RISK IN CLOUD

COMPUTING
2
3
 Risk is the possibility of losing something of
value.
 A probability or threat of damage, injury,
liability, loss, or any other negative
occurrence that is caused by external or
internal vulnerabilities and that may be
avoided through preemptive action.

4
Risk 1
 The cloud solution may not meets its
economic objectives.

5
Risk 2
 The solution may not work in the context of
the client enterprise association and culture

6
Risk 3
 The solution may be tough

7
Risk 4
 Catastrophe may occur from which the
solution may not recover.

8
Risk 5
 System value may be insufficient to meet the
user needs.

9
Risk 6
 There may be an existing need for service
orientation.

10
What is Risk Management?
 Risk Management is defined as the practice
followed to avoid as many as error possible
occurring due to risk.

11
Risk Management Process
 There are a six step process involved to
avoid risk in the enterprises

12
SIX STEPS PROCESS OF
RISK MANAGEMENT
 Determination of the objectives:
 Identification of the risks
 Evaluation of the risk
 Consideration of alternatives and selection of
treatment.
 Implementation of the decision
 Evaluation and Review

13
14
Step 1: Determination of the
objectives
 One prime objective is to maintain functional
effectiveness of the organization.

 The second is defending the workers from

misfortune that may cause injury or death.

15
Step 2: Identification of risks
 To identify the risks the following techniques
are used.
1. Risk analysis questionnaires
2. Exposure checklist
3. Insurance policy checklist
4. Flowcharts
5. Analysis of financial statements
6. Other internal records
7. Inspections
8. Interviews
16
Step 3: Evaluation of the risks
 Risk supervisor should evaluate the risks
and grade them based on critical concerns.

17
Step 4: Consideration of alternative and
selection of treatment.

 Consider different alternative treatment and

method based on the occurrence of each risk
and select the best decision.

18
Step 5: Implementation of the
decision
 The supervisor should implement the risk
remedy decision to deal with the risks to
reduce the impact or to meet the loss if risk
occurred.

19
Step 6:Evaluation and Review
 Every time the risk should be evaluated and
review.
 New risk originates as old risk disappear.
 Techniques befitting last year may have
become obsolete.

20
TYPES OF RISKS IN CLOUD
COMPUTING
21
Cloud Risk Types
 There are 5 types of cloud computing risks.

1. Cloud Computing threats

2. Internal Security Risk
3. External Security Risk
4. Data Protection Risk
5. Data Loss

22
23
Cloud Computing Threats
 Threat 1: Misuse and illicit use of cloud
computing

Unauthorized users may take advantage of

anonymous access of cloud by breaking
password, DDOS, Malicious data hosting.

Target : IaaS, PaaS

24
Threat 2:
 Insecure interfaces and APIs

Customers connect to cloud using APIs or

interfaces.

Providers should double check the security

associated with the APIs.
Target: IaaS, PaaS, SaaS.
25
Threat 3:
 Vicious Insiders

 Vicious insiders represent a larger risk in a

cloud computing environment.
 Vicious insiders can gain unauthorized
access into organizations and their assets.

 Target: IaaS, PaaS, SaaS.

26
Threat 4:
Issues-Related Technology Sharing

 Authorized users may access unauthorized

IaaS resources by overlooking flaws.

 Target : IaaS

27
Threat 5
Data Loss or Leakage:

Data may be deleted or changed without

back-up.

Unauthorized access to perceptive data.

Target: IaaS, PaaS, SaaS.

28
Threat 6
Hijacking accounts /service:

 Eavesdropping on transactions or sensitive

data by attacking login credentials using
phishing , deception and exploitation of the
program vulnerbilities.
 Target: IaaS, PaaS, SaaS.

29
Threat 7
Unknown Risk Profile
 Another threat, which may cause a firm to
accept unknown risks, is lack of knowledge of
a cloud provider’s security protocols and
policies.
 It is important to inquire about a cloud service
provider’s security software, update and
patch procedures, intrusion detection and
alerting and overall security design.
30
INTERNAL SECURITY RISK
 Risk of malicious insiders and abusive use of
login access by an unauthorized person.
 A threat originating inside a company,
government agency, or institution, and
typically an exploit by a disgruntled employee
denied promotion or informed of employment
termination.

31
EXTERNAL SECURITY RISK
 Account or service credentials if stolen can
jeopardize the confidentiality , integrity and
accessibility of whole services connected with
that account.
 Cloud APIs with feeble authentication and
access can jeopardize the confidentiality of
the service.

