Skip to content Skip to footer

Data centres’ DDoS learning curve

Image: Adobe Stock / Gorodenkoff

In the age of connected computing, our technical dependencies are so often our weakest links. We are increasingly reliant – not just on our own security – but on the resilience of all the devices, networks and partners to which we are connected.

As much as we profit from those connections, we’re also subject to their associated risks. The insecurities of the software supply chain are showing how a malicious piece of code inserted in one location can wreak havoc in countless other places around the globe. IoT devices are also powerful examples of how attractive new technologies can at the same time be perilously vulnerable, in this case unintentionally supporting DDoS attacks that are increasingly aimed at taking out infrastructure – such as telecoms operators and hosting providers – along with the myriad customers who are dependent on their services.

These hidden dependencies are the soft underbelly of the digital enterprise and cyber attackers know that a successful strike here will cause grievous damage. With digital transformation and the move to the cloud, we are all becoming ever more dependent on the data centre as a focal point for the integration of these interconnected technologies.

The ever-evolving data centre

Data centres are increasingly the focal point for the infrastructure that is crucial for the operation of countless businesses. Our reliance on them is deepening too. In fact, data centre traffic has increased by 25 fold in the last 10 years while – according to the Uptime Institute – the cost of data centre outages has also been rising, with 15% of outages costing over one million USD.

Ever growing demand for infrastructure services and the rapid rise of technologies like IoT, cloud and SaaS, have forced a real transformation in the role and scale of data centres, while AI and Machine Learning are expected to push them into an even more pivotal position.

Only a short while ago, data centres would have required specialised or dedicated hardware systems to enable new functionality. However, the next generation of transformation within the data centre will happen at software speed because customers no longer need to wait weeks or months to deploy new hardware, but can roll out new solutions and services across the globe in minutes on standard computing, infrastructure and networking platforms.

As a result, data centres are moving up the stack, creating higher value offerings and delivering more integrated services to customers. For example, in a multi-tenant data centre, customers used to have to buy, configure and manage their internet connections separately from a selection of carriers, but many data centres are now looking to offer pre-packaged, multi-carrier, shared internet services directly to their customers. In doing so, they’re adding value but also acquiring the responsibilities of a service provider.

Similarly, the data centre market is changing from within. Some customers are now reaching a level of scale where they are outgrowing the cost profile of hyperscaler public cloud environments like Amazon AWS, Microsoft Azure and Google Cloud and are moving towards their own more economical private cloud platforms built in colocation data centres which rent out rackspace to a variety of business customers. These ‘colo’ data centres provide global connectivity as well as access to local subscriber networks – which are increasingly important for supplying low latency critical communications.

DDoS in the data centre

As reliance on shared data centre infrastructure mounts, so does the data centre DDoS risk. When a DDoS attack hits a target in a shared facility, others who depend upon the same shared internet services are at risk for collateral damage. DDoS attackers are increasingly pursuing shared infrastructure targets like telecommunications operators or hosting providers. Another report from Lumen Technologies claims that in the final quarter of 2022, 87% of the thousand largest DDoS attacks were aimed directly at telecoms. It’s not hard to see why – telecommunications operators serve a critical function in the modern world by providing connectivity to millions of individual customers and businesses. One successful attack here could have a huge impact on multiple stakeholders.

Much like telecommunications, a DDoS attack on a data centre or shared infrastructure provider can have devastating results. One need not look too far to find examples of this. In 2016, a Mirai botnet based attack was launched against a shared service provider Dyn in the largest reported attack the world had ever seen. The resulting collateral damage caused outages for a variety of popular websites including Amazon, the BBC, Paypal, Airbnb, the New York Times and CNN.

Just last year, Microsoft claimed that it had mitigated the latest ‘largest DDoS attack ever’ when one of its customers was attacked through its Azure hosting service. Most recently, the Killnet group has also been reported to be attacking Azure-based healthcare apps.

New powers, new responsibilities

Colocation data centres are now expanding onto a threat landscape which they haven’t yet faced. As the facilities in which many thousands of customers store their data and host online services, a successful DDoS attack could be seriously destructive for multiple tenants.

Even if only one of those data centre tenants is targeted, the effects of that attack may spread out to affect others within the data centre using common infrastructure services. Because the environment is shared, other data centre tenants can become collateral victims of attacks on their ‘noisy neighbours’.

As data centres expand their offerings to include a wider range of value added services to their customers – and reap the associated profits – they’re also taking on new responsibilities. For example, if internet access is an offering that a colo data centre sells directly to their customers; these same data centres now have to take responsibility for the protection of that internet service against DDoS attacks.


As data centre operators evolve their infrastructure service offerings and acquire greater responsibilities towards their customers, they need to evolve their DDoS protection in line with the new threats arrayed against themselves and their tenants.

And as solutions which address this specific context specifically evolve, we can imagine what they might look like.

They should include on-premises appliances that could block the DDoS attack traffic coming down the shared internet pipes. It would likely combine those on-premises appliances with cloud scrubbing services which can handle volumetric attacks that exceed local capacity by diverting incoming attack traffic into higher capacity cloud-based resources. Furthermore, it would ideally ensure coordinated visibility so that attacks can be spotted and mitigated quickly.

Crucially, a DDoS solution for these data centres must also accommodate the potential for dozens of locations in which a customer’s servers are located, including edge data centres, satellite sites, subscriber networks and elsewhere. In this context, it should be able to address the challenge of ‘noisy neighbours’ in which an attack on one customer would be prevented from causing collateral damage.

Such solutions would also include enough flexibility to offer different tenants within a shared data centre services that could accommodate the security needs and priorities of individual customers.

However those offerings ultimately emerge, DDoS protection for data centres must provide automated protection in real time. Even minutes of downtime are catastrophic for businesses whose offerings require continuous service availability for their customers and those data centre operators that cannot prevent outages will see their own business suffer.

Technological developments which produce new benefits often bring new hazards and new responsibilities. The evolution of the data centre presents exciting new possibilities for businesses, so it’s crucial the businesses choose their partner and vendors carefully so as best to protect end-users from mounting DDoS threats.

Picture of Ashley Stephenson
Ashley Stephenson
CTO at Corero Network Security

You may also like

Stay In The Know

Get the Data Centre Review Newsletter direct to your inbox.