DDoS is a threat to the cloud just as DDoS is a threat to any other service when you fail to implement protection. Our company recently put out a DDoS mitigated cloud product specifically for high risk clients. Best regards, Jeff On Thu, Nov 5, 2009 at 1:06 PM, Stefan Fouant <sfouant@shortestpathfirst.com> wrote:
I'm working on an article on the Pros and Cons of Cloud Computing as an effective strategy for dealing with DDoS. I'd like to open this up for debate and get some perspectives from folks on the list.
In a recent article in ITWire titled "DDoS, the biggest threat to Cloud Computing", Roland Dobbins states that "DDoS attacks are one of the most under-rated and ill-guarded against security threats to corporate IT, and in particular the biggest threat facing cloud computing." To a certain extent, I agree with Roland, however, I also believe this perspective is inconsistent with the view that the elasticity of cloud computing and ability to scale resources on demand is a good way of dealing with the problem. The counterpoint to this is that I can also envision the cloud computing model causing a shift from that of a DDoS to what some are calling EDoS (Economic Denial of Sustainability). In an EDoS, the elasticity of the cloud and surplus of available resources might be used in such a way that large botnets generating seemingly legitimate "targeted" requests for service causing the victim to cloudburst in order to keep pace with the scale of the requests. Even though the victim can sustain business operations, the cost of doing so may be so exorbitantly expensive that to do so threatens economic sustainability.
Roland also states "The cloud providers emerging as leaders don't tend to talk much about their resiliency to DDoS attacks". Which brings about another point - are there any cloud providers taking a proactive look at dealing with this problem and deploying effective countermeasures for dealing with this in their environments? What motivation would cloud providers have to deploy DDoS mitigation services and/or services which can distinguish between legitimate resource consumption vs. targeted resource consumption, especially if their revenues are driven from service availability and potential expansion of resource utilization?
Stefan Fouant
GPG Key ID: 0xB5E3803D
-- Jeffrey Lyon, Leadership Team jeffrey.lyon@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to "protect your booty."