32
Data Protection Risk
 Data protection and privacy are often considered key
risks when storing personal data in a cloud. The risks
to your data in the cloud include:
 loss or damage by your service provider and their
staff unauthorized disclosure or access
 malicious activities targeting your service provider -
eg hacking or viruses
 poor security practices compromising data protection

33
Data Loss
 Data in the cloud is prone to numerous risks
for example.
 1.Deletion of records
 2.Loss of encryption key
 3.Feeble encryption
 4.Corruption of data.

34
DATA SECURITY IN CLOUD

35
 Data is uploaded on cloud and retained in a
data centre for access by users.

Data security is one of the biggest concern in

cloud based system.

36
Security advantages in cloud
 There are numerous direct and indirect
benefits for the cloud users.

37
1. Data Centralization
 In cloud atmosphere, the service provider
takes responsibility of storage and
organization need not spend more money for
storage.
 It provides the data much faster with low cost
due to centralization.

38
2. Incident Response
 IaaS providers contribute dedicated leagal
server which can be used on demand.
 Whenever there is a violation of the security
policy , it can be intimated through on-line.

39
3.Inquest request
 If there is an inquest , a back up of the
environment can be made and put up on the
cloud without affecting the usual course of
business.

40
4. Reduction of malicious
threats
 your cloud computer service should provide a
solid solution to prevent former employees,
contractors and business partners from
gaining access to a cloud network.

41
5. DoS prevention:
 Denial of service is a classic Internet threat
and outages may cost users immensely.
Solutions offered by a reliable cloud
computing service will detect DoS attacks
and provide effective responses to ensure
24/7 availability.

42
Data breaches prevention
 Strong data encryption can effectively
prevent data breach - ensures that the multi-
tenant cloud service database is properly
designed and configured to keep hackers
away from the system.

43
SECURITY DISADVANTAGES
IN CLOUD
44
 Accessibility: If you have no internet
connection, you have no access to your data.

45
 Usability: Be careful when using drag/drop
to move a document into the cloud storage
folder. This will permanently move your
document from its original folder to the cloud
storage location. Do a copy and paste
instead of drag/drop if you want to retain the
document’s original location in addition to
moving a copy onto the cloud storage folder.

46
 Data Security: There are concerns with the
safety and privacy of important data stored
remotely. The possibility of private data
commingling with other organizations makes
some businesses uneasy. If you want to
know more about those issues that govern
data security and privacy

47
What is Content Level
Security?
 Security Levels which are embedded within
the enterprise content.
 The content security level , from most –
permissive to mos-restrive are
 1. Read & Write
 2. Read only
 3.Invisible

48
CLOUD SECURITY SERVICES

49
 Data Security service experts three services
as a standard for evaluation of data system
security.
 It is known as CIA-

C- Confidentiality
I- Integrity
A-Availability
50
Data Confidentiality
 Data confidentiality means limiting data
access only to authorized users and stopping
access to unauthorized ones.
 Data Confidentiality is maintained using
following services

51
 1. Access Control mechanism
 2. Passwords
 3.Biometrics
 4.Encryption
 5.Privacy
 6.Ethics

52
Data Integrity
 Data integrity is defined as the correctness
and completeness of the data.
 It means data should be secured from
unauthorized changes.
 Integrity of data can be compromised by
malicious users , hackers, program mistakes
and computer virus.

53
Data Availability
 A data system that is not accessible when
required is not good.
 Data availability means that authorized users
have access to data and affiliated assets
when required.
 This can be done by backing up data ,
catastrophe recovery and enterprise recovery
plan.

54
 Data availability can be assured by using the
following two mechanism.
 1. Data Backup Plan.

 2.Disaster Recovery Plan (DRP).

55
CLOUD COMPUTING TOOLS

56
PARALLEL COMPUTING WITH
CLOUD
57
What is Parallel Computing?
 Parallel computing is a type of computing
architecture in which several processors execute or
process an application or computation
simultaneously.
 Parallel computing helps in performing large
computations by dividing the workload between
more than one processor, all of which work through
the computation at the same time. Most
supercomputers employ parallel computing
principles to operate.
 Parallel computing is also known as parallel
58
processing.
59
60
61
High Performance Parallel
Computing With Cloud
Technologies
 Cloud Technologies Supporting HPC.

 1. Hadoop
 2. Dryad
 3.CGL-MapReduce

62
Cloud Computing Platform
Tools
 1. Abicloud Cloud Computing Platform
 2.Eucalyptus Cloud Platform
 3.Nimbus Cloud Computing Platform
 4.OpenNebula Cloud Computing Platform

63
Abicloud
 AbiCloud is an open source cloud computing
platform manager. It allows to quickly create a
private cloud inside an organization's firewall,
 This tool is used to develop cloud platform
 It can be used to construct, incorporate and
organize public as well as personal cloud in
homogeneous environment.

