First monday of October 2016 and a friends data center is under a DNS amplification attack attack against cpsc.gov. Having seen it all a number of times before, I was able to thwart in under 30 minutes flat, but it got me thinking!
How do you mitigate a DDOS attack on your service when you buy the service from a cloud provider ? Obviously the automated tools will spawn as many instances as are necessary to absorb the attack.
Of course the service will survive, the devops will pat themselves on their collective backs and the managers will gloat of the great team they run.
What about the cloud provider then ? Oh they get the sweetest part of the deal: each instance spawned nets them cash.
So am I worried about the cloud being targeted by DDOS attacks ? Heck no as long as I do not foot the bill !