Security versus performance: a tug of war?

As security threats have evolved over the past ten years, online retailers have been under increasing pressure to protect digital properties without impacting performance levels, all on a budget.

The performance and reliability of websites has become so critical for retailers that reconciling with the performance demands of customers and providing adequate security measures has become a tug of war for some.

The hacking community does not rest on its laurels; threats are doubling every year. Distributed Denial of Service (DDoS) attacks and SQL injections now account for more than 50 per cent of attacks, according to the Imperva hacker intelligence initiative. For e-commerce sites, an attack of sufficient severity can not only slow sales, but prevent completed transactions entirely.

Overwhelming a website to cause denial of service to legitimate traffic is only the beginning. Stealing Personal Identifiable Information (PII), mining sites and databases for corporate or state secrets and stealing intellectual property are all ‘fair game’ for today’s attackers.

Just having an opinion or association with a cause that perpetrators place a value on can make you a target for DDoS attacks. The recent debates on piracy bills such as SOPA saw organisations supporting legislation experience an increase in web attacks.

Security professionals believe they need to spend more time and money protecting their web assets, but in reality budget and resources are finite.

The other challenge is, the more complex a security infrastructure becomes, there is an impact on performance, which when related to operational efficiency can actually be more costly than an individual attack.

Some companies have employed services such as ‘traffic scrubbing’ and re-routing, but this impacts performance as traffic travels further, and incurs a performance degradation. The result of this is that some companies have even resorted to turning on these services once they are aware of an attack!

There are no silver bullets in security but attacks that are massive in scale and distribution need to be controlled by security infrastructures that can dynamically deal with those challenges. An architectural change is needed and the cloud is becoming the best answer to these distributed cloud-based security threats. It can act as a punch bag absorbing attacks away from the network perimeter, whilst allowing genuine traffic through. Cloud can maintain website performance whilst scaling dynamically to suppress attacks that are changing.

Moving to cloud-based security is not an easy psychological transition to make, even if the benefits are compelling; there is a ‘box hugger’ in all of us to one degree or another. Attackers are embracing methods the cloud is best positioned to deal with and it is now virtually impossible for all but the largest organisations to fund the in-house security needed to keep large attacks at bay.

Security and performance do not have to be at odds with one another, but to achieve the optimal balance, it is necessary for us all to think outside the network and the box – you can already see the hackers doing it.

John Ellis is enterprise security director, Asia Pacific and Japan (APJ), Akamai Technologies.

Join the CSO newsletter!

Error: Please check your email address.

Tags cloud security

More about Akamai TechnologiesAkamai TechnologiesImperva

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John Ellis

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place