Issues in cloud computing

Download Issues in cloud computing

Post on 17-Jan-2015




0 download

Embed Size (px)


Cloud computingmeans using multipleservercomputers via a digital network, as though they were one computer. We can say , it is a new computing paradigm, involving data and/or computation has many issues like security issues, privacy issues, data issues, energy issues, bandwidth issues, cloud interoperability.there are solutions like scaling of resources, distribute servers etc.


<ul><li> 1. ISSUES IN CLOUD COMPUTING </li> <li> 2. Flow of presentation : <ul><li>Introduction </li></ul><ul><li>Security issues </li></ul><ul><li>Data issues </li></ul><ul><li>Performance issues </li></ul><ul><li>Energy related issues </li></ul><ul><li>Bandwidth related issues </li></ul><ul><li>Fault tolerance </li></ul><ul><li>Conclusion </li></ul></li> <li> 3. WHAT IS CLOUD COMPUTING? <ul><li>Cloud computingmeans using multipleservercomputers via a digital network, as though they were one computer. </li></ul><ul><li>We can say , it is a new computing paradigm, involving data and/or computation outsourcing, with </li></ul><ul><li> Infinite and elastic resource scalability </li></ul><ul><li> On demand just-in-time provisioning </li></ul><ul><li> No upfront cost pay-as-you-go </li></ul><ul><li>The name cloud computing was inspired by the cloud symbol that's often used to represent the Internet in flowcharts and diagrams. </li></ul></li> <li> 4. BENEFITS <ul><li>Traditionally, without a cloud, aweb serverruns as a single computer or a group of privately owned computers </li></ul><ul><li>If the computer'swebsiteorweb applicationsuddenly becomes more popular, and the amount of requests are far more than the web server can handle, the response time of the requested pages will be increased due to overloading. On the other hand, in times of low load much of the capacity will go unused. </li></ul><ul><li>If the website,service, or web application is hosted in a cloud, however, additional processing and compute power is available from the cloud provider. </li></ul><ul><li>If the website suddenly becomes more popular, the cloud can automatically direct more individual computers to work to serve pages for the site, and more money is paid for the extra usage. If it becomes unpopular, however, the amount of money due will be less. Cloud computing is popular for its pay-as-you-go pricing model. </li></ul></li> <li> 5. <ul><li>In the past computing task there were not possible without the installation of application software on a user's computer. A user bought a license for each application from a software vendor and obtained the right to install the application on one computer system. </li></ul><ul><li>With the development oflocal area networks(LAN) and more networking capabilities, theclient-server modelof computing was born, where server computers with enhanced capabilities and large storage devices could be used to host application services and data for a large workgroup. </li></ul></li> <li> 6. Difference between client-server and cloud computing : <ul><li>Typically, in client-server computing, a network-friendly client version of the application is required on client computers which utilized the client system's memory and CPU for processing. even though resultant application data files were stored centrally on the data servers. Multiple user licenses of an application were purchased for use by many users on a network. </li></ul><ul><li>Cloud computingdiffers from the classic client-server model by providing applications from a server that are executed and managed by a client's web browser, with no installed client version of an application required. </li></ul></li> <li> 7. Architecture The two most significant components of cloud computing architecture are known as the front end &amp; the back end . </li> <li> 8. <ul><li>The front end is the part seen by the client, i.e., the computer user. This includes the clients network (or computer) and the applications used to access the cloud via a user interface such as a web browser. </li></ul><ul><li>The back end of the cloud computing architecture is theclouditself, comprising various computers, servers and data storage devices. </li></ul><ul><li>Cloud architecture,thesystems architectureof thesoftware systemsinvolved in the delivery of cloud computing, typically involves multiplecloud componentscommunicating with each other overloose couplingmechanism such as messaging queue. </li></ul></li> <li> 9. Data storage <ul><li>Cloud storage is a model of networkedcomputer data storagewhere data is stored on multiple virtual servers, in general hosted by third parties, rather than being hosted on dedicated servers. </li></ul><ul><li>Hosting companies operate large data centers; and people who require their data to be hosted buy or lease storage capacity from them and use it for their storage needs. </li></ul><ul><li>Thedata centeroperators, in the background,virtualizesthe resources according to the requirements of the customer and expose them as virtual servers, which the customers can themselves manage. In the physical sense, the resource may span across multiple servers. </li></ul></li> <li> 10. Cloud computing services are broadly divided into three categories: <ul><li>Infrastructure as a Service (IaaS) : </li></ul><ul><li>This is the base layer of the cloud stack. It serves as a foundation for the other two layers, for their execution. The keyword behind this stack is Virtualization. </li></ul><ul><li>your application will be executed on a virtual computer (instance). You have the choice of virtual computer, where you can select a configuration of CPU, memory &amp; storage that is optimal for your application. </li></ul><ul><li>The whole cloud infrastructure viz. servers, routers, hardware based load-balancing, firewalls, storage &amp; other network equipments are provided by the IaaS provider. </li></ul><ul><li>Some common examples are Amazon, GoGrid, 3 Tera, etc. </li></ul></li> <li> 11. Platform as a Service (PaaS) <ul><li>Here, a layer of software, or development environment is encapsulated &amp; offered as a service, upon which other higher levels of service can be built. </li></ul><ul><li>The customer has the freedom to build his own applications, which run on the providers infrastructure. </li></ul><ul><li>To meet manageability and scalability requirements of the applications, PaaS providers offer a predefined combination of OS and application servers. </li></ul><ul><li>such as LAMP platform (Linux, Apache, MySql and PHP), Googles App Engine,, etc are some of the popular PaaS examples </li></ul></li> <li> 12. Software as a Service (SaaS) <ul><li>In this model, a complete application is offered to the customer, as a service on demand. A single instance of the service runs on the cloud &amp; multiple end users are serviced. </li></ul><ul><li>On the customers side, there is no need for upfront investment in servers or software licenses, while for the provider, the costs are lowered, since only a single application needs to be hosted &amp; maintained. </li></ul><ul><li>Today SaaS is offered by companies such as Google, Salesforce, Microsoft, etc. </li></ul></li> <li> 13. DEPLOYMENT MODELS <ul><li>Private cloud: </li></ul><ul><li>The cloud infrastructure is owned or leased by a single organization and is operated solely for that organization. </li></ul><ul><li>Community cloud: </li></ul><ul><li>The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy). </li></ul><ul><li>Public cloud: </li></ul><ul><li>The cloud infrastructure is owned by an organization selling cloud services to the general public or to a large industry group. </li></ul><ul><li>Hybrid cloud: </li></ul><ul><li>The cloud infrastructure is a composition of two or more clouds that remain unique entities but are bound together by standardized orproprietary technology. </li></ul></li> <li> 14. </li> <li> 15. ISSUES IN CLOUD COMPUTING <ul><li>Security issues </li></ul><ul><li>- Physical security </li></ul><ul><li>- Operational security </li></ul><ul><li> - Programmatic security </li></ul><ul><li>Data issues </li></ul><ul><li>- Data backup </li></ul><ul><li>- Data usage </li></ul><ul><li>- Data loss </li></ul><ul><li>- Data integrity </li></ul><ul><li>- Data theft </li></ul></li> <li> 16. <ul><li>Performance issue </li></ul><ul><li>Design issues </li></ul><ul><li>- Energy management </li></ul><ul><li>- Novel cloud architectures </li></ul><ul><li>- Software Licensing </li></ul><ul><li>Reliability </li></ul><ul><li>Legal issuues </li></ul><ul><li>- The Physical Location of your Data </li></ul><ul><li>- Responsibility of your Data </li></ul><ul><li>- Intellectual Property Rights </li></ul></li> <li> 17. SECURITY ISSUES <ul><li>Security is generally perceived as a huge issue for the cloud </li></ul><ul><li>The survey found that while 58 percent of the general population and 86 percent of senior business leaders are excited about the potential of cloud computing, more than 90 percent of these same people are concerned about the security, access and privacy of their own data in the cloud. </li></ul><ul><li>There is a possibility where a malicious user can penetrate the cloud by impersonating a legitimate user, there by infecting the entire cloud thus affecting many customers who are sharing the infected cloud. </li></ul></li> <li> 18. Security Is the Major Challenge </li> <li> 19. <ul><li>Some of the security problem which is faced by the Cloud computing, </li></ul><ul><li>Data Integrity </li></ul><ul><li>When a data is on a cloud anyone from any location can access those datas from the cloud. Cloud does not differentiate between a sensitive data from a common data thus enabling anyone to access those sensitive datas. Thus there is a lack of data integrity in cloud computing </li></ul><ul><li>Data Theft </li></ul><ul><li>Most of the cloud Vendors instead of acquiring a server tries to lease a server from other service providers because they are cost affective and flexible for operation. </li></ul><ul><li>The customer doesnt know about those things, there is a high possibility that the data can be stolen from the external server by a malicious user. </li></ul></li> <li> 20. <ul><li>Security on Vendor level </li></ul><ul><li>Vendor should make sure that the server is well secured from all the external threats it may come across. A Cloud is good only when there is a good security provided by the vendor to the customers. </li></ul><ul><li>Security on User level </li></ul><ul><li>Even though the vendor has provided a good security layer for the customer, the customer