Why even the smallest business should use a CDN
The response to my “URGENT!!!” email came late in the evening:
“Unfortunately it’s not just a DNS issue this time. The problem is that the server is under DDoS attack, which is a 90% chance that it’s one of your sites being targeted since your sites are the ones with most of the significant traffic.”
Thus began my crash course (sorry for the pun) in DDoS, CDNs and WAFs, or if you like the lots-of-letters versions, “distributed denial-of-service”, “content distribution networks” and “web application firewalls”.
The email from my web host continued:
“The datacenter has null routed our IP while the attack is happening, so hopefully it’ll stop soon and they will put the IP back online. But they did warn that repeat DDoS abuse will result in termination of the server, so hopefully this is just a one-time incident and doesn’t start happening frequently. They did also recommend to be more proactive, such as using a DNS redirection service with a CDN and a WAF to help prevent this in the future, so you may want to consider using that for any domains that you think may be a target for attack. Of course that won’t even help if they are targeting the server IP instead of your domain name, but DNS redirection will at least help to hide the server IP for anyone in the future that might want to attack it if you choose to go that route.”
If this sounds Chinese to you, welcome to the club. I am not a techie, and when I read (or tried to read) this email a couple years ago, I was baffled. I live on the Internet, so I pick up a lot, but that doesn’t make me a tech genius. I can top up the oil in my car and operate the turn signal, apparently better than 50 percent of the $!&*# drivers out there on the road (but that’s another rant for another time), but don’t ask me to actually fix anything on my car.
Fortunately, I am lucky to host with Phastnet, where personal service comes around the clock, and I was walked through the process. My sites have been protected against DDoS attacks ever since. I’ll spare you the pain of reading my clumsy attempt to explain CDNs; there’s a good guide to how a CDN works here.
That DDoS attack cost me a couple days of website downtime, lost productivity and a whole lot of stress.
Even very small businesses — and I consider mine to be pretty small — should protect themselves. The costs of an attack can be pretty big, and you don’t get to pick when you’ll be attacked. Imagine an eCommerce store attacked in early December!
The likelihood of being attacked is growing every year, as attacks become more frequent and much larger. A report by Nominum in early 2015 “saw dramatic escalation in DNS-based DDoS attacks over the last year as shown in the graph below. Last year’s attacks grew exponentially, culminating in a DDoS attack in December 2014 with attack traffic estimated at more than double in size compared to the record-setting 500 gigabit per second attack publicized just a month before.”
It costs only $38/hour to launch a DDoS attack, but the damage it can do to you while your website is down for a couple days can be $1,000, $10,000 or even $100,000, depending on the nature and scale of your business.
If you read the guide I linked to above, you would have learned that CDNs reduce latency. “In essence, CDN puts your content in many places at once, providing superior coverage to your users.”
Let’s suppose a customer is in New Zealand, and your webhost’s datacenter is in England. A CDN delivers cached elements from your website to the customer’s browser from somewhere closer than your London-based web host. So your website can serve data right up close to the customer from Sydney or Aukland or maybe even Adelaide. It does not mean you get to relax on the beaches of the Grange, but it does mean your website loads faster for the customer.
Website speed is important to meet public expectations. “47% of consumers expect a web page to load in 2 seconds or less,” reports Kissmetrics. If they don’t get what they expect, people simply abandon their shopping carts and buy something from your favorite competitor.
According to Adam Audette, of SVP Organic Search, “If an ecommerce site makes $100k in revenue per day, a 1 second load delay equates to $2.5M in lost revenue annually.”
It’s not just the location of the server that increases the speed. Modern websites, even small business websites, draw from multiple sources. Your customers’ browsers can download only so much simultaneously, so the total download is often delayed as various elements from a variety of websites wait in the queue. CDNs allow more of your page elements to be downloaded simultaneously, so your website appears faster in a customer’s browser.
Load times are not only important for your customers. Google has made it clear that they will give at least some preference to faster loading websites. All other things being equal, the slower website misses out.
As an added bonus, the distributed load of a CDN is more efficient than most single-server websites. It can save bandwidth, boost performance and cut hosting costs for you. And a CDN gives you extra insurance against website downtime.
Small business consultant Gail Gardner calls CDNs the “first line of IT defense”, but adds that “A CDN is one of those rare services that has a strong upside immediately rather than only being seen as a preventive expense in case of attack.”
So CDNs protect your websites from attacks and make them load faster for remote customers, as well as for the search engines. A more robust site that performs better and earns more money, without many of the headaches from downtime or DDoS attacks, and you can save the stress that I went through. That’s something every small business can use!