You can make this argument for literally every business, though. Which business does not have a single pool of resources and multiple clients to consume them?
The majority of factories. They get an order in and produce the product until that order is fulfilled. They don’t have to be running 24/7, it is just that that is the most profitable.
But if you stick to your “analogy”, a factory also chooses who their customers are. And if some are too demanding, they just drop them. Like the casinos.
I should have elaborated on it a bit more, my bad.
While it’s true that DDoS is more of an active technology rather than a CYA thing.
It does however also act as insurance when it comes to the “blame game”: if your site goes down it’s not your fault but the provider’s fault, meaning you might be able to recoup lost profits through a lawsuit.
Of course the only way to avoid this for the provider is to provide better and stronger systems, which normally would grow homogenous through more customers and/or growing fees for all customers, which would pay for better capacity and stronger protection by itself.
However here we have a client that is a high value target that others might want to take down at all costs.
Even if they didn’t sue, a strong enough attack might, alongside naturally expected DDoS on other clients, not only take down this customer’s server, but others as well, which really isn’t something you want, for the reasons stated above.
And rapidly increasing security could be not worth it, as it could devolve into an arms race by proxy with a high risk of the customer leaving if you raise their fees to much, leaving you with a system which’s maintenance will now dig into your profits due to a lost big income stream, or make other customers leave if you raise the general fee.
Removed by mod
It is similar in that there’s a pool of resource shared between all the clients, and the service provider can shift this resource around when in need.
Removed by mod
The majority of factories. They get an order in and produce the product until that order is fulfilled. They don’t have to be running 24/7, it is just that that is the most profitable.
But if you stick to your “analogy”, a factory also chooses who their customers are. And if some are too demanding, they just drop them. Like the casinos.
I should have elaborated on it a bit more, my bad.
While it’s true that DDoS is more of an active technology rather than a CYA thing. It does however also act as insurance when it comes to the “blame game”: if your site goes down it’s not your fault but the provider’s fault, meaning you might be able to recoup lost profits through a lawsuit.
Of course the only way to avoid this for the provider is to provide better and stronger systems, which normally would grow homogenous through more customers and/or growing fees for all customers, which would pay for better capacity and stronger protection by itself.
However here we have a client that is a high value target that others might want to take down at all costs. Even if they didn’t sue, a strong enough attack might, alongside naturally expected DDoS on other clients, not only take down this customer’s server, but others as well, which really isn’t something you want, for the reasons stated above. And rapidly increasing security could be not worth it, as it could devolve into an arms race by proxy with a high risk of the customer leaving if you raise their fees to much, leaving you with a system which’s maintenance will now dig into your profits due to a lost big income stream, or make other customers leave if you raise the general fee.
Removed by mod