Cloud Computing: Risk Analysis, Microservices Strategy and Mitigation

Verified

Added on 2022/11/15

AI Summary

This report provides a comprehensive analysis of cloud computing risks and explores the implementation of microservices strategies. The document begins by identifying various risks associated with cloud computing, including lack of encryption, poor IP protection, inadequate security management, and data leakage. It then outlines preventive measures to mitigate these risks, such as the use of cryptographic protocols, proper IP management, and robust security protocols. The report also delves into the risks and preventive measures related to microservices, such as disregarding human factors, neglecting DevOps, inappropriate service boundaries, and incorrect communication protocols. The report emphasizes the importance of a well-defined microservices architecture to ensure reliability, sustainability, and evolvability. It also highlights the significance of addressing communication challenges and avoiding common pitfalls in microservices design. The document is a valuable resource for understanding the challenges and best practices in cloud computing and microservices.

Running Head: - CLOUD COMPUTING
CLOUD COMPUTING
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1CLOUD COMPUTING
New Hybrid Cloud
RISK DESCRIPTION PREVENTIVE
MEASURES
Lack of Encryption
The transmission occurring
over the network is vulnerable
to attacks. The communication
system and data should be
encrypted for privacy purpose
(Li, Li, Chen, Lee & Lou,
2014).
It can be prevented with the
use of cryptographic protocols.
With the help of the
cryptographic protocols, the
ends will be authenticated.
The encryption can also be
achieved with the help of
reliable proxy server. The
unencrypted can be send with
the use of a secure shell
network.
Poor protection of IP
The Intellectual property
requires more security and
protection. The IP must have
the most number of
authentication security. The IP
is not managed properly if its
appropriate encryption is not
maintained.
In order to manage the IP
properly all the tasks related to
IP must be done manually. All
the problems related to the IP
need to identify. A third party
related audit work need to be
conducted. It must be ensured
that the entire network and the
related infrastructures are
secured. The entire network
must be under a permission
matrix. The threats and the
cause must be identified
properly. According to the
threats, the models need to be
created and implemented.
Poor security
Management
It happens when many
managers fail to implement
different methods of
authentication and authorized
method for the storage of data
in both the public and private
cloud (Javanmardi et al., 2014).
The protocols associated with
the cloud security must be
integrated with the systems.
It can be managed properly
with the help of alternative
controls for the two different
clouds. It can be maintained
with the help of the separation
of storage cloud for public and
private data (Bora & Ahmed,
2013). The data need to be
synchronized and an identify
management systems team
need to be implemented in the
system.
Poor constructed cross
platform tools
In a hybrid, culture poor build
cross platform must be avoided
as it cause some of the major
problems.
The cloud monitoring tools
used for the purpose of
interoperability among the
private and public clouds
should have the capability to
accommodate an environment,

2CLOUD COMPUTING
which is virtual in nature.
Data leakage
If the data is stored without
security protocols that, there is
high chance that the data can be
destroyed and accessed by the
hackers.
The security measures
implemented should have the
capability to counter the
malfunctions related to the
infrastructures.
Poor defined SLAs
When a customer is moving, the
customers are not able to
govern their own data and they
depend on the service provider.
All the access need to be
secure and the different
method of the security need to
be secure and defined with
different levels. All the terms
and conditions related to the
service must be mentioned
properly so that if service is
disrupted the customer can
easily approach to the service
provider.
Lack of data ownership The enterprise loses all the
information once the cloud is
deployed and the organization
is not able to manage their own
information sets (Brender &
Markov, 2013).
All the security and the data
related ownership need to be
verified. The vendors
providing the service must be
verified. The customer must
have a clear description about
the people who can access the
data.
Malicious Employees It is seen that sometimes the
attacks occurs from the most
unexpected people, as all the
employees associated with the
service are trustworthy.
A strong authentication
method and password need to
be implemented so that the
storage is protected. The
access should be limited
regarded the organizational
assets.
Failure to communicate
with cloud provider
The communication is failed if
the service between the
customers and the cloud is not
done properly. It arises when
the terms and conditions are not
mentioned clearly in the service
agreement.
It is the duty of the customer to
state the entire requirement to
the service provider. The
customer should clarify all the
doubt before the
implementation of the service
(Carlson, 2014).
Denial of service attacks This is one of the common
attack occurring in the layers.
The time when it is noticed, it is
observed that the attack already
started and the service provider
is helpless.
A device is implemented in the
path so that all the incoming
and outgoing traffic can be
easily monitored. The device
must have the ability to act
immediately when multi
vendors attacks the cloud.

