And insurances provide monetary compensation until you become a common liability, too high to be covered by any sort of fee.
DDOS protection is just the same. It’s only feasible if it happens rarely, like they usually happen.
However if it’s a common occurrence it will just eat up the profits made by the fees and then some, which just is stupid to do in any case.
I don’t want TP convince anyone they are not like jerks, but rather highlight why a corporation would do something like this to a (most likely) lucrative client.
You can make this argument for literally every business, though. Which business does not have a single pool of resources and multiple clients to consume them?
To me it seems a really arbitrary argument. Insurance companies estimate a risk, and if their chance to pay is almost certain, then for them there is no point in insuring you, they lose for sure so they refuse you.
DDoS protection services don’t pay if their customers get DDoS. Cloudflare doesn’t need to go and deploy more network appliances every time a customer gets DDoS’d, nor they need to hire additional engineers to implement features. They have done this already and if they do it’s a company-wide investment, not a per-client investment.
You can make this argument for literally every business, though. Which business does not have a single pool of resources and multiple clients to consume them?
The majority of factories. They get an order in and produce the product until that order is fulfilled. They don’t have to be running 24/7, it is just that that is the most profitable.
But if you stick to your “analogy”, a factory also chooses who their customers are. And if some are too demanding, they just drop them. Like the casinos.
Also, once factories have machines etc., they might prioritize one customer over another, but I doubt they decide a customer is not profitable. In fact, digital businesses don’t have by design the problems posed by the physical world, and this is especially true in b2c businesses…
I should have elaborated on it a bit more, my bad.
While it’s true that DDoS is more of an active technology rather than a CYA thing.
It does however also act as insurance when it comes to the “blame game”: if your site goes down it’s not your fault but the provider’s fault, meaning you might be able to recoup lost profits through a lawsuit.
Of course the only way to avoid this for the provider is to provide better and stronger systems, which normally would grow homogenous through more customers and/or growing fees for all customers, which would pay for better capacity and stronger protection by itself.
However here we have a client that is a high value target that others might want to take down at all costs.
Even if they didn’t sue, a strong enough attack might, alongside naturally expected DDoS on other clients, not only take down this customer’s server, but others as well, which really isn’t something you want, for the reasons stated above.
And rapidly increasing security could be not worth it, as it could devolve into an arms race by proxy with a high risk of the customer leaving if you raise their fees to much, leaving you with a system which’s maintenance will now dig into your profits due to a lost big income stream, or make other customers leave if you raise the general fee.
And insurances provide monetary compensation until you become a common liability, too high to be covered by any sort of fee. DDOS protection is just the same. It’s only feasible if it happens rarely, like they usually happen. However if it’s a common occurrence it will just eat up the profits made by the fees and then some, which just is stupid to do in any case.
Comparing Cloudflare to insurance companies is not how you’ll convince me they’re not acting like jerks lol
I don’t want TP convince anyone they are not like jerks, but rather highlight why a corporation would do something like this to a (most likely) lucrative client.
Removed by mod
It is similar in that there’s a pool of resource shared between all the clients, and the service provider can shift this resource around when in need.
You can make this argument for literally every business, though. Which business does not have a single pool of resources and multiple clients to consume them?
To me it seems a really arbitrary argument. Insurance companies estimate a risk, and if their chance to pay is almost certain, then for them there is no point in insuring you, they lose for sure so they refuse you.
DDoS protection services don’t pay if their customers get DDoS. Cloudflare doesn’t need to go and deploy more network appliances every time a customer gets DDoS’d, nor they need to hire additional engineers to implement features. They have done this already and if they do it’s a company-wide investment, not a per-client investment.
The majority of factories. They get an order in and produce the product until that order is fulfilled. They don’t have to be running 24/7, it is just that that is the most profitable.
But if you stick to your “analogy”, a factory also chooses who their customers are. And if some are too demanding, they just drop them. Like the casinos.
OK, sorry. Digital services businesses.
Also, once factories have machines etc., they might prioritize one customer over another, but I doubt they decide a customer is not profitable. In fact, digital businesses don’t have by design the problems posed by the physical world, and this is especially true in b2c businesses…
I should have elaborated on it a bit more, my bad.
While it’s true that DDoS is more of an active technology rather than a CYA thing. It does however also act as insurance when it comes to the “blame game”: if your site goes down it’s not your fault but the provider’s fault, meaning you might be able to recoup lost profits through a lawsuit.
Of course the only way to avoid this for the provider is to provide better and stronger systems, which normally would grow homogenous through more customers and/or growing fees for all customers, which would pay for better capacity and stronger protection by itself.
However here we have a client that is a high value target that others might want to take down at all costs. Even if they didn’t sue, a strong enough attack might, alongside naturally expected DDoS on other clients, not only take down this customer’s server, but others as well, which really isn’t something you want, for the reasons stated above. And rapidly increasing security could be not worth it, as it could devolve into an arms race by proxy with a high risk of the customer leaving if you raise their fees to much, leaving you with a system which’s maintenance will now dig into your profits due to a lost big income stream, or make other customers leave if you raise the general fee.
Removed by mod