Google has announced plans to expand its distributed denial-of-service (DDoS) mitigation capabilities to become a specialised website protection service.
Named Project Shield
, it is a combination of Google’s own DDoS mitigation capabilities and Page Speed Service to allow individuals and organisations to better protect their websites by serving their content through Google’s own infrastructure, without having to move their hosting locations. It is currently free and open as an invite-only service.
Google claimed that Project Shield does not provide guaranteed protection from DDoS attacks in regards to uptime or protection levels, instead that Google has designed its infrastructure to defend itself from quite large attacks and this initiative is aimed at providing a similar level of protection to third-party websites.
Security blogger Graham Cluley, said: “Clearly anything which allows individuals and small organisations to better protect their sites from a DDoS attack by serving their content through Google’s own infrastructure instead is going to be welcomed by proponents of free speech – and a thorn in the side for the attackers who wish to silence them.”
Asked if this would hit those vendors who provide DDoS mitigation service as their business, Michael Donner, chief marketing officer at Prolexic, said: “As a free service, it is going to appeal primarily to small and medium sized businesses so we don’t expect any significant impact on Prolexic because we focus on a different market (high end enterprise customers).
“The number one priority for many of our enterprise customers is a very high level of customer service (i.e. frequent interaction with a 24/7 security operations centre and access to on call mitigation experts) and it appears Google is not going to offer this level of personalised service so we expect little, if any, client attrition because of that.
“Bottom line: we see Google’s entrance into this market taking market share from other providers of ‘add on’ DDoS mitigation services, such as ISPs, telcos, content delivery networks, and also low-end DDoS mitigation providers.”
Jag Bains, CTO of DOSarrest, said that the announcement from Google begs a few questions, specifically how confident can an enterprise be in housing their information with a company whose primary focus is data collection and mining?
“It’s the same concern shared by many enterprises that won’t use Gmail services for their mail solution. There are additional concerns regarding support. How effective can their support team be at dealing with a real time DDoS? Often real time diagnostics and monitoring are required to ensure full site functionality and I question whether this level of support would be easily accessible,” he said.
“Overall the solution, in my opinion, would be of benefit to customers with low traffic and inexpensive hosting needs, but I would question it being a viable platform for companies who attach a high degree of importance to their web presence.”