Analyst & Research Reports

O'Reilly Modern Defense in Depth

Issue link:

Contents of this Issue


Page 27 of 53

Because of the risk related to equipment failures, circuit outages, code misconfigurations, human-induced blunders, and the continu‐ ous cyberattacks on DNS, today's largest internet-dependent organi‐ zations (like social media companies that rely 100 percent on internet availability) realize that outsourcing their DNS to a man‐ aged DNS provider makes sense. Today, many organizations either outsource DNS completely, or they use a split view of DNS and out‐ source their authoritative DNS, while still keeping their recursive DNS on premises. Today's cloud operators that also offer managed DNS via cloud infrastructures have, in my opinion, eliminated any possibility of experiencing DNS breakages and outages. They provide rapid change propagation, intuitive configuration consoles, zone manage‐ ment, and active failover coupled with zone scaling and vanity name servers. They also provide integrated traffic steering to enhance the online experience and ensure that an organization's users (custom‐ ers, employees, and partners) reach the best digital asset while tak‐ ing the optimal path. Cloud-based, managed DNS providers are beginning to use automa‐ tion to collect, analyze, and correlate key internet performance met‐ rics from strategic viewpoints of the internet. Integrating billions of data points into their operations daily, they are capable of dynami‐ cally routing users to the most responsive sites and applications based on geography, internet conditions, and the organization's busi‐ ness models. Because router-initiated defenses by way of ACLs and BGP Flow‐ Spec are implemented as the first line of defense, and DDoS defen‐ ses are implemented as the second line of defense, managed DNS operating in the third line of defense fully protects against availabil‐ ity outages. So far, the modern cloud edge includes: • Edge routers • DDoS defenses • Managed DNS As organizations adopt and move their public-facing web applica‐ tions to the cloud, these three lines of defense must be moving 18 | Chapter 3: Cloud-Based Lines of Defense for Web Application Security

Articles in this issue

view archives of Analyst & Research Reports - O'Reilly Modern Defense in Depth