We're interested in moving some of our Web applications to a cloud provider, but one of my concerns in particular...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
is distributed denial-of-service (DDoS) attacks (which our enterprise has experienced before). I'm afraid that if attackers try to overload our Web apps in the cloud, they'll end up costing us a fortune in cloud usage charges. Are there ways to prevent this from happening?
Preventing a distributed denial-of-service, or DDoS attack against any resource, local or cloud-based, may be difficult to impossible to do, but minimizing the impact from a DDoS attack should be a priority if the Web application is critical to your business.
One option is to take the opportunity to rewrite your Web application when it is moved to the cloud to minimize the impact from a DDoS attack and take advantage of any new security functionality from the cloud provider, like high availability failover if a system is unavailable from a DDoS attack. Depending on the type of cloud provider and service utilized, you could add your own DDoS protections in the application infrastructure, but you would still need to rely on the cloud provider’s ISP to respond to a DDoS. You could use a content distribution network to further reduce the impact from a DDoS, but many cloud providers already have sufficient distributed resources to help minimize the effect of a DDoS. If the application is critical to your business and only requires internal access, you could even get a leased line to the provider, but this seems unlikely given the cost and complexity.
There are also non-technical mechanisms to minimize the cost from a cloud DDoS attack on a Web application hosted at a cloud provider. One is to negotiate DDoS protection or potential costs into the upfront contract. If you can’t get DDoS provisions in the contract, you may want to compare the potential cloud bandwidth costs from a DDoS on a cloud provider to the costs your organization incurred from the DDoS on your locally hosted Web application, including the staff time to respond. If the costs of the additional usage fees are less than the costs your organization incurred from the DDoS on your locally hosted Web application, the potential additional usage fees from a DDoS may not be a concern.
Dig Deeper on Denial of Service (DoS) Attack Prevention
Related Q&A from Nick Lewis
Attackers can use the SandJacking attack to access sandboxed data on iOS devices. Expert Nick Lewis explains how to protect your enterprise from this...continue reading
Malicious Windows BITS tasks set up by attackers can reinfect systems even after the malware has been removed. Expert Nick Lewis explains how to ...continue reading
ZCryptor ransomware can self-replicate through autorun files placed on removable storage devices. Expert Nick Lewis explains how your enterprise can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.