64
Abicloud
 This tool helps to establish and organize
the server, storage, virtual resources.
 It is completely web based administration
function.
 It is more simple and flexible cloud
platform.

65
Ecualyptus Cloud Platform
 Eucalyptus is an acronym for Elastic Utility
Computing Architecture for Linking Your
Programs To Useful Systems.
 Eucalyptus is a paid and open-source
computer software for building Amazon Web
Services-compatible private and hybrid cloud
computing environments

66
Nimbus Cloud
 It is open-source toolkit concentrated on
supplying IaaS.
 It provides capabilities to the scientific
community.

67
Nimbus Cloud
 Nimbus-supported Science Clouds have two
objectives:
 To make it easy for scientific and educational
projects to experiment with cloud computing,
and
 To learn how to make cloud computing a
useful tool for the scientific community.

68
OpenNebula
 OpenNebula is a cloud computing platform
for managing heterogeneous distributed data
center infrastructures.
 The OpenNebula platform manages a data
center's virtual infrastructure to build private,
public and hybrid implementations
of infrastructure as a service.

69
 The two primary uses of the OpenNebula
platform are data center virtualization
solutions and cloud infrastructure solutions.
 The platform is also capable of offering the
cloud infrastructure necessary to operate a
cloud on top of existing infrastructure
management solutions.
 OpenNebula is free and open-source
software
70
Tools for building
programming in cloud
 MapReduce is a framework for
processing parallelizable problems across
large datasets using a large number of
computers (nodes), collectively referred to as
a cluster.

71
Chubby Cloud tool
 Chubby is highly accessible distributed data
secure service.
 This programming model is mostly used to
support google’s cloud computing platform.

72
Dryad and DryadLINQ
 Dryad is an infrastructure which allows a
programmer to use the resources of a
computer cluster or a data center for running
data-parallel programs.
 A Dryad programmer can use thousands of
machines, each of them with multiple
processors or cores, without knowing
anything about concurrent programming.

73
 DryadLINQ is a simple, powerful, and
elegant programming environment for writing
large-scale data parallel applications running
on large PC

74
CLOUD MASHUBS

75
What is Mashups?
 A mashup in web development is a web
page or web application that uses content
from more than one source to create a single
new service displayed in a single graphical
interface.

76
77
78
Cloud Mashhups
 Mashup is term used to describe an
application that can be web based , which
combines information from more than one
source to present a new service.

79
Advantages
 Customer can manage and use different
existing system in a logical fashion.
 It supports interoperability between providers.

80
Types of mashup
 There are many types of mashup, such as
 1.Business mashups
 2.Consumer mashups
 3.Data mashups.
The most common type of mashup is the
consumer mashup, aimed at the general
public.

81
Business Mashups
 Business (or enterprise) mashups define
applications that combine their own
resources, application and data, with other
external Web services.
 They focus data into a single presentation
and allow for collaborative action among
businesses and developers.

82
Consumer mashups
 Consumer mashups combine data from
multiple public sources in the browser and
organize it through a simple browser user
interface.(e.g.: Wikipediavision combines
Google Map and a Wikipedia API)


83
Data mashups
 Data mashups, opposite to the consumer
mashups, combine similar types of media
and information from multiple sources into a
single representation.
 The combination of all these resources create
a new and distinct Web service that was not
originally provided by either source.

84
APACHE HADOOP

85
What is Hadoop?
 Hadoop is an open-source software
framework for storing data and running
applications on clusters of commodity
hardware.
 It provides massive storage for any kind of
data, enormous processing power and the
ability to handle virtually limitless concurrent
tasks or jobs.

86
Typical Hadoop Cluster

Image from http://wiki.apache.org/hadoop-data/attachments/HadoopPresentations/attachments/aw-apachecon-eu-

Apache Hadoop
 Hadoop is an open source distributed
processing framework that manages data
processing and storage for big data
applications running in clustered systems.


88
Benefits of Hadoop
 1. Scalable
 2. Cost effective
 3. Flexible
 4. Fast
 5. Resilient to failure

89
Scalable

 It is a highly scalable storage platform,

because it can store and distribute very large
data sets across hundreds of inexpensive
servers that operate in parallel.
 Unlike traditional relational database
systems (RDBMS) that can't scale to process
large amounts of data, Hadoop enables
businesses to run applications on thousands
of nodes involving thousands of terabytes of
data. 90
Cost effective

 Hadoop also offers a cost effective storage

solution for businesses' exploding data sets.

