SlideShare a Scribd company logo

cloud Raid

G
gsmenon1

cloud raid

Technology
1 of 7
Download to read offline
www.neridio.com Copyright © 2022, Neridio Systems August 2022 Zero Trust, Cloud Storage Architecture – Towards No Single Point of Breach or Cyber Attacks Overview Public clouds have now become a part of every organization’s IT infrastructure outsourcing strategy, even Individuals cannot do without cloud-based storage services for getting on with their daily lives. Public storage services such as Amazon S3, Microsoft Azure or Google Cloud enable organizations to manage data with zero capital expenses. These benefits also come with new challenges such as security, lack of control, visibility, availability outages and reliability. While cloud computing is a utility, cloud storage is not. This white paper draws sharp lines between the two and explains business case of avoiding single point of cyber- attack, data breaches or lack of control. Businesses using cloud services should find a way of outsourcing storage without outsourcing control on their data. If an organization is to depend solely on a single cloud storage provider, it will find limitations and risks. Secure Cloud Integration technology from Neridio Systems makes use of the power of virtualization at cloud level, a method of the landmark invention of Distributed Virtual Cloud bringing the idea of RAID across clouds – also referred as cloud-RAID in this white paper. Powered by path- breaking invention on Distributed Virtual Storage Cloud Towards Attack and Breach proof Cloud Storage Experience US Patent Patent #9128626 (Granted in 2015) Peter Chacko Founding Inventor peter@neridio.com White Paper
www.neridio.com Copyright © 2022, Neridio Systems Business Case for Multi-Cloud Storage Model – Virtual Cloud for Security in-Cloud Major barriers to cloud adoption are the security and operational risks associated with any cloud infrastructures, these risks include hardware failure, malicious attacks, software bugs, power outages, malware, server configuration, cyber-threats and insider threats. Such failure and attack vectors are not new, but their risk is amplified by the large-scale nature of the cloud. They can even be disastrous when data loss and corruption, breaches of data confidentiality and malicious tampering with data occur. Strong protections beyond encryption are therefore a necessity for data outsourced to the cloud. Other key concerns hindering migration into a public cloud is lack of availability and reliability guarantees. Well-known cloud providers have experienced a temporary lack of availability lasting at least several hours and striking loss of personal customer data. Sample Deployment Architecture Referring to the architecture below, we have connected five cloud storage services with the system implementing cloud-RAID; denoted as cloud1, cloud2, cloud3, cloud4 and cloud5 and “cloud-RAID system” respectively. The three primary data systems shown as Data source A, Data source B and Data source C are indicative data sources which can be co-located or can come from different edge locations connected to the system running the implementation of multi-cloud storage virtualization technology in the cloud-RAID system. This is a case of 3 data devices and 2 coding devices with a total of 5 devices with any two devices can be erased or unavailable without data loss.
www.neridio.com Copyright © 2022, Neridio Systems With cloud-Raid, data is de-centralized with optional encryption or de-sensitization and each erasure coded fragment is unintelligible and hack proof, information theoretically. This means a Quantum computer cannot break the system because only partial, un- intelligible data exists at any location; as it would otherwise happen when full data, protected by encryption is available. This intermediary layer of software, implementing cloud-RAID, can range from a simple library receiving data from or rendering data to a single data source, to a multi-site, multi-cloud storage gateway as a virtual appliance connecting multiple data sources; abstracting all backend cloud storage services as a single, “virtual” cloud. Optionally cloud-RAID module can be protected by High Availability service in case cloud-RAID module is an appliance with metadata protection and related information which is shown as RationalVault foundation in the diagram. This can also provide security telemetry. Business Benefits 1. Cyber-attack Immunity through NO-SINGLE-POINT-OF-ATTACK With only an information-theoretic fragment of any data is stored in any location, erasure or corruption of one piece of data infrastructure through a cyber-attack is tolerated with zero data loss, by the very nature of erasure coded information dispersal. 2. Hack-proof Cloud Storage with Information Theoretical Security – Zero Trust, Cloud Storage Architecture for NO-SINGLE-POINT-OF-BREACH As we encrypt the storage with erasure coding with flexible key management with random keys which can be deduced from the original content or customer-supplied keys, any data at a single cloud reveals no information and is unintelligible. An adversary has to hack a minimum of 3 service providers (out of 5 cloud services as in the example) which is much more difficult than hacking into any single cloud service. This makes the security Information-Theoretical than Computational. This is a big deal for customers having sensitive data.
