Will companies face hosting bill shock for DDoS attacks?
Firms are turning to the cloud for cost savings and scalability, but what happens if a company is struck by a denial-of-service attack?
Some cloud hosting firms charge on the basis of the number of requests made to the server, but that scalability could be a problem if the company is targeted by a DDoS attack.
That potential problem was raised by our Real World Computing columnist Mark Newton, who looks into such cloud computing security quandaries in the forthcoming issue of PC Pro, on sale 14 April.
We surveyed some of the biggest cloud providers to establish their policies on charging customers that have been the victim of a DDoS attack.
Microsoft said its Azure cloud hosting system has security measures in place to mitigate such an attack, but if they prove insufficient, the company may also drop charges for DDoS victims.
If we are able to verify that the charges are a result of a DDoS attack, Microsoft will make a decision to not charge the customer for resource utilisation
“If we are able to verify that the charges are a result of a DDoS attack, Microsoft will make a decision to not charge the customer for resource utilisation,” a Microsoft spokesperson told PC Pro.
However, the company was unable to confirm if that guarantee was actually written into the terms and conditions for Azure, and if any DDoS victims had yet to benefit from it, leaving customers unsure exactly how much protection was on offer.
With Amazon and Google’s App Engine, customers can set maximum budgets by the hour and the day, so if real or malicious demand drives the bill past the set amount, it simply tops out.
However, Google notes in its App Engine FAQs that any customer who can prove via their log files that they’ve been attacked “may be issued a credit for the service for this period of time.”
Amazon didn’t get back to us on whether such a rebate will be available to its customers.
In other words, some cloud providers may offer rebates, but they may not – so keep such potential dangers in mind when considering the savings offered by a switch to cloud computing.