Distributed denial of service (DDoS) attacks have become a part of having a presence on the web. While the question used to be if you will be attacked, today it is only a matter of when. Because of this, it is more important than ever to have a defense strategy in place. But, for all the media coverage and attention any DDoS attack may receive, their purpose and how to best defend against them are not always well understood.
According to the 2016 Verizon data breach incident report (DBIR), DDoS and web app attacks have increased substantially over the last year. Successful data breaches of web app attacks where data was stolen increased from 7% to 40% with targeted data including:
- Credit card data
- Personal information
- Financial credentials
If you want to ensure that your business is ready for a DDoS attack there are a number of best practices you should keep in mind. What follow are 5 recommendations from our 10 years of experience managing over 80,000 servers. If you want an even more in depth overview, as well 5 more recommendations, you can download the full white paper here.
‘’A journey of a thousand miles begins with a single step’’ – Laozi
Since deciding to study Trade Management Asia at Amsterdam University of Applied Sciences in 2011, it has been my dream to live and work in Asia. When I graduated in 2015 I set out to turn this dream into a reality. Luckily, my journey of a thousand miles, or in this case 6,519.41 miles from Amsterdam to Singapore, started at LeaseWeb.
In September 2015, I was hired by LeaseWeb Netherlands as an Inside Sales Representative (ISR). I hadn’t until that point thought about working in the hosting industry, but sometime fate has a funny way of putting us in exactly the right place. The hosting industry is booming, interesting, and full of opportunities. As an ISR, my main task was to call existing customers and potential new businesses to create new and expand existing relationships. This experience provided me with the basis, or the infrastructure, for a deep understanding of the industry. Working in inside sales teaches you a considerable amount about the industry, customers, and, of course, the products and company itself. It also helps you to become persistent, and to quickly learn from and keep growing after failures.
Customers who are looking for a hosting solution, particularly those who currently have an on premise hosted IT environment and are considering colocation, often face a range of questions with regard to their infrastructure choices. We’ve put together a list of some of the common issues companies face when deciding between colocation and on premise hosting to help make it easier to choose between the two solutions.
In many cases, colocation offers several advantages in terms of IT management and business continuity. A hosted solution provides the benefit of the experience, knowledge and resources of the hosting provider. Additionally, the costs of running a datacenter on premises are usually high, and often will not show a return on investment unless a company can reach the necessary scale. Because of these factors, colocation is often an attractive option for many businesses.
Let’s look at some of the advantages of colocation in more detail:
In a hosted environment, the hosting provider takes the necessary precautions to ensure your data is available at all times. There are emergency services available in case of a power outage, such as power supplies, batteries, and generators (plus fuel, a supplier contract for fuel, and an SLA for refuelling). Fall-back scenarios are tested regularly to make sure these measures do not fail at crucial moments.
Hosting providers also have additional arrangements in place with an energy supplier for redundant energy connections that enter the building at different locations. Redundant Internet connections (that also enter the premise at different locations) and an agreement with the local authorities for possible excavation work (that could damage cables) are also standard.
As more and more organizations become familiar with the cloud, they are moving towards buying software as a services (SaaS) based on actual usage. In fact, it is predicted that SaaS will become the dominant software consumption model by 2018. According to Gartner, as this occurs the steep decline in maintenance fees will translate into a total revenue loss of up to 40% for Independent Software Vendors (ISVs). This means that ISV’s priorities are shifting, leading to changes in their current operating models.
Having been in the software industry for many years, I have seen first-hand what it means to transform from a traditional license and maintenance fee model to a subscription based SaaS. Through numerous discussions with ISVs with regard to transforming their business, what I’ve found is that while there is no single right approach, there a few common themes that always arise. What follow are 7 strategic considerations to keep in mind.
1. Should I build my own cloud?
Building your own cloud means that you have to invest substantially in infrastructure and in developing new capabilities. If your business has the scale to build a cloud in a cost-efficient way, including access to the technology, budgets, and the skilled resources to maintain the infrastructure, it can definitely be an opportunity. However, if you lack the scale of a larger enterprise, building a cloud solution probably won’t provide a competitive advantage, so it’s worth outsourcing to a partner who can meet your current needs and scale with you as you grow. Read the rest of this entry »
Fred Streefland, IT-Security Manager at LeaseWeb and Dave Maasland, CEO Eset Netherlands.
A version of this article originally appeared on Computable.
Recently we’ve had the opportunity (a quite fun and interesting opportunity), to visit a number of Information Security and Cyber Security congresses. During these congresses we were flooded with relatively ‘new’ developments such as Next-Generation, IoT (Internet of Things), IoT DDoS, Security Intelligence Platform, et cetera. The fact that some these terms have become ‘hype’ is not in itself a problem, but we did begin to wonder whether the security world may be looking at things in the wrong way and thereby missing the demands that need to be addressed.
