By Bashar Bashaireh, Managing Director, Middle East & Turkey, Cloudflare
With a shift to digital transformation, enterprises face new challenges and opportunities for growth — from anticipating and meeting customers’ digital needs to mounting a strong defense against web-based attacks, overcoming latency issues, preventing site outages, and maintaining network connectivity and performance.
When optimising the online customer experience, enterprises need to adopt a strategy that integrates robust site security, performance, and reliability. Although this strategy involves many components, here are five key considerations that can help businesses meet customer needs and provide a secure and seamless user experience:
Leverage DNS and DNSSEC support to maximise availability and uptime
Frequently referred to as the ‘phone book of the Internet,’ DNS (domain name system) translates domain names into numeric IP addresses and enables browsers to load Internet resources. As DNS attacks become more prevalent, businesses are starting to realise that a lack of a resilient DNS creates a weak link in their overall security strategy.
There are multiple approaches that companies can take to deploy a resilient DNS strategy. They can get a managed DNS provider that hosts all DNS records, offers query resolution at multiple nodes globally, and provides integrated DNSSEC support. DNSSEC adds a layer of security to the domain name system by adding cryptographic signatures to existing DNS records. Companies can also build additional redundancy by deploying a multi-DNS strategy — even if the primary DNS goes down, secondary DNS helps keep the applications online. Large enterprises that prefer to maintain their own DNS infrastructure can implement a DNS firewall in conjunction with a secondary DNS. This setup adds a security layer to the on-prem DNS infrastructure and helps ensure overall DNS redundancy.
Accelerate content delivery by routing traffic across the least-congested routes
Today, the majority of web traffic is served through Content Delivery Networks (CDNs), including traffic from major sites like Amazon and Facebook. A CDN is a geographically distributed group of servers that help provide fast delivery of Internet content to globally dispersed users and can also reduce bandwidth costs.
With servers in multiple locations around the globe, a CDN is able to distribute content closer to website visitors, and in doing so, reduce any inherent network latency and improve page load times. CDNs also serve static assets from cache across their network, reducing the number of requests being made to hosted web servers and resulting in lower bandwidth and hosting costs.
Minimise the risk of site outages by globally load balancing traffic
Maximising server resources and efficiency can be a delicate balancing act. Cloud-based load balancers distribute requests across multiple servers in order to handle spikes in traffic. The load balancing decision takes place at the network edge, closer to the users — allowing businesses to boost response time and effectively optimise their infrastructure while minimising the risk of server failure.
Protect web applications from malicious attacks
When securing web applications and other business-critical properties, a layered security strategy can help defend against many different kinds of threats.
- Web application firewall protection – A web application firewall, or WAF, protects web applications by filtering and monitoring HTTP traffic. Cloud-based WAFs are typically the most flexible and cost-effective solution to implement, as they can be consistently updated to protect against new threats without significant additional work or cost on the user’s end.
- DDoS attack protection – A DDoS attack is a malicious attempt to overburden servers, devices, networks, or surrounding infrastructure with a flood of illegitimate Internet traffic. By consuming all available bandwidth between targeted devices and the Internet, these attacks not only cause significant service disruptions, but have a tangible and negative impact on business as customers are unable to access a business’s resources.
- Malicious bot mitigation – Sites may become compromised when targeted by malicious bot activity, which can overwhelm web servers, skew analytics, prevent users from accessing webpages, steal user data, and compromise critical business functions. By implementing a bot management solution, businesses can distinguish between useful and harmful bot activity and prevent malicious behaviour from impacting user experience.
Keep your network up and running
- Protect your network infrastructure – It’s not enough to just protect web servers. Enterprises often have on-premise network infrastructure hosted in public or private data centres that needs protection from DDoS attacks, too. Many DDoS mitigation providers rely on one of two methods for stopping an attack: scrubbing centres or on-premise scanning and filtering via hardware boxes. The problem with both approaches is that they impose a latency penalty that can adversely affect a business. A better way to detect and mitigate DDoS attacks is to do so close to the source — at the network edge. By scanning traffic at the closest data centre in a global, distributed network, high service availability is assured, even during substantial DDoS attacks. This approach reduces the latency penalties that come from routing suspicious traffic to geographically distant scrubbing centres. It also leads to faster attack response times.
- Protect TCP/UDP applications – At the transport layer, attackers may target a business’s server resources by overwhelming all available ports on a server. These DDoS attacks can cause the server to respond slowly to legitimate requests — or not at all. Preventing attacks at the transport layer requires a security solution that can automatically detect attack patterns and block attack traffic.
In conclusion, creating a superior online experience requires the right security and performance strategy — one that not only enables enterprises to accelerate content delivery, but ensures network reliability and protects their web properties from site outages, data theft, and other critical attacks.