviv, G.fast visionary David Baum, CEO of Sckipio, provided an exclusive interview to Light Reading and showed how innovations in rate and reach, vector densities, fast reconnecting times and SFP-based residential gateways are expanding the potential of G.fast.
    Telecom Innovators Video Showcase
    Atrinet's NetACE – Migration to NFV & SDN With NetOps-Driven LSO

    5|4|16   |     |   (0) comments


    At Atrinet's headquarters, Ray Le Maistre sits down with Roy Silon to get an in-depth look into the company's focus and the secret recipe for their success.
    LRTV Huawei Video Resource Center
    Amsterdam ArenA, Powered by Huawei

    5|4|16   |     |   (0) comments


    Huawei's ICT solutions power the state-of-the-art Amsterdam ArenA, turning it into a smart stadium.
    LRTV Interviews
    Testing When There's No 'There' There

    5|4|16   |     |   (0) comments


    The benefits of SDN/NFV are well known, but the transition comes with some challenges, prominent among them is: how do you test a network that has been abstracted and has the potential to be endlessly reconfigurable? Light Reading was at NFV World Congress in Santa Clara, Calif., where we bumped into Mats Nordlund, CEO and co-founder of Netrounds, a Swedish ...
    LRTV Interviews
    Ditching the Slash & the Orchestration Wars

    5|3|16   |     |   (2) comments


    SDN and NFV have been inextricably bound with each other for so long that on a conceptual level, smooshing them together into one catch-all phrase – SDNFV – is now justifiable, according to Dan Pitt, executive director of the Open Networking Foundation (ONF). Light Reading spoke to Pitt at the NFV World Congress, where he explained that the next ...
    LRTV Custom TV
    ZTE TV Connect Highlights

    5|3|16   |     |   (0) comments


    ZTE gives us a tour of its booth and new products at TV Connect in London.
    LRTV Custom TV
    Deluxe's Unified Delivery Solution

    5|3|16   |     |   (0) comments


    Join Alan Breznick of Light Reading and visit the Deluxe booth at NAB! Here you'll find Deluxe's Unified Delivery Solution, OTT video, virtual reality, HDR, 4K and much more!
    LRTV Interviews
    Verizon Puts Gray Boxes in the Shade

    5|2|16   |   04:33   |   (1) comment


    When it comes to the white box trend, "gray" boxes, which have a slight proprietary twist, don't give service providers and end users the advantages they're seeking, according to Verizon's Vice President of Product and New Business Innovation Shawn Hakl.
    LRTV Custom TV
    Dealing With a Disrupted Video Market

    5|2|16   |     |   (0) comments


    Ericsson's Simon Frost discusses how traditional pay-TV providers can cope with the big changes wrought by the rise of OTT video and IP technology.
    LRTV Custom TV
    The VNF Responsibility of Red Hat

    5|2|16   |     |   (0) comments


    At MWC, Caroline Chappell of Heavy Reading visits the Red Hat booth and sits down with Chris Wright to talk about the responsibility the VNF needs to take on in order to ensure the operators get the carrier-grade performance they expect for their network.
    LRTV Interviews
    AT&T Expert on the Key Pillars of UC

    4|29|16   |   03:58   |   (0) comments


    Vishy Gopalakrishnan, AVP of product marketing at AT&T, talks about the three developments that are making unified communications and collaboration secure and reliable for enterprise users.
    Upcoming Live Events
    May 23, 2016, Austin, TX
    May 23, 2016, Austin Convention Center
    May 24-25, 2016, Austin Convention Center, Austin, TX
    September 13-14, 2016, The Curtis Hotel, Denver, CO
    December 6-8, 2016,
    June 16-18, 2017, Austin Convention Center, Austin, TX
    All Upcoming Live Events
    Infographics
    A new survey conducted by Heavy Reading and TM Forum shows that CSPs around the world see the move to digital operations as a necessary part of their overall virtualization strategies.
    Hot Topics
    Amazon AWS Reports $2.6B Quarterly Revenue, Up a Colossal 64%
    Mitch Wagner, West Coast Bureau Chief, Light Reading, 4/28/2016
    WiCipedia: Woman Cards & Bitch Switches
    Sarah Thomas, Director, Women in Comms, 4/29/2016
    Sprint CEO: Our Spectrum Is for 5G
    Dan Jones, Mobile Editor, 5/3/2016
    Amazon & Other 'Big 4' Cloud Providers Crushing Competitors
    Mitch Wagner, West Coast Bureau Chief, Light Reading, 4/29/2016
    Rovi Reels in TiVo for $1.1B
    Mari Silbey, Senior Editor, Cable/Video, 4/29/2016
    Like Us on Facebook
    Twitter Feed
    BETWEEN THE CEOs - Executive Interviews
    In this latest installment of the CEO Chat series, Craig Labovitz, co-founder and CEO of Deepfield, sits down with Light Reading's Steve Saunders in Light Reading's New York City office to discuss how Deepfield fits in with the big data trend and more.
    Grant van Rooyen, president and CEO of Cologix, sits down with Steve Saunders, founder and CEO of Light Reading, in the vendor's New Jersey facility to offer an inside look at the company's success story and discuss the importance of security in the telecom industry.
    Animals with Phones
    Sloth Mail Click Here
    Sloth mail -- somehow even slower than snail mail.
    Live Digital Audio

    Of all the tech companies in the Valley, Intel has made the most aggressive commitment to building a diverse and inclusive workplace culture. It's doing so by taking concrete, measurable steps, making a large financial investment and through a commitment to complete transparency about its progress. In this radio show, WiC Director Sarah Thomas will be joined by Shlomit Weiss, Intel's Vice President, Data Center Group, and General Manager of Networking Engineering, who will share with us why Intel is tackling this huge challenge, how and to what effect. She will also discuss her unique experiences leading development of Client SOC development in the past and today leading development of all of the chipmaker's silicon hardware for networking IPs and discrete devices and managing a team of 600 engineers across Israel, Europe and the US.