Image of a programmer with Security written over his head.

Integrated performance & security options

Why should you invest in website security?

In 2017, Equifax lost the records of 145 million American’s because they failed to patch a known issue. Small businesses often claim they are too small to be a target, but in fact, you’re under attack from day one. Although you may not have a wealth of personal data, or commerce, there are other purposes such as cryptocurrency mining. Even beyond hacking, there are other ways security could impact you online.

The costs of rectifying a breach are on average several million dollars, and that is before the cost of lost customers is included. Can your business afford that, especially when there are opportunities to significantly reduce the risk at reasonable prices.

In this article, we explore three options that provide both security and performance enhancements and are leaders in the market that services small to medium businesses.

Note, Amazon is excluded as an option as they are not a particularly user friendly option. While I have used Amazon historically, they are no longer my preference, although are an excellent option. Similarly, I feel Fastly and Akamai are better suited to more mid to large-sized businesses.

In the interest of full disclosure, I have used all these vendors mentioned for different occasions.

Security and performance services

All of these companies share basic services:

  • CDN (Content distribution network) – Network of servers that duplicates your website’s content around the world. This allows customers to receive faster responses, which can have a huge impact on retention and conversion.
  • WAF (Web Application Firewall) – System that analyses incoming traffic for potential threats and blocks identified risks. For example, traffic that is trying to target a known exploit.
  • DDoS (Distributed Denial of Service) protection – Protects against a malicious attack where a third party floods a website with traffic that can cause it to slow or fail under the load. Traffic comes from numerous individual sources that can make blocks challenging.

Who are these companies?

If you’re reading this, you may not have heard of any of these companies, so who are they?

Cloudflare

Cloudflare logo

Cloudflare started in 2004 as a project to determine where email spam originated. It has now expanded to track and protect against significantly more threats. In fact, the average person touches the Cloudflare network 500 times per week. They are trusted by large companies and are a favourite of small businesses due to their exceptional free plan. They have the biggest footprint of any of these providers with 119 data centres around the world.

StackPath

StackPath logo

StackPath was founded in 2015 and grew through the purchase of five specialised companies. Each of the acquisitions was extremely well regarded individually, and StackPath has now started to unify them into a compelling package.

While they may not have the established base of Cloudflare, they provide a competitive and scalable offering.

Sucuri

Sucuri

Sucuri started back in 2010 and was purchased in 2017 by GoDaddy. Their goal is to offer a concise security overview and protection for website owners. The acquisition should assist Sucuri to compete with the scale of the larger companies mentioned here.

Key differences

Each of these companies will have a product that will deliver on your needs, so how can you narrow it down? Below is a table with some of the primary differences. Please ensure you review the product offerings carefully before making a selection.

DDoS protection
FeatureCloudflareStackPathSucuri
Cost
  • Free – No WAF
  • Pro – $20/mth with WAF
  • Business – $200/mth
Refer to pricing page for full details. Cloudflare doesn’t charge by bandwidth.
  • $20/mth – 1TB
  • $200/mth – 10TB
  • $2000/mth – 100TB
Refer to pricing page for full details.
Firewall only:
  • Basic – $10/mth
  • Pro – $20/mth
  • Business – $70/mth
Malware protection package:
  • Basic – $200/yr
  • Pro – $300/yr
  • Business – $500/yr
Sites included1Unlimited, other limits by tier1
Interface qualityExcellentOk, technical knowledge requiredVery good
CDN
CDN performance*GoodExcellentGood – Australia is poor
WAF
Paid plans only
Country blocks
Business only
IPv6
HTTP/2
TLS control
Malware monitoring/removal
SSLShared (Upload own cert available on Business plan)Shared, Lets Encrypt or own certificateLets Encrypt or own certificate

Conclusion

That’s a fairly complicated comparison, who would I recommend each to? While exact recommendations will depend on specific cases, my suggestion is usually:

Cloudflare– Customers after a simple user interface or cheap CDN. Cloudflare’s free tier is extremely high quality and their DNS service is excellent. If you aren’t ready to pay, I’d use Cloudflare without question and add features as appropriate.

StackPath– People more concerned about site speed or technically minded people. StackPath requires considerably more effort to configure and will require some understanding as documentation is poor. Several options in StackPath can easily block good traffic if not understood. Finally, it does have excellent analytics for the CDN and the cost can justify StackPath as a CDN alone if needed.

For full details regarding our thoughts on StackPath, have a look at our review of StackPath.

Sucuri– Anybody looking for additional malware protection, or who would like a single easy dashboard for reviewing their security. While Cloudflare has an easier interface to understand, Sucuri I find simpler to manage.

Tell me about your selections and why in the comments below.

More Stories
New Payments Platform (NPP) for small business