I heard about a new type of service that's available -- cloud-based DDoS mitigation. When should I consider utilizing...
cloud-based services such as this in my enterprise? Are there benefits of employing cloud-based vs. in-house services?
Ask the expert
Have questions about network security for our experts? Send them via email today! (All questions are anonymous.)
If cloud-based distributed denial-of-service (DDoS) attack protection is within your organization's budget, I definitely suggest leveraging it. The benefits of these services far outweigh the costs of purchasing and maintaining a traditional DDoS-prevention device that resides on your local network, especially if you are a small to medium-sized business (SMB). Oftentimes it is more economically feasible to outsource DDoS protection rather than hire the personnel and purchase the infrastructure. I liken this to the Web hosting paradigm that has been made popular by GoDaddy and other such companies -- rarely will you see SMBs hosting their own websites. I'm quite certain that this paradigm will hold true for many security services in the future -- not the least of which will be DDoS mitigation.
As to your second question, there really isn't much of a benefit to performing this function in-house over adopting a cloud service. While some might argue that they prefer to own the entire DDoS mitigation process due to either their high likelihood of facing a DDoS attack or simply their desire for control, others may argue that they simply do not have the budget to outsource services such as this. Different businesses may deem certain aspects of their budget better spent elsewhere. One thing that I would keep in mind, however, is that as the cloud-based security paradigm matures, the different packages offered by cloud-based vendors will likely become significantly cheaper, not to mention that vendor lock-in risk is greatly reduced; it's far easier to transition from one service to another than it is to buy and implement a brand new device.
Dig Deeper on DDoS attack detection and prevention
Related Q&A from Brad Casey
Allowing users to tunnel through a firewall to access any site creates a security risk. How big of a risk is it? It depends on how much you trust ... Continue Reading
Our IT organization needs to secure customer names, but also needs to conduct searches on the entire customer database to match and merge records. Continue Reading
Don't treat physical and virtual machines' security differently. Since VM security issues threaten the whole infrastructure, here's how to stop ... Continue Reading