What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

DDoS Attacks

October 21st, 2016 went into the annals of Internet history for the large scale Distributed Denial of Service (DDoS) attacks that made popular Internet properties like Twitter, SoundCloud, Spotify and Box inaccessible to many users in the US.

The DDoS attack happened in three waves targeting DNS service provider Dyn, resulting in a total of about three hours of service outage. The attack was orchestrated using a botnet of connected devices including a large number of webcams sold by a single manufacturer, which simultaneously made tens of millions of DNS requests on Dyn’s servers. Given the impact and severity, Dyn was quick to release a statement that more fully explained the incident from their side.

DDoS attacks can be carried out in many ways and can either target individual properties, or services that support a multiple Internet properties. DNS services are common targets because they are essential to the operation of cloud-based services.

Cyber Attacks are Getting Increasingly Sophisticated

There’s a growing trend of increasingly sophisticated DDoS attacks targeting governments, political organizations, financial institutions and businesses in general. Victims of high-profile breaches in recent years include Target, eBay, Home Depot, JPMorgan Chase, LinkedIn, FDIC and Ashley Madison, but these are only a few notable names.

Even as Government and private organizations embrace cloud-based services, attacks such as the one on 10/21 should compel them to reevaluate “all in on the cloud” approaches to platforms, applications and data. While I am not advocating completely pulling back from the cloud and into On-Premises systems, this is a situation that pleads for a diversified risk mitigation strategy.

Organizations need to have solutions in place that will not interrupt operations and kill productivity during situations like this. As we have always advocated, a hybrid solution can certainly mitigate risk and give organizations alternative ways to work in the event of attacks or outages.

The Polarity Problem

A major problem for many organizations is their polar philosophies around infrastructure, the thinking that everything has to be in one place or another – either in the cloud or on-premises. Here’s where hybrid approaches come into their own. What if your application ran on the public cloud, but failed over to an on-premises or private cloud instance in the event of a public-cloud outage? What if your content (data) could reside in the cloud, on-premises or in both places simultaneously, depending how business critical, voluminous or regulated it is?

Consider the Enterprise File Synchronization and Sharing (EFSS) solution space. Cloud-only providers like Box and Dropbox – that emerged as consumer services and subsequently moved into the business segment – arguably don’t account for the mission-critical use cases of governments and businesses, and their need for business continuity in the event of such outages.

Consider how your organization will be impacted if all its corporate information resided in the cloud, and a DDoS attack or other form of cyber attack (or even a natural calamity) brought the cloud infrastructure down for several hours. How will it affect employee productivity? What would the revenue impact be? How would your brand image be affected?

For most organizations, the impact of a cloud outage will be very significant. As such, exploring hybrid approaches becomes mission critical.

Hybrid is the Answer

MJM, a marketing and communications agency owned by WPP, initially used a cloud-only EFSS service for file sharing and collaboration but moved over to Egnyte a few years ago after realizing that what it really needed was a hybrid file sharing solution. Thankfully they did, as disaster struck in 2012 during Hurricane Sandy, devastated the Northeast Coastline in the United States. With no internet and power going in and out, the employees at MJM were still able to work through the disaster and not lose any time or money.

DDoS Attacks

When it comes to the enterprise, we have a steadfast philosophy that:

1) Enterprises need purpose-built solutions. From our inception, we’ve had a razor-sharp focus on serving the file sharing needs of organizations rather than consumers.

2) While we enthusiastically embraced the cloud, we’ve always been aware that our customers need safeguards. Our hybrid approach to file sharing allows customers to leverage the advantages of both cloud and on-premises infrastructures for agility, reliability and business continuity.

If your cloud provider suffers an outage, a hybrid solution can seamlessly failover to your on-premises infrastructure and ensure that users, business processes and workflows remain unaffected. What’s more, these solutions can seamlessly failover to your on-premises infrastructure and ensure that users, business processes and workflows remain unaffected.

It is best to assume that Internet outages are inevitable, and plan for continued access to essential files when your cloud infrastructure or Internet connectivity become unavailable. When the next outage occurs, will you be prepared?

By Kris Lahiri, VP Operations and Chief Security Officer

Darach Beirne

Take Control of Telecom by Being Your Own Carrier

Being Your Own Carrier Departments and organizations of all sizes and across all industries are transitioning away from traditional hardware IT systems and embracing SaaS-based cloud offerings. The global pandemic has spurred greater cloud adoption, ...
Mark Barrenechea

The Digital Era Moves Into The Information Era

We have entered the Information Era Building on the groundwork of automation, connectivity and computing power that defined digital, the Information Era is characterized by our unprecedented ability to capture, store and make sense of ...
Tunio Zafer

Questions To Ask Every Cloud Storage Provider

Cloud Storage Provider Questions As with many new technologies, attitudes toward cloud storage vary. Telephones were immobile; wearables perhaps unwarranted. And now, the global cloud storage market was estimated at $21.1 7 billion in 2015, ...
Patrick Joggerst

Session Border Control as a Service: Faster, More Secure and Dramatically Less Complex Enterprise Communications

Session Border Control as a Service As businesses are increasingly moving to cloud-based unified communications (UC) for improved collaboration and productivity, they must also ensure that their networks and systems are as secure as possible ...
Mark Barrenechea

So are Bad and Stranger Things—the Negative Impact of Technology

Negative Impact of Technology Cyberattacks and information breaches are happening every day, from influencing the outcomes of elections to bringing down businesses to massive data breaches of personal information. In fact, every 39 seconds a ...
Patrick Joggerst

From Virtualization to Cloudification: Transforming Networks, Now What?

Virtualization to Cloudification As we head into the next decade of telecommunications network technology transformation, we find ourselves at a pivotal moment as the era of virtualization becomes the new era of cloudification. Real-time communications ...