Pros and Cons of Cloud Computing in dealing with DDoS

Stefan Fouant sfouant at shortestpathfirst.com
Thu Nov 5 18:06:47 UTC 2009


I'm working on an article on the Pros and Cons of Cloud Computing as an
effective strategy for dealing with DDoS.  I'd like to open this up for
debate and get some perspectives from folks on the list.

 

In a recent article in ITWire titled "DDoS, the biggest threat to Cloud
Computing", Roland Dobbins states that "DDoS attacks are one of the most
under-rated and ill-guarded against security threats to corporate IT, and in
particular the biggest threat facing cloud computing."  To a certain extent,
I agree with Roland, however, I also believe this perspective is
inconsistent with the view that the elasticity of cloud computing and
ability to scale resources on demand is a good way of dealing with the
problem.  The counterpoint to this is that I can also envision the cloud
computing model causing a shift from that of a DDoS to what some are calling
EDoS (Economic Denial of Sustainability).  In an EDoS, the elasticity of the
cloud and surplus of available resources might be used in such a way that
large botnets generating seemingly legitimate "targeted" requests for
service causing the victim to cloudburst in order to keep pace with the
scale of the requests.  Even though the victim can sustain business
operations, the cost of doing so may be so exorbitantly expensive that to do
so threatens economic sustainability.

 

Roland also states "The cloud providers emerging as leaders don't tend to
talk much about their resiliency to DDoS attacks".  Which brings about
another point - are there any cloud providers taking a proactive look at
dealing with this problem and deploying effective countermeasures for
dealing with this in their environments?  What motivation would cloud
providers have to deploy DDoS mitigation services and/or services which can
distinguish between legitimate resource consumption vs. targeted resource
consumption, especially if their revenues are driven from service
availability and potential expansion of resource utilization?

 

Stefan Fouant

GPG Key ID: 0xB5E3803D

 




More information about the NANOG mailing list