13 - Tales from the Real World - Defying DDOS
DDoS attacks have scaled to cloud-level volumes — terabits per second — that on-premises hardware simply cannot absorb. In this episode, Chris is joined by Cam Adams, an engineering manager from Brisbane, Australia, who shares first-hand experience helping customers across Asia-Pacific defend against distributed denial-of-service attacks using Azure.
Cam describes three distinct customer profiles: organisations fully committed to Azure, those in a hybrid state with workloads split between cloud and on-premises, and those yet to begin their cloud journey but still needing cloud-scale defence for on-premises systems. For the latter group, the approach centres on using Azure as an absorptive layer against what Cam calls the “last mile” bottleneck — the narrow point where an internet connection meets on-premises routers and security appliances with throughput measured in gigabits, now being targeted by attacks in the hundreds of gigabits to terabits per second.
Key themes from this episode include:
- Attack scale: Modern DDoS attacks harness hundreds of thousands — sometimes millions — of devices, some with gigabit connections of their own, producing traffic volumes far outside the order of magnitude that on-premises hardware can handle.
- Azure as a defensive layer: Azure DDoS Protection, Azure Front Door, Azure Firewall, and cloud-hosted DNS can all serve as scalable, cloud-native mitigation points regardless of where the workloads themselves reside.
- Public DNS exposure: A simple but often overlooked attack vector — an attacker who profiles your stack and finds self-hosted public DNS will target that first, because it goes down easily. Moving to a cloud-hosted, auto-scaling DNS service removes one of the easiest targets available.
- Proactive versus reactive: Cam’s closing advice is clear — profile your applications, identify your attack vectors, document incident response plans, and remove couplings to devices and services that cannot sustain load. The time to act is before an attack hits, not after.
Whether your infrastructure is fully in the cloud, hybrid, or entirely on-premises, this episode provides a grounded, experience-backed perspective on defending against one of the most disruptive threats in today’s security landscape.
Related Content
8 - Azure Security
Moving to Azure? Security has to come first. Chris is joined by cybersecurity expert Andrew Nathan to explore how organisations can build a strong security posture in the cloud — covering Azure Security Center and Secure Score, identity strategy (Azure AD vs. Azure RBAC), multi-factor authentication, threat modelling, Azure Policy and Management Groups for governance, and the evolution of security operations into red team/blue team war gaming. Whether you're starting your cloud journey or course-correcting an existing environment, this episode will help you understand where to begin and how to keep improving over time.
5 - The API Economy
APIs are the connective tissue of modern cloud architectures — but poor API design compounds into technical debt that is expensive to unwind. In this episode, Chris Reddington and Peter Piper explore the full lifecycle of API design: defining versioning contracts up front, modernising legacy APIs using the Strangler and Façade patterns, and securing APIs with JWT tokens, OAuth 2.0, and OIDC. They also cover Azure API Management patterns, circuit breakers, throttling, key rotation with Azure Key Vault, and the DevSecOps practices that keep an API estate healthy at scale.
1 - Requirements in Context
Every cloud project starts with requirements. In this episode, Chris explores the critical pillars of cloud architecture: resilience (SLA, RTO, RPO, MTTR, MTBF), scalability, performance, and cost. Learn why defining requirements upfront—before drawing architecture diagrams—is essential, and how the same on-premises thinking about availability translates directly into the cloud.