In this article we will suggest a new way of looking at cybersecurity that stops viewing it as a goal in itself and instead as something that is directly connected to business needs. As it stands now, it seems that too many security-organizations are missing the mark.
Security can be quite complex, but its essence is quite simple. Security is nothing more than reducing or taking away risks, and making them visible so that the business can accept them and continue doing its work – nothing more, nothing less. To do this as effectively and efficiently as possible, we, as security-people, have to understand the business and not see it solely from an IT-Perspective but form the broader perspective of the business itself.
When starting from the business, we first have to identify, map, and categorize the risks for the specific business. Second, we have to determine, together with the business itself, which risks need to be dealt with in which order. When that’s done, the person responsible for security within the company has to set-up a security-plan that depicts how these changes are executed. When doing so, there should always be clear goals and deadlines. Ideally, this should be done in a ‘smart’ way, one step at a time, so as to not engage in too many projects at once.
Lesson 1: Start with the business (and its risks)
We’ve been using private cloud and CDN services to help one of the world’s best DJs to reach fans in ever more creative ways. Be one of the first to watch this video and see what DJ Hardwell really thinks of the support he’s got from LeaseWeb.
We are currently getting ready for some interesting sessions at Cloud Expo Europe and Cloud Security Expo. This will take place in Paris on 29 – 30 November. If you are attending the conference, it will be great if you can stop by the LeaseWeb stand (D40). Our engineers will be happy to discuss with you about migration to the cloud or how hybrid cloud fits your business needs.
We are also hosting the following two sessions:
Date and Time: Tuesday, 29 November 2016, 10:40 A.M.– 11:05 A.M.
Presenter: Julien Lehmann, Product Manager at LeaseWeb will address critical technical issues in combatting DDoS attacks. This session will take place at the Cloud Security Service Providers Theatre/Risk Compliance and Governance Theatre.
Date and Time: Wednesday, 30 November 2016, 10:10 A.M. – 10:35 A.M.
Presenter: Robert van der Meulen, Technical Evangelist at LeaseWeb, will discuss about Hybrid Clouds combine various types of infrastructure, allowing you to optimize them for specific workloads. This session will take place at the International Theatre.
If you do not have a ticket yet, you can get your free ticket here to access the Cloud Expo Europe and Cloud Security Expo locations. Hope to meet you there.
Data privacy is one of the hottest topics in all industries globally. Understanding the critical due diligence from a data privacy and sovereignty perspective will help mitigate risk.
Privacy is not a security issue
Today, we face other and more complicated challenges than ever before regarding data privacy. Privacy is not a matter of security. Privacy concerns the contents of data -personal data- and its storage, transfer, access and processing methodologies. Under EU law, personal data can only be gathered legally under strict conditions, for a legitimate purpose.
In this day and age tech-disruption causes new business models requiring even profounder use of data; leading to increased transfer of vast amounts of personal information across borders. GDPR and other data protections laws are being implemented to protect data from misuse, respecting the rights of the data owners. The rules are strict but data-privacy shows itself to be a wheel with many spokes.
The new currency
Data is currency, and the sense of urgency surrounding this is obvious; worldwide regulations develop fast and data leaks easily get in the eye of the (social) media storm causing heightened concern about privacy risk. The sanctions of the GDPR (4% of global annual revenue) will even hurt giants like Google, Apple and Microsoft. Times will change in benefit of privacy for the individual but conflict in data protection rules per country cause a bottleneck for business.
Challenges are plenty Read the rest of this entry »
We are happy to announce that we have started a strategic partnership with Northwave to offer clients advanced managed security services. LeaseWeb clients are now able to put their IT environments under the permanent protection of the Northwave Computer Emergency Response Team (CERT).
The partnership is set up to guide and advise LeaseWeb customers on all security related topics.
The new security services are delivered as a tailor made extension to the Leaseweb Private Cloud, Dedicated Hosting and co-location services and available December 1st 2016.
For more details, read our press release here.
Along with NetApp, we have hosted a round table discussion around “Data Privacy and Data Sovereignty: the challenges in the Cloud”.
Special guest speaker for the evening was Sheila FitzPatrick – Global Data Governance Counsel and Chief Privacy Officer at NetApp.
Sheila is one of the world’s leading experts in data privacy laws and works closely with the US Government, Council of the European Union, country-specific data protection agencies in Europe, Asia/Pacific, and America, as well as, National Works Councils, European Works Councils and Law Enforcement Agencies. She provides expertise and hands-on experience in the areas of global data protection compliance, data sovereignty, cybersecurity regulations and obligations, legal issues associated with cloud computing and big data, data breach compliance and management, and records management.
Data privacy is one of the hottest topics in all industries across the globe. Understanding the critical diligence from a data privacy and sovereignty perspective (as opposed to security) will help mitigate the risks as you embark on a cloud journey.
We would like to thank to all the attendees for their valuable contribution to the discussion. Here is where you can read more about the outcome.