Whether you have one CDN or many, an origin shield is a must-have as part of your resilience and risk mitigation strategy. If something goes wrong, the CDN itself can become a DDoS attack on your origin (the whole reason you want origin shielding in the first place!). And, as we’ve learned from recent events that saw half of the internet go offline for 49 minutes, no one can afford to have a single point of failure.
The Fastly CDN outage on June 8th, which took down a major part of the internet, including popular websites and services, such as Reddit, Spotify, Twitch, Stack Overflow, GitHub, gov.uk, Hulu, HBO Max, Quora, PayPal, Vimeo, Shopify, Stripe, and news outlets CNN, The Guardian, The New York Times, BBC and Financial Times, taught everyone four important things:
Whether you deploy a single CDN or rely on a multi-CDN strategy, an origin shield is a must-have to reduce the load on the origin, protect it from overload, and safeguard performance and QoE.
While not classified as a traditional cybersecurity method, an origin shield can help mitigate the effects of both malicious and non-malicious traffic overloads and DDoS attacks. Origin protection can play an important role in the overall security picture without explicitly or exclusively being a security feature.