We're interested in moving some of our Web applications to a cloud provider, but one of my concerns in particular...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
is distributed denial-of-service (DDoS) attacks (which our enterprise has experienced before). I'm afraid that if attackers try to overload our Web apps in the cloud, they'll end up costing us a fortune in cloud usage charges. Are there ways to prevent this from happening?
Preventing a distributed denial-of-service, or DDoS attack against any resource, local or cloud-based, may be difficult to impossible to do, but minimizing the impact from a DDoS attack should be a priority if the Web application is critical to your business.
One option is to take the opportunity to rewrite your Web application when it is moved to the cloud to minimize the impact from a DDoS attack and take advantage of any new security functionality from the cloud provider, like high availability failover if a system is unavailable from a DDoS attack. Depending on the type of cloud provider and service utilized, you could add your own DDoS protections in the application infrastructure, but you would still need to rely on the cloud provider’s ISP to respond to a DDoS. You could use a content distribution network to further reduce the impact from a DDoS, but many cloud providers already have sufficient distributed resources to help minimize the effect of a DDoS. If the application is critical to your business and only requires internal access, you could even get a leased line to the provider, but this seems unlikely given the cost and complexity.
There are also non-technical mechanisms to minimize the cost from a cloud DDoS attack on a Web application hosted at a cloud provider. One is to negotiate DDoS protection or potential costs into the upfront contract. If you can’t get DDoS provisions in the contract, you may want to compare the potential cloud bandwidth costs from a DDoS on a cloud provider to the costs your organization incurred from the DDoS on your locally hosted Web application, including the staff time to respond. If the costs of the additional usage fees are less than the costs your organization incurred from the DDoS on your locally hosted Web application, the potential additional usage fees from a DDoS may not be a concern.
Dig Deeper on Denial of Service (DoS) Attack Prevention
Related Q&A from Nick Lewis
An HTTPS session with a reused nonce is vulnerable to the Forbidden attack. Expert Nick Lewis explains how the attack works, and how to properly ...continue reading
The Irongate malware has been discovered to have similar functionality to Stuxnet. Expert Nick Lewis explains how enterprises can protect their ICS ...continue reading
APT groups have been continuously exploiting a flaw in Microsoft Office, despite it having been patched. Expert Nick Lewis explains how these attacks...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.