As companies accelerate their adoption of cloud technologies – like infrastructure as a service (IaaS) or software as a service (SaaS) – the need for solutions that provide secure access and reliable operations in the cloud increase in importance. Since your data will now reside in several different facilities, with different providers or partners, you now have a new “security perimeter” to monitor and defend. As such, the need to closely evaluate how cloud-based data is protected should be part of the overall security strategy. A top area of concern is defending applications from distributed-denial-of-service (DDoS) attacks.
A truly unfortunate example of this happened just this week. Code Spaces, a source code hosting provider, was the victim of an assailant who used a combination of tools to compromise their entire Amazon Web Services-based architecture. The threat began with an attempt to extort money from Code Spaces in exchange for stopping a multi-vector DDoS attack. It ended with the attacker gaining control of the AWS console from Code Spaces and deleting almost all of the data stored in the cloud. The resulting data loss – and payment of SLA remedies – means Code Spaces will no longer be able to operate as a company.
Such an outcome is rare, but illustrates an important point – if you’re planning to move to the cloud, one of the first steps to take is creating a plan for dealing with the pervasive and growing threat that DDoS presents. Most companies do not believe they have been a victim of a DDoS attack, so implementing the appropriate protections falls down the list of priorities for IT budgets. In truth, most companies lack the detection tools to know how many attacks have been successfully completed against their digital assets. IaaS and SaaS providers are uniquely capable of helping with creating a substantial defense against DDoS attacks.
A proactive approach by the customer should include an evaluation of the DDoS mitigation capabilities of a cloud provider. I recently wrote an article on IT Business Edge that lists some of the burning issues you should look for when adopting a DDoS mitigation strategy for a cloud-based solution. You can find that article here.