We're interested in moving some of our Web applications to a cloud provider, but one of my concerns in particular...
is distributed denial-of-service (DDoS) attacks (which our enterprise has experienced before). I'm afraid that if attackers try to overload our Web apps in the cloud, they'll end up costing us a fortune in cloud usage charges. Are there ways to prevent this from happening?
Preventing a distributed denial-of-service, or DDoS attack against any resource, local or cloud-based, may be difficult to impossible to do, but minimizing the impact from a DDoS attack should be a priority if the Web application is critical to your business.
One option is to take the opportunity to rewrite your Web application when it is moved to the cloud to minimize the impact from a DDoS attack and take advantage of any new security functionality from the cloud provider, like high availability failover if a system is unavailable from a DDoS attack. Depending on the type of cloud provider and service utilized, you could add your own DDoS protections in the application infrastructure, but you would still need to rely on the cloud provider’s ISP to respond to a DDoS. You could use a content distribution network to further reduce the impact from a DDoS, but many cloud providers already have sufficient distributed resources to help minimize the effect of a DDoS. If the application is critical to your business and only requires internal access, you could even get a leased line to the provider, but this seems unlikely given the cost and complexity.
There are also non-technical mechanisms to minimize the cost from a cloud DDoS attack on a Web application hosted at a cloud provider. One is to negotiate DDoS protection or potential costs into the upfront contract. If you can’t get DDoS provisions in the contract, you may want to compare the potential cloud bandwidth costs from a DDoS on a cloud provider to the costs your organization incurred from the DDoS on your locally hosted Web application, including the staff time to respond. If the costs of the additional usage fees are less than the costs your organization incurred from the DDoS on your locally hosted Web application, the potential additional usage fees from a DDoS may not be a concern.
Dig Deeper on DDoS attack detection and prevention
Related Q&A from Nick Lewis
Researchers developed aIR-Jumper, an exploit that leverages lights within security cameras to extract data. Learn how this attack works and how to ...continue reading
The com.google.provision virus reportedly targets Android users, but little is known about it. Nick Lewis discusses the mystery threat and how Common...continue reading
A bug in Microsoft's Internet Explorer update exposes information that users enter into the browser's address bar. Learn more about the bug and URL ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.