How orderbird uses Cloudflare to protect their POS system

Founded in 2011, orderbird provides market-leading point-of-sales (POS) solutions to over 10,000 restaurants, cafés, bars, clubs, ice cream shops, and beer gardens in Germany, Austria, Switzerland, and France. The company’s mission is to make individual restaurants more successful by providing them with affordable and easy-to-use payment technology.

orderbird meets DDoS challenges head-on with Cloudflare

In December 2016, orderbird faced a heavy distributed denial-of-service (DDoS) attack that nearly took the company out of business.

“During Christmas time, our backend was DDoSed and went down for a couple of days,” says Frank Schlesinger, Chief Technical Officer of orderbird. “For a restaurant, Christmas is usually a very important time — you have to manage all of the bookings and prepare for the festivities — and our customers couldn’t use their point-of-sales systems at all. As a result, we lost a significant amount of our customer base.”

This was a serious problem even by the standards of many business-critical applications. Network connectivity and backend availability were essential parts of the overall POS system, and if it happened to go down for any reason, their customers’ businesses could not receive orders and may have then lost revenue.

Within a few days of the attack, orderbird moved their entire backend onto AWS and added Cloudflare’s security solutions to safeguard their platform and ensure 100% uptime.

“We made a quick move to Cloudflare, because its services promised help immediately,” Schlesinger explains. “We stayed with Cloudflare because it gives us security without a headache.”

Cloudflare helps orderbird mitigate DDoS attacks by leveraging the capacity of the Cloudflare global network. Cloudflare’s network spans 200 cities in 90+ countries around the world, using collective intelligence from 26+ million properties to quickly protect against new and zero-day vulnerabilities. Combined with the power of the Cloudflare Web Application Firewall (WAF), which detects and blocks malicious traffic in real-time, orderbird is able to deflect any attacks that may take their system offline.

Since switching to Cloudflare, Schlesinger says the company hasn’t noticed any successful attacks on their system.

“We track how many threats Cloudflare is filtering, which is about 1,500 every month,” he explains. “There have been zero successful attacks on our services since 2017.”

Integrated security and performance solutions give orderbird peace of mind

In order to provide a smooth user experience, orderbird needs to be able to shield their POS system from incoming attacks without compromising the speed and reliability of their services. Often, implementing new security measures can increase latency and other performance issues, since requests need to be checked against multiple security features in order to effectively prevent attacks.

With Cloudflare, orderbird doesn’t have that problem. Cloudflare’s suite of performance solutions, including CDN and Load Balancing, significantly reduces end-to-end latency, allowing orderbird to integrate low-latency security products like WAF and Advanced DDoS Protection while still saving on valuable milliseconds.

In addition to the Cloudflare WAF, orderbird also uses Cloudflare Managed DNS to deliver as-fast-as-possible response times, mitigate DNS-based DDoS attacks, and maintain 100% uptime at the edge. And, with Cloudflare Rate Limiting, orderbird protects their critical resources at the application layer by blocking or qualifying visitors with suspicious request rates. Now, orderbird has peace of mind knowing that their security posture doesn’t interfere with their ability to keep their system fast and reliable.

orderbird enlists Cloudflare to help make data-informed business decisions

After securing and accelerating their applications with Cloudflare, orderbird started utilizing Cloudflare Logs to gain greater insights into their traffic patterns and site performance.

“I’m pretty data-driven,” says Schlesinger. “I was immediately impressed with all of the in-platform dashboard analytics that Cloudflare provides, which lets us see basic things like threats over the course of a couple of weeks or the ups and downs of requests.”

Cloudflare provides effortless analytics integrations with third-party tools and providers like Datadog, enabling Schlesinger to track the behavior of orderbird’s traffic and make more informed scalability decisions.

“I can look at my trend line, which gives me a very rough estimate on how my overall traffic develops,” Schlesinger adds. “Then, I can use that data to answer questions about our scaling strategies or do things like put a number into my cloud budget for the next year.”

Thanks to Cloudflare, orderbird is able to observe critical data patterns that have a true impact on the future of their business. With the insights provided in their dashboard, Schlesinger and his team can monitor unusual spikes in traffic, see if a suspicious number of requests are coming from a country where orderbird does not conduct business, or figure out the best time to deploy a new feature. That gives orderbird the confidence to trust Cloudflare — not just as an integral component of their security posture, but as a part of their ongoing growth, too.

How orderbird uses Cloudflare to protect their POS system
Key Results
  • Cloudflare helps orderbird block an average of 1,500 threats per month
  • orderbird has not experienced a single successful DDoS attack since switching to Cloudflare in 2017

We made a quick move to Cloudflare, because its services promised help immediately. We stayed with Cloudflare because it gives us security without a headache.

Frank Schlesinger
Chief Technical Officer