The costs of rectifying a breach are on average several million dollars, and that is before the cost of lost customers is included. Can your business afford that, especially when there are opportunities to significantly reduce the risk at reasonable prices.
In this article, we explore three options that provide both security and performance enhancements and are leaders in the market that services small to medium businesses.
Note, Amazon is excluded as an option as they are not a particularly user friendly option. While I have used Amazon historically, they are no longer my preference, although are an excellent option. Similarly, I feel Fastly and Akamai are better suited to more mid to large-sized businesses.
In the interest of full disclosure, I have used all these vendors mentioned for different occasions.
Security and performance services
All of these companies share basic services:
CDN (Content distribution network) – Network of servers that duplicates your website’s content around the world. This allows customers to receive faster responses, which can have a huge impact on retention and conversion.
WAF (Web Application Firewall) – System that analyses incoming traffic for potential threats and blocks identified risks. For example, traffic that is trying to target a known exploit.
DDoS (Distributed Denial of Service) protection – Protects against a malicious attack where a third party floods a website with traffic that can cause it to slow or fail under the load. Traffic comes from numerous individual sources that can make blocks challenging.
Who are these companies?
If you’re reading this, you may not have heard of any of these companies, so who are they?
Cloudflare started in 2004 as a project to determine where email spam originated. It has now expanded to track and protect against significantly more threats. In fact, the average person touches the Cloudflare network 500 times per week. They are trusted by large companies and are a favourite of small businesses due to their exceptional free plan. They have the biggest footprint of any of these providers with 119 data centres around the world.
StackPath was founded in 2015 and grew through the purchase of five specialised companies. Each of the acquisitions was extremely well regarded individually, and StackPath has now started to unify them into a compelling package.
While they may not have the established base of Cloudflare, they provide a competitive and scalable offering.
Sucuri started back in 2010 and was purchased in 2017 by GoDaddy. Their goal is to offer a concise security overview and protection for website owners. The acquisition should assist Sucuri to compete with the scale of the larger companies mentioned here.
Each of these companies will have a product that will deliver on your needs, so how can you narrow it down? Below is a table with some of the primary differences. Please ensure you review the product offerings carefully before making a selection.
Free – No WAF
Pro – $20/mth with WAF
Business – $200/mth
Refer to pricing page for full details. Cloudflare doesn’t charge by bandwidth.
Shared (Upload own cert available on Business plan)
Shared, Lets Encrypt or own certificate
Lets Encrypt or own certificate
That’s a fairly complicated comparison, who would I recommend each to? While exact recommendations will depend on specific cases, my suggestion is usually:
Cloudflare– Customers after a simple user interface or cheap CDN. Cloudflare’s free tier is extremely high quality and their DNS service is excellent. If you aren’t ready to pay, I’d use Cloudflare without question and add features as appropriate.
StackPath– People more concerned about site speed or technically minded people. StackPath requires considerably more effort to configure and will require some understanding as documentation is poor. Several options in StackPath can easily block good traffic if not understood. Finally, it does have excellent analytics for the CDN and the cost can justify StackPath as a CDN alone if needed.
Sucuri– Anybody looking for additional malware protection, or who would like a single easy dashboard for reviewing their security. While Cloudflare has an easier interface to understand, Sucuri I find simpler to manage.
Tell me about your selections and why in the comments below.