In an earlier podcast series we had on security and your eCommerce store, a ton of information was covered. In today’s post I am pulling out one question and answer around the content delivery network and how it can improve your online store in so many ways.
I asked Dre Armeda, with Sucuri Security about a CDN and the role it plays in performance and security.
The Big Advantages of a Content Delivery Network
Dre Armeda: This is a good question and something that affects a lot of things on the internet from performance and the way that people view and get the request that they’re asking for from your websites all the way to SEO and the way that you might get ranked because of Google’s algorithm and how your site’s performing. Really important beyond even the scope of security which is where I like to focus on because I think that that’s a really important point. One of the biggest concerns with security implementations is always the impact to the website’s performance and we know that. What’s funny to me is that sites will have security implications and a high risk of performance issues. That’s going to happen if you get attacked and all that fun stuff especially when you don’t have a CDN, a content delivery network, or some type of caching capabilities enabled preferably at the edge because that’s really where you’re going to see some gains as you serve this information to those requesting from wherever in the world. I definitely recommend using a caching layer source like a CDN for your static content to be served from.
We’re caching on the site or through these CDNs is super important. What ends up happening is these CDN networks, they grab a copy of your static content and have copies across their network globally, so they get served that closest instance of this requested content whether that’s images, what have you, to the location nearest where the request is coming from. The distance traveled is less. You see this cache, so that request comes a lot faster. You see a huge improvement, a significant improvement. In fact, in some cases 50% faster. It’s just loading ridiculous quick. Definitely recommend the CDN. Depending on how WordPress is configured, you could see gain speeds 2 to 3 times faster. That’s pretty slick. Something that’s important here is a load and bandwidth utilized by your server infrastructure because now everything is being served from this network versus your server. You see less impact to your bandwidth, to your environment. There’s I think a myriad of benefits to using CDNs beyond just the performance. That’s certainly one of them. The other one is taking that load off of your server and environment for sure.
The Biggest Advantage is the Protection of Your Original Server
The other one I think is really protecting your original server, your origin server, your environment. That to me is probably the biggest positive impact of having a strong CDN. It’s the easiest way probably to mitigate external attacks because the availability of your site is super important. That’s one of those sections or legs of the triad we talked about last week, confidentiality, integrity, availability. Often times attacks like DDoS, a distributed denial of service attack, it will take down your availability. Having these CDNs and these cache assets around the world mitigates that pretty well because now your site maybe getting attacked, but this stuff’s cached. It’s still there. It reduces the risk of your site going down if you have the CDNs enabled. We have a service. At Sucuri, we offer a web application firewall, a CDN capable firewall and it’s at the edge. It acts in this function. It proxies all your traffic through it at the edge, so it’s not your server, so that any malicious or let’s say nefarious traffic that’s trying to attack your site is thwarted before it ever reaches the network.
It never penetrates your environment. We stop it. We throw it out. Only good request come through. It has some pretty cool features. One of them I think that’s pretty neat especially when you start thinking about all those folks out there that don’t update their websites regularly which you should be, if you’re running an old version, you should really be asking yourself why and get it updated. If you don’t, we’ve built in some mechanisms to help with that as well. Some of these services out there do this. This is one thing that we lead with because we’re more of a security product, a web application firewall with a performance increase as a byproduct. This CDN capability we’ve built in to the security protection layer that we’ve built. Let’s say you are writing an old version of WordPress with a known vulnerability. The firewall’s going to recognize it. This is going to stop any attempts coming in to try to attack that vulnerability at the edge. It will never reach your WordPress instance. What we’ve done is we’ve created this application profiling engine that’s adjustable which is pretty neat.
It knows good request. Let’s say, “Hey, you’re running WordPress. The firewall knows you’re running WordPress. WordPress has all of these files. Requested these files. This is the interaction. It’s normal with WordPress. These are the calls that you see happening. These are the files that should be initiating, “and so on. Our firewall knows that. If any request comes in that’s beyond that or it’s going something that doesn’t match that application profile, we spit it out. It just never reaches your site. It doesn’t execute, therefore protecting from that. We have all these known vulnerabilities already mapped into our signature base. We take a really holistic view of all those versions of WordPress, those known vulnerabilities and we’re able to stop any type if injection that is trying to attack that vulnerability. That is how we’re protecting at the edge and a good firewall CDN integration should allow for that. Again, the performance boost is super important and it’s a byproduct, but we have a caching layer that enables us to speed up performance of sites and serve your visitors with those requests closest to them.
We’re going to respond from the servers and the environments closest to them because we’ve got points of presence now, jeez, in 6 different data centers across the world plus our CDN points of presence which are spread out beyond that. It’s become a pretty big network to help improve performance. Again, I certainly recommend it. The best CDNs, again, I think are one’s that function as a firewall, not just this performance optimization. I think that today’s threats are much more than just attacks against your availability, so it’s important to really protect all of those pieces. Imagine for a moment like again, the impact to your business if you’re website went down during the checkout process or a user was unable to purchase your products because the site was down. Now imagine if it was down like that for an hour or a week, a month because of some type of attack to availability. CDNs I think help you with that.
It’s an important layer and I definitely recommend adding a web application firewall with that CDN. I think they go hand in hand. It’ll definitely improve your site performance and could help with sales and such. You won’t regret it.
Does Quality Performance Equal Security?
I think to an extent. Right? There are some CDNs out there and products that are just CDNs and do not offer as robust a web application firewall that we offer or that’s available out there. I think it’s important to really approach your performance with security in mind. If you can attack both of those, if you can implement a solution that gives you a strong security and protection at the edge as well as those performance increases, you’re winning. Your clients are winning. Your bank roll’s probably going to win.