Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Is cloud-based DDoS mitigation better than in-house DDoS protection?

Discover the benefits of cloud-based DDoS mitigation and uncover when a cloud service is more viable than in-house DDoS protection.

I heard about a new type of service that's available -- cloud-based DDoS mitigation. When should I consider utilizing...

cloud-based services such as this in my enterprise? Are there benefits of employing cloud-based vs. in-house services?

Ask the expert

Have questions about network security for our experts? Send them via email today! (All questions are anonymous.)

If cloud-based distributed denial-of-service (DDoS) attack protection is within your organization's budget, I definitely suggest leveraging it. The benefits of these services far outweigh the costs of purchasing and maintaining a traditional DDoS-prevention device that resides on your local network, especially if you are a small to medium-sized business (SMB). Oftentimes it is more economically feasible to outsource DDoS protection rather than hire the personnel and purchase the infrastructure. I liken this to the Web hosting paradigm that has been made popular by GoDaddy and other such companies -- rarely will you see SMBs hosting their own websites. I'm quite certain that this paradigm will hold true for many security services in the future -- not the least of which will be DDoS mitigation.

As to your second question, there really isn't much of a benefit to performing this function in-house over adopting a cloud service. While some might argue that they prefer to own the entire DDoS mitigation process due to either their high likelihood of facing a DDoS attack or simply their desire for control, others may argue that they simply do not have the budget to outsource services such as this. Different businesses may deem certain aspects of their budget better spent elsewhere. One thing that I would keep in mind, however, is that as the cloud-based security paradigm matures, the different packages offered by cloud-based vendors will likely become significantly cheaper, not to mention that vendor lock-in risk is greatly reduced; it's far easier to transition from one service to another than it is to buy and implement a brand new device.

This was last published in February 2014

Dig Deeper on DDoS attack detection and prevention