According to the CISO, "I've been following very closely a lot of the DDoS attacks and other recent attacks. The power is within the hands of the hackers and the people who can easily run a botnet and DDoS you, but once your website is behind CloudFlare, or Incapsula, or some other CDN, it can't be found."
There are other advantages to hiding behind big third-party providers, such as the redundancy afforded by the high-end infrastructure in their data centers. "If we have a carrier outage in one of our data centers, we are quadruple homed into our data centers so it makes it very easy for us to reroute around a carrier failure within seconds. If we had to failover DNS or something like that ourselves, there would be a five to 10 minute outage. Our third party host adds a lot of flexibility from an architecture standpoint. We can route just about anything, just about anywhere."
According to the CISO, the cost of hosting his infrastructure with third parties is another big benefit. "These hosting services are cheap relative to the value that they add," he says. His company is keeping the security infrastructure it already has, but it can avoid buying upgrades or replacements because Incapsula basically provides all the necessary security services. What's more, Incapsula caches so much of the company's content that the CISO says that Incapsula "probably pays for itself in bandwidth alone. They save us so much bandwidth that if we didn't have them we would be buying more bandwidth from our upstream carriers, and that isn't cheap."
Even as the DDoS attacks continue against U.S. financial institutions, the CISO is confident about his mitigation strategy. "For the payment sites, we just block off the whole world except for the United States," he says. "There is no reason we need anybody from outside the country to hit our sites. That takes about 75% of the threats and vulnerability scanning and SQL injections and all the other junk that comes with it -- it just bounces right off of them [the sites] and we don't even see it. Incapsula is just invaluable in reducing our attack surface."
These days it's possible to find every aspect of infrastructure as a hosted service. The ability to hide behind third party providers when hackers may be seeking you can bring real peace of mind.
Sign up for CIO Asia eNewsletters.