The eighth annual Worldwide Infrastructure Security Report, from security provider Arbor Networks, reveals how both cloud service providers and traditional data centers are under attack. The report examined a 12-month period and asked 200 security-based questions of 130 enterprise and network operations professionals. The key findings follow:
- 94 percent of data center managers reported some type of security attacks
- 76 percent had to deal with distributed denial-of-service (DDoS) attacks on their customers
- 43 percent had partial or total infrastructure outages due to DDoS
- 14 percent had to deal with attacks targeting a cloud service
[ Get the no-nonsense explanations and advice you need to take real advantage of cloud computing in InfoWorld editors' 21-page Cloud Computing Deep Dive PDF special report. | Stay up on the cloud with InfoWorld's Cloud Computing Report newsletter. ]
The report concluded that cloud services are very tempting for DDoS attackers, who now focus mainly on private data centers. It's safe to assume that, as more cloud services come into use, DDoS attacks on them will become more commonplace.
Arbor Networks is not the only company that cites the rise of DDoS attacks on cloud computing. Stratsec, in a report published last year, stated that some cloud providers are being infiltrated in botnet-style attacks.
This should not surprise anyone. In my days as CTO and CEO of cloud providers, these kinds of attacks were commonplace. Indeed, it became a game of whack-a-mole to keep them at bay, which was also the case at other cloud providers that suffered daily attacks.
The bitter reality is that for cloud computing to be useful, it has to be exposed on public networks. Moreover, cloud services' presence is advertised and the interfaces well-defined. You can count on unauthorized parties to access those services, with ensuing shenanigans.
The only defense is to use automated tools to spot and defend the core cloud services from such attacks. Over time, the approaches and tools will become better, hopefully to a point where the attacks are more of a nuisance than a threat.
The larger cloud providers, such as Amazon Web Services, Hewlett-Packard, Microsoft, and Rackspace, already have good practices and technology in place to lower the risk that these attacks will hinder customer production. However, the smaller cloud providers may not have the resources to mount a suitable defense. Unfortunately, I suspect they will make them the primary targets.
This article, "As cloud use grows, so will rate of DDoS attacks," originally appeared at InfoWorld.com. Read more of David Linthicum's Cloud Computing blog and track the latest developments in cloud computing at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.