Three measures for higher safety and availability

Cloud services are being used more and more frequently. As a result, more and more applications are accessible via the web - whether in the B2C or B2B environment. Confidential, private and business data is therefore no longer located in data centers shielded from the Internet or on end devices in company VPNs. This data, which requires protection, must therefore be secured in a special way. As a result, companies are confronted with completely new security requirements, because the number and complexity of cyber attacks is constantly increasing. In three recommendations Akamai Technologies on how companies can protect themselves and their data while improving the performance and availability of their web applications.

1. effectively protect IT infrastructure and data in the cloud

The rapid spread of the cloud has significantly changed the security situation for all stakeholders. For hackers and other malicious actors, the cloud offers multiple entry points for cyber attacks. The scope and complexity of cyber-attacks are constantly increasing. If companies protect themselves traditionally, this can result in data loss, data theft, downtime due to DDoS attacks, as well as associated revenue loss and unquantifiable damage to the brand's image. The security of IT infrastructures, applications and data in the cloud must therefore be a priority. When developing a security strategy for the cloud, companies should implement the model of multi-dimensional protection, taking into account important issues such as maximum scalability, decentralized deployment of the DDoS service, and optimal monitoring for maximum transparency.

• Scalability means that the solution should be able to defend against the largest DDoS attacks known to date. If this capability is not met, there is a risk that the website will no longer be accessible in the event of an attack. A cloud-based solution already acts where attacks originate and can fend off DDoS attacks even before they reach the IT infrastructure and the web applications running on it. In addition, the solution provider should have extensive experience in defending against attacks of all types and sizes.
• It is also important for a cloud-based solution to operate in a distributed manner across many locations in order to be able to detect and defend against attacks at the point of origin on the basis of comprehensive real-time analyses.
• A cloud-based solution should enable continuous monitoring and evaluations of the current threat situation.

2. ensure high performance

Performance is a very broad term, which in the present context refers to the response speed and loading times of websites and applications. If users' expectations are not met, they leave an online store without buying anything, the transaction at an online bank cannot be completed, or an online gamer who cannot play smoothly may switch to the competition.

• Web application providers should therefore use content delivery network (CDN) services to ensure that the additional computing, storage and bandwidth capacities are available in a flexible and scalable manner, even at peak times.
• In order to deliver applications and websites so quickly that customer expectations are met or even exceeded, the distributed infrastructure of a global CDN is required. As many elements and data of the web application as possible are provided locally and regionally on the servers of the distributed CDN and delivered to the users from there. From the user's point of view, this ensures better performance of the application.
• To optimize the individual online experiences of their end users, intelligent tools are needed that provide real-time measurement from the website or an application all the way through the Internet to the actual end user.

3. plan for high availability

Downtime can occur in many components of the cloud architecture: Servers, storage systems, applications, databases, in the network or infrastructure used by a cloud provider. While performance problems "only" cause delays, downtime has serious consequences. Since the availability of the cloud infrastructure is a mission-critical matter, it must be carefully designed and implemented.

• Scaling with regard to high availability means that sufficient capacities are available flexibly to deliver the websites and applications with high performance even during peak traffic times. In addition, there should be secondary sites for both the IT architecture and the web applications that can be activated in the event of a failure. A secondary site should be available either in the company's own data center or in a second data center of the cloud provider.
• In order to be able to offer customers high availability, operators of online stores, for example, must ensure that the workloads are located as close as possible to the end users with the help of the cloud services of a CDN. By providing potential secondary sites in the CDN's globally distributed server network, precautions can be taken to ensure that business-critical applications do not experience downtime lasting several hours as a result of cyber attacks or hardware failures, for example.
• High availability can only be ensured if a monitoring solution records data from all central components of the cloud infrastructure in real time. The spectrum here ranges from servers, storage systems and network traffic in the cloud provider's data center to measurements on the transmission path and loading times on the users' end devices. Real-time monitoring, as offered by a CDN service, enables potential problems to be identified at an early stage and countermeasures to be taken.

"Successful cloud deployment requires extensive preparations in security, performance and availability to ensure that a website and web applications are available in the event of DDoS attacks and targeted attacks on applications," says Juergen Metko of Akamai. "Cloud-based security solutions offer a crucial complement and extension to traditional security solutions in this regard. Companies must therefore check whether they have implemented all the necessary organizational and security measures before moving into the cloud."