According to the Identity Theft Resource Center, there had already been 744 data breaches and over 81 million recorders were exposed in the U.S. by Dec. of 2014, an increase of 24.8 percent over the same period last year. A 2013 survey conducted by the National Small Business Association found that 78 percent of organizations have experienced at least one data breach over the last two years. Not to mention the many high-profile security breaches that the big-name brands suffered in 2014, including Google (News - Alert).
Other than data breaches, attacks on data centers take many forms. CloudFlare, a CDN and anti-DDoS services provider and OVH, a large hosting provider in Europe, both reported NTP amplification attacks exceeding 350Gbps. 2014 could reasonably be called the “Year of the DDoS Attack.” Since the beginning of this year, hosting providers have begun to see an increase in multiple Network Time Protocol (NTP) amplification and reflection DDoS attacks.
In fact, earlier this year, a major data center in Australia detected a new, large-scale NTP amplification attack called a Combination Distributed Reflective Denial of Service (CDRDoS). Before the attack took place, the data center had seen the writing on the cybersecurity wall and updated its services to provide a variety of data scrubbing options for its clients in order to detect and mitigate DDoS threats. The implementation of the DDoS mitigation system couldn’t have come at a better time.
When the NTP attack occurred, the data center was pleased to find that the system did what it was designed to do: defend the data of the customer under attack while preventing the attack from interrupting its own business operations. Both the data center and its customers were able to stay online and conduct business as usual.
Being a Hosting Provider is No Longer Enough
As attack vectors increase, many hosting providers find that they need to ramp up their security offerings, essentially becoming a Security as a Service organization. The good news is that if implemented and managed properly, adding security as a service has the potential to generate new revenue streams for many hosting centers.
If you are a hosting or service provider company, whether it be website hosting, cloud computing, network, etc., it is time for you to take a good look at providing anti-DDoS as a marketable service. Typically, when an attack occurs, the customer’s site is shut down – either by the hosting provider in an effort to protect its other customers, or by the attack itself. To prevent this kind of downtime, your customers will gladly pay extra for this anti-DDoS service.
What are the steps you should investigate when looking to offer Security as a Service? Here are three best practices to help you get started.
Whichever route you choose, you will have built a well-rounded offering that enhances your brand. Your customers will be happy because they are not being “black-holed” (the process of shutting down the customer’s network access, thus sending all inbound requests into a proverbial black hole). You will be happy because potential attacks won’t impact your other customers. Best of all, you have the opportunity to generate additional revenue.
About the Author: Joe Eskew, vice president of NSFOCUS, previously served as the VP of worldwide sales - virtualization at Oracle (News - Alert). He played key roles at technology leaders IBM, Xerox PARC, Andersen Consulting, Citrix and Network Associates (McAfee/Intel). He graduated from the University of Southern California.