91
3. Flexible

 Hadoop enables businesses to easily access

new data sources and tap into different types
of data (both structured and unstructured) to
generate value from that data. This means
businesses can use Hadoop to derive
valuable business insights from data sources
such as social media, email conversations or
clickstream data.

92
Fast
 Hadoop's unique storage method is based on
a distributed file system that basically 'maps'
data wherever it is located on a cluster.
 The tools for data processing are often on
the same servers where the data is located,
resulting in much faster data processing.
 If you're dealing with large volumes of
unstructured data, Hadoop is able to
efficiently process terabytes of data in just
minutes, and petabytes in hours. 93
5. Resilient to failure

 A key advantage of using Hadoop is its fault

tolerance. When data is sent to an individual
node, that data is also replicated to other
nodes in the cluster, which means that in the
event of failure, there is another copy
available for use.

94
HADOOP ARCHITECTURE

95
The 4 Modules of Hadoop
 1. Hadoop Distributed File-System(HDFS)
 2. MapReduce
 3. Hadoop Common
 4. YARN

96
HADOOP FILE
ARCHITECTURE

97
Apache HDFS
 Hadoop Distributed File System is a block
structured file system where each file is divided into
blocks of a pre-determined size.
 These blocks are stored across a cluster of one or
several machines.
 Apache Hadoop HDFS Architecture follows
a Master/Slave Architecture, where a cluster
comprises of a single NameNode (Master node) and
all the other nodes are DataNodes (Slave nodes). .
98
HDFS

99
 HDFS can be deployed on a broad spectrum
of machines that support Java.
 Though one can run several Data Nodes on a
single machine, but in the practical world,
these Data Nodes are spread across various
machines

100
NameNode

 NameNode is the master node in the Apache

Hadoop HDFS Architecture that maintains and
manages the blocks present on the DataNodes
(slave nodes).
 NameNode is a very highly available server that
manages the File System Namespace and
controls access to files by clients.
 The HDFS architecture is built in such a way
that the user data never resides on the
NameNode.
101
 The data resides on DataNodes only.
Functions of NameNode

 It is the master daemon that maintains and

manages the Data Nodes (slave nodes)
 It records the metadata of all the files stored
in the cluster, e.g. The location of blocks
stored, the size of the files, permissions,
hierarchy, etc.

102
Functions of NameNode

 It records each change that takes place to the

file system metadata.
 For example, if a file is deleted in HDFS, the
NameNode will immediately record this in the
EditLog.
 It regularly receives a Heartbeat and a block
report from all the DataNodes in the cluster to
ensure that the DataNodes are live.

103
Functions of Name Node

 It keeps a record of all the blocks in HDFS

and in which nodes these blocks are located.
 The Name Node is also responsible to take
care of the replication factor of all the
blocks which we will discuss in detail later in
this HDFS tutorial blog.
 In case of the DataNode failure, the
NameNode chooses new Data Nodes for
new replicas,balance disk usage and
manages the communication traffic to the 104
Data Node
 Data Nodes are the slave nodes in HDFS.
Unlike Name Node, DataNode is a
commodity hardware, that is, a non-
expensive system which is not of high quality
or high-availability.
 The DataNode is a block server that stores
the data in the local file ext3 or ext4.


105
Functions of Data Node:

 These are slave daemons or process which

runs on each slave machine.
 The actual data is stored on Data Nodes.
 The Data Nodes perform the low-level read
and write requests from the file system’s
clients.
 They send heartbeats to the Name Node
periodically to report the overall health of
HDFS, by default, this frequency is set to 3
seconds. 106
Secondary NameNode:

 Apart from these two daemons, there is a

third daemon or a process called Secondary
Name Node.
 The Secondary Name Node works
concurrently with the primary Name Node as
a helper daemon.

107
Functions of Secondary Name Node:

 The Secondary Name Node is one which

constantly reads all the file systems and
metadata from the RAM of the Name Node
and writes it into the hard disk or the file
system.

108
BLOCKS

 The data in HDFS is scattered across the

Data Nodes as blocks.
 Blocks are the nothing but the smallest
continuous location on your hard drive where
data is stored.
 In general, in any of the File System, you
store the data as a collection of blocks.

109
 Similarly, HDFS stores each file as blocks
which are scattered throughout the Apache
Hadoop cluster.
 The default size of each block is 128 MB in
Apache Hadoop 2.x (64 MB in Apache
Hadoop 1.x) which you can configure as per
your requirement.

