CDN Security

When you become a StormIT customer, our experts become an extension of your team, designing and supporting a network unique to your business needs. We frequently review changes in your applications, traffic, and users, and fine tune your Amazon CloudFront CDN service to optimize for these changes.

Amazon CloudFront is a highly secure CDN that provides both network and application level protection. All CloudFront customers benefit from the automated protection of AWS Shield Standard, at no additional charge.

We use the most secure global infrastructure by Amazon Web Services—the leader in cloud computing.
Image by Franck V.

AWS Shield

AWS Shield Standard’s always-on detection and mitigation system automatically scrubs bad traffic at Layer 3 and 4 to protect your application. Over 99% of infrastructure layer attacks detected by AWS Shield Standard are automatically mitigated in less than 1 second for attacks on Amazon CloudFront
Protection against Network and Application Layer Attacks

Amazon CloudFront, AWS Shield, AWS Web Application Firewall (WAF), and Amazon Route 53 work seamlessly together to create a flexible, layered security perimeter against multiple types of attacks including network and application layer DDoS attacks. All of these services are co-resident at the AWS edge and provide a scalable, reliable, and high-performance security perimeter for your applications and content. With CloudFront as the “front door” to your application and infrastructure, you are moving the primary attack surface away from your critical content, data, code and infrastructure.

SSL/TLS Encryptions and HTTPS

With Amazon CloudFront, you can deliver your content, APIs or applications via SSL/TLS, and advanced SSL features are enabled automatically. You can use AWS Certificate Manager (ACM) to easily create a custom SSL certificate and deploy it to your CloudFront distribution for free. ACM automatically handles certificate renewal, eliminating the overhead and costs of a manual renewal process. Additionally, CloudFront provides a number of SSL optimizations and advanced capabilities such as full/half bridge HTTPS connections, OCSP stapling, Session Tickets, Perfect Forward Secrecy, TLS Protocol Enforcements and Field-Level Encryption.

Access Control

With Amazon CloudFront, you can restrict access to your content through a number of capabilities. With Signed URLs and Signed Cookies, you can support Token Authentication to restrict access to only authenticated viewers. Through geo-restriction capability, you can prevent users in specific geographic locations from accessing content that you're distributing through CloudFront. With Origin Access Identity (OAI) feature, you can restrict access to an Amazon S3 bucket to only be accessible from CloudFront.


CloudFront infrastructure and processes are all compliant with PCI-DSS Level 1, HIPAA, and ISO 9001, ISO 27001, SOC (1, 2 and 3) to ensure secure delivery of your most sensitive data.

CDN for Web Applications and APIs

The Amazon CloudFront content delivery network (CDN) is massively scaled and globally distributed. The CloudFront network has 220+ points of presence (PoPs), and leverages the highly-resilient Amazon backbone network for superior performance and availability for your end users.

What Customers Say About Us

Sefira logo

„Extremely helpful and friendly approach from the StormIT guys. They helped us optimize the setup for the cloud version of our digital trust OBELISK products. I would recommend the cooperation to everybody:)“

  Martin Jurík, Channel Partner Manager

SEFIRA spol. s.r.o.

Not sure if you are protected well enough against DDoS attacks?