We're interested in moving some of our Web applications to a cloud provider, but one of my concerns in particular...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
is distributed denial-of-service (DDoS) attacks (which our enterprise has experienced before). I'm afraid that if attackers try to overload our Web apps in the cloud, they'll end up costing us a fortune in cloud usage charges. Are there ways to prevent this from happening?
Preventing a distributed denial-of-service, or DDoS attack against any resource, local or cloud-based, may be difficult to impossible to do, but minimizing the impact from a DDoS attack should be a priority if the Web application is critical to your business.
One option is to take the opportunity to rewrite your Web application when it is moved to the cloud to minimize the impact from a DDoS attack and take advantage of any new security functionality from the cloud provider, like high availability failover if a system is unavailable from a DDoS attack. Depending on the type of cloud provider and service utilized, you could add your own DDoS protections in the application infrastructure, but you would still need to rely on the cloud provider’s ISP to respond to a DDoS. You could use a content distribution network to further reduce the impact from a DDoS, but many cloud providers already have sufficient distributed resources to help minimize the effect of a DDoS. If the application is critical to your business and only requires internal access, you could even get a leased line to the provider, but this seems unlikely given the cost and complexity.
There are also non-technical mechanisms to minimize the cost from a cloud DDoS attack on a Web application hosted at a cloud provider. One is to negotiate DDoS protection or potential costs into the upfront contract. If you can’t get DDoS provisions in the contract, you may want to compare the potential cloud bandwidth costs from a DDoS on a cloud provider to the costs your organization incurred from the DDoS on your locally hosted Web application, including the staff time to respond. If the costs of the additional usage fees are less than the costs your organization incurred from the DDoS on your locally hosted Web application, the potential additional usage fees from a DDoS may not be a concern.
Dig Deeper on DDoS attack detection and prevention
Related Q&A from Nick Lewis
Can Structured Threat Information eXpression improve threat intelligence sharing? Nick Lewis breaks down the evolution of the STIX security framework.continue reading
A new type of WordPress malware, WP-Base-SEO, disguises itself as an SEO plug-in that opens backdoors. Nick Lewis explains how it works and how to ...continue reading
A new exploit of CLDAP servers can be used for a DDoS reflection attack that gives attackers a 70x boost. Nick Lewis explains how to defend against ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.