Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS


October 21st, 2016 went into the annals of Internet history for the large scale DistributedDenial of Service ( DDoS ) attacks that made popular Internet properties like Twitter,SoundCloud, Spotify and Box inaccessible to many users in the US.

The DDoS attack happened in three waves targeting DNS service provider Dyn, resulting in atotal of about three hours of service outage. The attack was orchestrated using a botnet ofconnected devices including a large number of webcams sold by a single manufacturer, whichsimultaneously made tens of millions of DNS requests on Dyn’s servers. Given the impact and severity, Dyn was quick to release a statement that more fully explained the incident from their side.

DDoS attacks can be carried out in many ways and can either target individualproperties, or services that support a multiple Internet properties. DNS services are commontargets because they are essential to the operation of cloud-based services.

Cyber Attacks are Getting Increasingly Sophisticated
What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS
There’s a growing trend of increasingly sophisticated cyber attacks targeting governments,political organizations, financial institutions and businesses in general. Victims of high-profilebreaches in recent years include Target, eBay, Home Depot, JPMorgan Chase, LinkedIn, FDICand Ashley Madison, but these are only a few notable names.

Even as government and private organizations embrace cloud-based services, attacks such asthe one on 10/21 should compel them to reevaluate “all in on the cloud” approaches toplatforms, applications and data. While I am not advocating completely pulling back from the cloud andinto on-premises systems, this is a situationthat pleads for a diversified risk mitigation strategy.

Organizations need to have solutions in place that will not interrupt operations and kill productivity during situations like this. As we have always advocated, a hybrid solution can certainly mitigate risk and give organizations alternative ways to work in the event of attacks or outages.

The Polarity Problem

A major problem for many organizations is their polar philosophies around infrastructure, the thinking that everything has to be in one place or another either in thecloud or on-premises. Here’s where hybrid approaches come into their own. What if yourapplication ran on the public cloud, but failed over to an on-premises or private cloud instancein the event of a public-cloud outage? What if your content (data) could reside in the cloud,on-premises or in both places simultaneously, depending how business critical, voluminous orregulated it is?

Consider the Enterprise File Synchronization and Sharing (EFSS) solution space. Cloud-onlyproviders like Box and Dropbox that emerged as consumer services and subsequently movedinto the business segment arguably don’t account for the mission-critical use cases ofgovernments and businesses, and their need for business continuity in the event of suchoutages.

Consider how your organization will be impacted if all its corporate information resided in thecloud, and a DDoS or other form of cyber attack (or even a natural calamity) brought the cloudinfrastructure down for several hours. How will it affect employee productivity? What wouldthe revenue impact be? How would your brand image be affected?

For most organizations, the impact of a cloud outage will be very significant. As such,exploring hybrid approaches becomes mission critical.

Hybrid is the Answer

MJM, a marketing and communications agency owned by WPP, initially used a cloud-onlyEFSS service for file sharing and collaboration but moved over to Egnyte a few years ago after realizing thatwhat it really needed was a hybrid file sharing solution. Thankfully they did, as disaster struck in 2012 during Hurricane Sandy, devastated the Northeast Coastline in the United States. With no internet and power going in and out, the employees at MJM were still able to work through the disaster and not lose any time or money.

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

When it comes to the enterprise, we have a steadfast philosophy that:

1) Enterprises need purpose-built solutions. From our inception, we’ve had a razor-sharp focus on serving the file sharing needs of organizations rather than consumers.

2)While we enthusiastically embraced the cloud, we’ve always been aware that ourcustomers need safeguards. Our hybrid approach to file sharing allows customers toleverage the advantages of both cloud and on-premises infrastructures for agility,reliability and business continuity.

If your cloud provider suffers an outage, a hybrid solution can seamlessly failover to your on-premisesinfrastructure and ensure that users, business processes and workflows remain unaffected.What’s more, these solutions can seamlessly failover to your on-premises infrastructure and ensurethat users, business processes and workflows remain unaffected.

It is best to assume that Internet outages are inevitable, and plan for continued access toessential files when your cloud infrastructure or Internet connectivity become unavailable.When the next outage occurs, will you be prepared?

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS
By Kris Lahiri, VP Operations and Chief SecurityOfficer

Kris is a co-founder of Egnyte . He is responsible for Egnyte’s security and compliance, aswell as the core infrastructure, including storage and data center operations. Prior toEgnyte, Kris spent many years in the design and deployment of large-scale infrastructuresfor Fortune 100 customers of Valdero and KPMG Consulting.

Kris has a B.Tech inEngineering from the Indian Institute of Technology, Banaras, and an MS from theUniversity of Cincinnati.

Viewing all articles
Browse latest Browse all 12749