Asia to see rise in cloud DDoS security biz

COMMUNICASIA, SINGAPORE--With the rise of cloud services adoption, businesses also have escalating security concerns over distributed denial of service (DDoS) attacks, and that presents an opportunity for carrier service providers to offer cloud-based DDoS protection, which one industry executive adds is set to gain traction in Asia.

Among enterprises, the constant discussion around cloud to make it "sexy and pervasive" to customers cannot ignore the question of what happens when the cloud service becomes unavailable due to an attack, said Lau Kok Khiang, director for Asia-Pacific IP division at Alcatel-Lucent. There is hence "strong pent-up demand" for cloud-based DDoS protection, for which carrier cloud services are in a good position to provide, he said. Lau was presenting at the Telco Rising Cloud conference in CommunicAsia here Tuesday.

Large attacks have become commonplace, and enterprises are basically losing the arms race in the Internet security space, Lau described. Among the various DDoS attacks in 2011 alone that saw businesses worldwide suffer a "great amount of damage" involved Sony PlayStation Network, the Hong Kong stock exchange, Visa, MasterCard, PayPal, and WordPress, he pointed out.

The executive emphasized that cloud-based DDoS security was a "win-win" scenario for both the service provider and enterprise customers. For the service provider, it is a new revenue opportunity, which also complements existing enterprise services such as virtual private network (VPN) and business broadband. Additionally, this could help drive customer stickiness, Lau said. That is because from the customers' point of view, having cloud-based DDoS protection ensures 24-by-7 availability of the cloud services they use, which mean better safeguards for their enterprise assets such as confidential client data, he added.

On the event sidelines, Lau told ZDNet Asia that cloud DDoS security is set to gain traction in Asia, due to increasing awareness of the risks and prevalence of DDoS.

This will prompt companies to consider cloud DDoS protection as added security measures, in order to ensure their service availabilities meet customer demands as well as industry-specific regulations. Also, apart from commercial entities, governments in the region are also pushing the message that organizations need to protect themselves from becoming the next victim of an attack, he added, referring to the massive DDoS attacks that disrupted Internet services in Myanmar in November 2010.

Another speaker at the conference, Anisha Travis, partner at law firm Webb Henderson, said while the cloud has benefits and opportunities for businesess, they should go into space with "their eyes open". In other words, they need to understand and prepare for mitigate the major risks associated with cloud, one of which is service levels, she pointed out during her presentation.

It is essential that service level agreements (SLAs) are well-drafted for specific service levels and must also include "practical remedies" when there is downtime or outage, Travis advised. Customers cannot rely solely on the service provider, and should do their due diligence in clarifying ownership, consequences, and failures, she added.