By Tin Zaw, Director of Security Solutions, Verizon Digital Media Services
For years, people have held onto the notion that there has to be a trade-off between security and web performance. After all, with more layers of defense in place, it will take more time for web traffic to get through these protections. In this case, however, popular perception is not reality; security does not impede web performance in a content delivery network environment. CDNs can actually enhance web performance and ultimately improve user experience.
Let’s take a look at why people assume there must be a trade-off, then explore the ways better security can actually improve web performance.
The old perception of security versus web performance is based on outdated architecture. It assumes that everything is running on one machine or gateway proxy: when a computer receives an additional workload, it has to perform more computations, which slow down the machine. As cyber attacks have become larger over time, they can easily overwhelm a system, including most cloud-based security platforms. However, CDNs have transformed the landscape. With multiple servers in multiple locations providing scalability, the paradigm shifts – as load increases, available resources expand and the work gets distributed. End result, users do not notice any decrease in web performance.
Because CDNs are scalable, they can apply more computing resources the more threats they intercept, and scale back to use fewer resources when threats are fewer in number. Since more machines are available to do the work, tasks such as logging and monitoring become more efficient. And if there is an additional load, such as from distributed denial-of-service (DDoS) attacks, CDNs can also distribute load monitoring, filtering and managing the threats. DDoS attacks are larger than they’ve ever been and regularly overwhelm single websites or applications. But CDNs, with hundreds or thousands of servers, can absorb spikes and distribute the workload so it does not overwhelm or slow down systems, and cyber attacks do not adversely impact user experience.
As a website becomes more popular and handles more traffic, the CDN will allocate more resources to it, such as servers and bandwidth. The increased load is not just spread among servers in one location near the source, but it is geographically distributed among multiple, robust points of presence, or PoPs, in multiple cities closer to the end users. Since the workload can be spread out, there is no negative impact on performance as the website scales.
CDNs also have the ability to do some computing at the edge of the cloud closest to the user. Content transformation, content inspection and security filtering can all be done at the edge in a distributed, scalable way to contain threats so they don’t affect the origin server. Performance may actually improve because the origin server doesn’t have to deal with malicious traffic, only serving legitimate users. Since the system handles only the innocent traffic, the customer experience improves.
With protocol termination and decryption happening naturally at the edge of the cloud, the CDN is a logical place to do HTTP filtering and inspections without having to add another layer of security. The cost of doing so at the edge, where it can occur organically, is also significantly less than it would be to install a separate layer of machines at the origin data center dedicated to security tasks. In addition, performing TLS decryption and HTTP termination on the same machine where it is already occurring naturally ultimately increases efficiency.
Better security on CDNs ultimately improves web performance and enhances the customer experience. By alleviating origin servers of the need to deal with malicious traffic, CDNs free them to use computing cycles on the real work of the internet, which is providing transactions for customers. Whether those customers are purchasing a product, listening to music, streaming videos, or conducting bank transactions, the end result of best-in-class CDN security is better user experience.
Meet with us at Velocity to learn more about how Verizon Digital Media Services’ layered security system can enhance your web performance and security, improving your customers’ experience.