Data-centres and the DDoS risk
It is imperative that cloud users ensure that their vendor(s) of choice can provide the visibility and protection they need.
Cloud adoption continues to accelerate as businesses look to reap the cost, scale and flexibility benefits that are on offer. Whether a business uses a large, well-known public cloud operator or one of the smaller, more focused, specialist cloud / outsourcing organisations they are becoming more reliant on data and application services which are, in most cases, accessible via the Internet.
Unfortunately, this means that access to these services is conditional on the availability of connectivity – and a significant threat here is a Distributed Denial of Service (DDoS) attack – a threat that exhausts the resources available to a network, application or service so that genuine users cannot gain access.
Increasing attacks on data-centres
According to Arbor’s Worldwide Infrastructure Security Report (WISR) the majority of data-centre operators now offer cloud services. In fact they are as common as managed hosting and colocation, demonstrating how rapidly ‘cloud’ has been adopted. Data-centres have been a magnet for DDoS activity for a number of years, but 2016 saw a step change with the WISR indicating that nearly two-thirds of data-centres saw DDoS attacks, with over 20 per cent of those seeing more than 50 attacks per month – a big jump from 8 per cent in 2015. Data-centres are now being targeted more frequently and with larger attacks, and they will only continue to grow.
Worryingly, Arbor’s WISR also revealed that 60 per cent of data-centre operators had seen an attack that completely saturated their Internet connectivity last year. This is significant, as if Internet bandwidth is completely saturated then all data-centre infrastructure is effectively cut-off from the outside world – regardless of whether it was a part of the original target. For cloud and data-centre environments ensuring shared infrastructure is protected is of utmost importance given the size and complexity of today’s DDoS attacks.
The weaponisation of DDoS has made it easy for anyone to launch a large volumetric or advanced multi-vector attack and this shows through in the data we have from data-centre operators. For example, 60 per cent of data-centres who experienced a DDoS attack in 2016 saw at least one attack that completely saturated their Internet connectivity – effectively disconnecting them, and their customers, from the connected world.
The impact of a successful DDoS attack to a data-centre operator can be significant from an operational and customer churn / revenue loss perspective. The proportion of data-centre operators experiencing revenue loss due to DDoS attacks grew from 33 per cent to 42 per cent from 2015 to 2016, with nearly a quarter of data-centre respondents to the WISR indicated that the cost of a successful DDoS attack was in excess of $100K, illustrating the importance of the right defensive services and solutions.
Before we discuss defences though, it is almost impossible to right a DDoS related article without mentioning IoT. 2016 was without doubt the year where weaponised IoT botnets came to the fore, with attacks against Dyn and more garnering significant media attention. Cloud processing of IoT related data is driving increases in scale for data-centre connectivity, but IoT devices can just as easily be subsumed into botnets and used to send unwanted DDoS traffic at those same data-centres. Given the numbers of IoT devices out there, the likelihood of an attack against one piece of cloud infrastructure having a broader impact is only going to increase.
Combating today’s attackers
To deal with high magnitude attacks, in most cases, data-centres need to leverage a cloud or ISP based DDoS protection service –and this is happening. Data-centre operators have been one of the top organisation types driving the growth in cloud and ISP managed DDoS protection services over the past couple of years. The WISR shows us that over a half of data-centre operators now implement layered DDoS protection, a proportion that has been steadily increasing year-on-year. This is the recognised best-practice and allows data-centre operators to protect themselves and their customers from the impact of an attack.
Layered DDoS protection employs a cloud and ISP based DDoS protection service to deal with high magnitude attacks, plus a defensive solution at the data-centre perimeter to proactively deal with more focused, advanced attacks. Integrating these two layers together, so that they work in harmony, can provide complete protection from the DDoS threat – protecting the availability of both infrastructure and customer services.
In fact, many data-centre operators are now leveraging the protections they have put in place to offer add-on, sticky DDoS protection services to their customers. Businesses are increasingly aware of both their dependence on cloud, and the threat DDoS poses, and are looking to ensure that their providers are adequately protected.
Technology and services are however only a part of the solution, having incident response plans in place is also important so that businesses can deal efficiently and effectively with any attack. Arbor’s WISR reveals that 57 per cent of data-centre operators carried out DDoS defence simulations in 2016, up from 46 per cent in 2015. This is very encouraging, as exercising incident responses plans, on at least a quarterly basis, is best-practice.
Future security of data centres
The data-centres that support cloud application and data services are becoming ever more important to our businesses, but with nearly two-thirds of data-centres experiencing DDoS attacks last year, and over 20 per cent of those seeing more than 50 attacks per month, it has never been more important to ensure the right defences are in place.
It is imperative that cloud users ensure that their vendor(s) of choice can provide the visibility and protection they need, and the telemetry that allows them to monitor what is going on. Increasingly customers of cloud services want a holistic view of the threats they face, across the 3 pillars of security and their cloud, on-premise data and applications services. This isn’t easy to achieve, but to balance the benefits of cloud against business risks it is something we need, especially in today’s cyber threat landscape.