Cloudflare is making it easier for companies to weather the storm that comes when they’re subjected to a distributed denial of service attack. The company announced today that all of its customers won’t be charged extra based on how bad the DDoS attack against them is.
That’s a massive change from the status quo in the DDoS mitigation industry, where providers typically charge customers more money based on how much data adversaries throw at a website. That means while customers can keep their sites up in the midst of an attack, they’ll get stuck with large bills afterward.
The benefit will apply to all of Cloudflare’s customers, including sites that pay nothing for protection all the way up to companies that subscribe to its enterprise offering. Those pricing tiers will still offer additional features including express support.
Cloudflare CEO Matthew Prince said in an interview with VentureBeat that the move is possible because of how his company’s business works. Because of the way Cloudflare built its systems, the company doesn’t have to pay extra based on the size of the attack. Passing a nonexistent cost onto the company’s customers didn’t make much sense.
So, what took Cloudflare so long to make this change? Prince said that the team was concerned it hadn’t seen the worst the internet could throw at them. But now, it doesn’t seem like there are any monsters lurking under the proverbial bed.
Over the past three years, the company has been providing free security services to organizations operating politically or artistically important sites through its Project Galileo initiative. That has put Cloudflare directly in the crosshairs of some state-sponsored attacks against its clients, and provided a trial by fire for the company’s technology.
What will be interesting to see is how many of Cloudflare’s competitors follow suit after this move. If they do, Prince thinks that it’s possible the shift could change the market for DDoS attacks in the future, much in the way that high-quality spam filtering helped push botnets towards launching them in the first place.