110
Block of Data

111
 Hadoop MapReduce (Hadoop
Map/Reduce) is a software framework for
distributed processing of large data sets on
compute clusters of commodity hardware.

112
 the primary objective of Map/Reduce is to
split the input data set into independent
chunks that are processed in a completely
parallel manner.
 The Hadoop MapReduce framework sorts the
outputs of the maps, which are then input to
the reduce tasks. Typically, both the input
and the output of the job are stored in a file
system.
113
MapReduce
 MapReduce expresess the computation as
two functions

 1. Map Function

 2.Reduce Function

114
Map Function
 Map Function takes an input pair and makes
a set of intermediate key/ value pairs and
passes these pairs into reduce function.

115
Reduce Function
 Reduce function merges all intermediate
values with the same pairs and makes set of
output key/value.

116
MAP REDUCE

117
118
119
120
 Hadoop Common: The common utilities that support
the other Hadoop modules.

121
 Hadoop YARN: A framework for job
scheduling and cluster resource
management.

122
CLOUD TOOLS

123
CLOUD TOOLS AND IT USES
 1.VMWARE
 2.EUCALYPTUS
 3.CLOUDSIM
 4.OPENNEBULA
 5.NIMBUS

124
VMWARE
 VMware tool is a virtualization product that
makes it possible to partition a single physical
server into multiple virtual machines.
 VMware server works with Windows, Solaris,
Linux and Netware, any or all of which can
be used concurrently on the same hardware.

125
VMware Supports
Desktop virtualization consists of
1. Vmware Workstation
2. Vmware Fusion
3. Vmware Player
Server Virtualization consists of
1. Vmware ESX
2. Vmware ESXi

126
127
128
The Cloud Management Tools
 1. Vmware v Cloud

 2.Vmware Go

129
EUCALYPTUS
 It means Elastic Utility Computing
Architecture for Linking Your Programs To
Useful Systems.
 It is used to create and organize private cloud
that can even be accessed as a public cloud.
 Eucalyptus is a paid and open-source
computer software for building Amazon Web
Services-compatible private and hybrid cloud
computing environments
130
Features
 It is a compatible platform for Amazon EC2
 Interface compatibility with EC2
 Simple setting up and deployment
 Simple set of extensible cloud share policies.
 No modification needed in Linux Environment
 Supports basic administration tools for
systems administration and client accounting.
 Configuring multiple clusters into a single
cloud.
131
 Portability
Components of Eucalyptus
 It has three components. They are

 1. Cloud Controller(CLC)
 2. Cluster Controller(CC)
 3. Node Controller(NC)

132
133
134
Cloud Controller
 Incoming demands from external clients are
processes by cloud controller.
 It is responsible for handling demands.
 It is the front end to the whole cloud
infrastructure.
 It provides a web interface for users.

135
Cluster Controller
 The CC is responsible for managing an
assemblage of clusters that work together.
 It supervises and coordinates the incoming
input requests flow.

136
Node Controller
 It is responsible for executing a task in the
cloud.
 Each NC can organize multiple virtual
machine instances.
 The NC interacts with the OS

137
CLOUDSIM
 Cloudsim is a framework for modeling and
simulation of cloud computing infrastructure
and services.

138
Features
 Support for modeling and replication of large
scale cloud computing data centers.
 Support for modeling and replication of
virtualized server hosts.
 Support for modeling and replication of
energy-aware computational resources.
 Support for modeling and replication of
federated clouds.
 Support for dynamic insertion of replication
139
components.
OPENNEBULA
 It is most sophisticated structure for cloud
computing.
 It is used to organize tens of thousands of
VMs , private cloud .
 It can integrate with XEN, KVM AND
Vmware.

140
141
OpenNebula Features
 OpenNebula is a cloud computing tool for
managing heterogeneous distributed data
centre infrastructure.

142
OpenNebula Does the
following
 1. Management of the network, computing
and storage capacity.
 2. Management of VM Life cycle
 3.Management of workload
 4.Management of Virtual Networks
 5.Management of VM Images
 6.Management of Information and
accounting.
143
 7. Management of Security
 8. Management of remote cloud capacity
 9. Management of public cloud servers.

144
145
NIMBUS
 It is an open-source tool kit concentrated on
supplying Infrastructure as a Service.
 It provides capabilities to the scientific
community .

146
Features
 It helps to construct personal and community
IaaS Cloud.
 It helps users to user IaaS Clouds.
 It helps developers to continue , trial and
customize IaaS.
 Open Source
 Storage Cloud Service
 Easy to use
147
 Per-user storage quota
 Easy client management

148