should make sure that because of its own action, there shouldnt be any loss of data or tampering of data for other users who are using the same Cloud. </li></ul><ul><li>Information Security </li></ul><ul><li> Security related to the information exchanged between different hosts or between hosts and users. This issues pertaining to secure communication , authentication , and issues concerning single sign on and delegation . </li></ul></li> <li> 21. THERE MAY BE <ul><li>Physical security : </li></ul><ul><li>- Physical location of data centers; protection of data centers against disaster and intrusion. </li></ul><ul><li>How much safe is data from Natural disaster? </li></ul><ul><li>- Data can be redundantly store in multiple physical location. </li></ul><ul><li>- Physical location should be distributed across world. </li></ul><ul><li>Data Location </li></ul><ul><li>- When user use the cloud, user probably won't know exactly where your data is hosted, what country it will be stored in? </li></ul></li> <li> 22. <ul><li>Traditional Security </li></ul><ul><li>- These concerns involve computer and network intrusions or attacks that will be made possible or at least easier by moving to the cloud. </li></ul><ul><li>Concerns in this category include: </li></ul><ul><li>Authentication and Authorization : </li></ul><ul><li>- The enterprise authentication and authorization framework does not naturally extend into the cloud. How does a company meld its existing framework to include cloud resources? Furthermore, how does an enterprise merge cloud security data (if even available) with its own security metrics and policies? </li></ul><ul><li>VM-level attacks. </li></ul><ul><li>- Potential vulnerabilities in the VM technology used by cloud vendors are a potential problem in multi-tenant architectures. </li></ul></li> <li> 23. <ul><li>Third-party data control </li></ul><ul><li>Cloud computing facilitates storage of data at a remote site to maximize resource utilization. As a result, it is critical that this data be protected and only given to authorized individuals. </li></ul><ul><li>This essentially amounts to secure third party publication of data that is necessary for data outsourcing, as well as external publications. </li></ul><ul><li>The legal implications of data and applications being held by a third party are complex and not well understood. There is also a potential lack of control and transparency when a third party holds the data. </li></ul><ul><li>All this is prompting some companies to build private clouds to avoid these issues and yet retain some of the advantages of cloud computing. </li></ul></li> <li> 24. Operational security <ul><li>Who has access? </li></ul><ul><li>- Access control is a key concern, because insider attacks are a huge risk. A potential hacker is someone who has been entrusted with approved access to the cloud. </li></ul><ul><li>- Anyone considering using the cloud needs to look at who is managing their data and what types of controls are applied to these individuals. </li></ul><ul><li>What type of training does the provider offer their customers ? </li></ul><ul><li>- This is actually a rather important item, because people will always be the weakest link in security. Knowing how your provider trains their customers is an important item to review. </li></ul></li> <li> 25. <ul><li>What is the long-term viability of the provider? </li></ul><ul><li>- How long has the cloud provider been in business and what is their track record. If they go out of business, what happens to your data? Will your data be returned, and if so, in what format? </li></ul><ul><li>What is the disaster recovery/business continuity plan ? </li></ul><ul><li>- While you may not know the physical location of your services, it is physically located somewhere. All physical locations face threats such as storms, natural disasters, and loss of power. </li></ul><ul><li>- In case of any of these events, how will the cloud provider respond, and what guarantee of continued services are they promising? </li></ul></li> <li> 26. Cloud Computing Attacks <ul><li>As more companies move to cloud computing, look for hackers to follow. Some of the potential attack vectors criminals may attempt include: </li></ul><ul><li>Denial of Service (DoS) attacks </li></ul><ul><li>- Some security professionals have argued that the cloud is more vulnerable to DoS attacks, because it is shared by many users, which makes DoS attacks much more damaging. </li></ul><ul><li>- Twitter suffered a devastating DoS attack during 2009. </li></ul><ul><li>Side Channel attacks </li></ul><ul><li> An attacker could attempt to compromise the cloud by placing a malicious virtual machine in close proximity to a target cloud server and then launching a side channel attack. </li></ul></li> <li> 27. <ul><li>Authentication attacks </li></ul><ul><li> Authentication is a weak point in hosted and virtual services and is frequently targeted. There are many different ways to authenticate users; for example, based on what a person knows, has, or is. </li></ul><ul><li>- The mechanisms used to secure the authentication process and the methods used are a frequent target of attackers. </li></ul><ul><li>Man-in-the-middle cryptographic attacks </li></ul><ul><li> This attack is carr...</li></ul></li></ul>