3CLOUD COMPUTING
Microservices Strategy
RISK DESCRIPTION PREVENTIVE MEASURES
Disregarding the
human related factors
Lack of understanding regarding
the microservices led to such
factors. The developers who are
not able to understand the
microservices faces issues
related to it (Souza, Martins &
Dalcin, 2016).
The system needs to be made in
such a way that it is reliable,
sustainable and evolvable.
Neglecting the
DevOps and different
testing factors
The main objective of the micro
service is to provide one of the
best services. There are moments
when it is impractical to handle
the different systems. The
negotiation related to the
DevOps will produce brittle
systems.
The risk can be overcome with
introducing improved DevOps.
The delivery pipeline should be
integrated with the microservices
strategy and helps in reducing the
complexity related to engineering.
Inappropriate service
boundaries
One of the issue faced is that a
distributed monolith is created.
The monolith is required only to
deal with certain failures.
The service design need to be
self-contained and independent.
The boundaries should
differentiate the different
concerns related to the different
business level (O’Connor, Elger
& Clarke, 2016).
Introducing a shared
model related to
domain
With respect to the
microservices architecture all the
related things are different.
Every small update regarding the
architecture will require the
system update (Jamshidi et al.,
2018). It creates certain
operational challenges.
Every service should follow its
own domain. All the service
should follow different service
that are completely independent.
The domain knowledge should be
presented with the help of service
interaction rather than with the
help of a shared object model.
Assumption of the
wrong communication
protocols
The service when limited to a
single protocol causes different
type of communication related
risks and the approach related to
the entire system is disrupted.
The risk arise when the
communication pattern is not
studied properly and there are
misconception related to it.
The protocol need to avoid. The
protocol need to be followed once
there is clear understanding
related to the communication.
The service support should have
good communication knowledge
and must have idea related to the
system and the microservices
strategies. The difference related
to the internal and external factors
of the system must be clear. The
external layer must be accessible
so that the issues can be easily
approached. The internal factors
are benefitted from the message

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4CLOUD COMPUTING
brokers.
Failing to approach The risk is caused when the
service is executed. The focus on
the service related contract is
complex.
The contracts that are generated
automatically need to be avoided.
The service contracts need to be
defined first at the initial stage
(Masuda et al., 2015).
Creating the wrong
thing
The risk related with the wrong
approach is that lots of time and
efforts is invested that is
inessential. The lack of the goals
causes complexity related to the
project and the focus towards the
project is lost (Lenarduzzi &
Sievi-Korte, 2018).
The clarification related to the
project need to be made at the
initial stage of the project. It is
important to describe the
necessary and the unnecessary
goals so that no complexity is
faced during the project.

5CLOUD COMPUTING
References
Bora, U. J., & Ahmed, M. (2013). E-learning using cloud computing. International Journal of
Science and Modern Engineering, 1(2), 9-12.
Brender, N., & Markov, I. (2013). Risk perception and risk management in cloud computing:
Results from a case study of Swiss companies. International journal of information
management, 33(5), 726-733.
Carlson, F. R. (2014). Security analysis of cloud computing. arXiv preprint arXiv:1404.6849.
Jamshidi, P., Pahl, C., Mendonça, N. C., Lewis, J., & Tilkov, S. (2018). Microservices: The
journey so far and challenges ahead. IEEE Software, 35(3), 24-35.
Javanmardi, S., Shojafar, M., Amendola, D., Cordeschi, N., Liu, H., & Abraham, A. (2014).
Hybrid job scheduling algorithm for cloud computing environment. In Proceedings of
the fifth international conference on innovations in bio-inspired computing and
applications IBICA 2014 (pp. 43-52). Springer, Cham.
Lenarduzzi, V., & Sievi-Korte, O. (2018). So ware Components Selection in Microservices-
based Systems.
Li, J., Li, Y. K., Chen, X., Lee, P. P., & Lou, W. (2014). A hybrid cloud approach for secure
authorized deduplication. IEEE transactions on parallel and distributed
systems, 26(5), 1206-1216.
Masuda, Y., Shirasaka, S., Yamamoto, S., & Hardjono, T. (2015) Risk Management for
Digital Transformation in Architecture Board.
O’Connor, R., Elger, P., & Clarke, P. M. (2016, May). Exploring the Impact of Situational
Context—A Case Study of a Software Development Process for a Microservices

6CLOUD COMPUTING
Architecture. In 2016 IEEE/ACM International Conference on Software and System
Processes (ICSSP) (pp. 6-10). IEEE.
Souza, D., Martins, E., & Dalcin, E. C. (2016). Assessing the risk of extinction of Brazil’s
flora: a computational approach based on microservices and geospatial analysis.
In WCAMA-7th Workshop Computaçao Aplicada aGestao do Meio Ambiente e
Recursos Naturais, At Porto Alegre, Rio Grande do Sul, Brasil.