www.neridio.com Copyright © 2022, Neridio Systems 3. True Freedom from Vendor Lock-in Vendor Lock-in is a barrier to businesses adopting cloud services. Also, businesses who use cloud storage service face the following challenges; ➢ What if the service vendor increases the service costs or reduces the service features that were earlier offered free of cost? ➢ What if a vendor goes out of business? - remember the sudden demise of Nirvanix, a popular cloud storage service giving little time to cloud storage customers to take back their data. ➢ What if an established company stops a service? - remember, discontinuity of EMC Atmos service. All these above business events require any organization to build a layer of vendor service availability insulation. Our Multi-cloud Storage Virtualization stack provides this insulation layer and delivers this true freedom. This a big deal when it comes to relying on a cloud storage service provider. 4. Finest Privacy Control on Storage Data with no Vendor Lock-in As cloud-RAID is not dependent on any single cloud for data availability or security guarantee, cloud-RAID completely eliminates vendor lock-in with full control on data privacy. As no complete data is stored with any provider and also the stored data is just a mathematical fragment with optional encryption. Data breach at a cloud service provider data center or an insider attack event to the cloud provider will reveal no information of the customer data. This provides true information-theoretical security, as opposed to computational security. 5. Transparent Cloud Storage Migration - made easier With a true virtualization layer available in the form of a software layer in between, migrating data across cloud providers is now better automated. Every IT admin will face a daunting day of executing a storage migration project when they decide to move the infrequently accessed storage to the cloud or due to a data center consolidation or in case of a new data center would want to migrate storage from the cloud provider back to their own data center. IT needs a layer of data mobility automation, in between various storage mediums. With Distributed Virtual Cloud Architecture, cloud storage migration workflows are simply made easier.
www.neridio.com Copyright © 2022, Neridio Systems 6. Outsourcing Storage - but without outsourcing control Cloud computing is popularly considered akin to electric utility and the industry also equates cloud storage as a utility which is a fundamental misinterpretation. Cloud storage is not a utility – it is the strategic asset of any digital business and is distributed. The Virtual Cloud Storage Architecture provides the foundation of retaining the full ownership, control, and privacy of customer-owned cloud storage assets to be outsourced to various cloud storage provider, without the actual “control” being outsourced, as there is a layer of insulation, abstraction at the cloud storage integration layer. This is a huge imperative for any enterprise having important and private data in the cloud for their competitive business. Multi-cloud Storage Virtualization layer provides that control by software. Anything in software, once all bugs are removed, always works, unlike hardware. 7. Most Secure Backup Target Experience and Safest Long Term Archiving Target Experience Cloud storage backup and archiving are now becoming popular. But when the underlying cloud storage is not insulated from failures physically bound to cloud storage interface, or service outages not protected from insider-attacks at the cloud provider infrastructure, or data breaches at the cloud provider level, cloud backups are not safe. Long-term cloud archiving is not possible when a cloud provider survival rate is not guaranteed for decades. Like any service, any provider mortality has to be taken into account. Distributed, Virtual Cloud Architecture provides the software abstraction that the customer controls, and can now store data in the cloud long term for decades, as there are no provider dependencies or cloud data leaks. 8. Truly available cloud service or business continuity at cloud level Any leading cloud vendor distributes the storage resources across various data centers in various geographies, built for failures. Subscribers can choose various regions level redundancy at the API level. But there is always a slim possibility of a zero-day attack that could affect a single system that in-turn affects the provider at a global scale (For example, say DNS service or service routing components or the similar service that distributes the subscriber requests). When service is virtualized at the cloud provider level from the customer–controlled software layer, such failures are easily tolerated without bringing any business outage to a subscriber as service failure is abstracted out, like a single failed disk in a RAID allows the failure of any disk or multiple disks.
www.neridio.com Copyright © 2022, Neridio Systems 9. Availability To calculate the Availability, we should introduce three new terms - MTBF, MTTR and MTTF Availability is calculated as ‘MTBF / (MTTF +MTTR)’ Availability is enhanced by parallel coupling with a hot standby. Say we have two components having 90% availability. If it is serially coupled for load sharing of a service then total availability is reduced (also, failure of one component can bring down the service). As availability is yielded by the equation: Any cloud service offers the availability of 99.9 at a minimum. As we couple all in parallel, and allow 2 failures, we consider it as 3 components allowing the other two to fail, yielding the equation, 1 – [ (1 – 99.9/100) * (1 – 99.9/100) ] Which is more than 99.999, that is a market exclusive SLA metric ! MTTR - is the mean time to recover, the average amount of time for the recovery process to repair the outage. MTTF - is the mean time to fail, the average amount of time to fail after the previous repair. Serially Coupled Availability (total) = Avail (component 1) * Avail (component 2) = 90/100 * 90/100 = 81/100 = 81% Parallelly Coupled Availability (total) = 1 - [ (1 – Avail component 1) * (1 – Avail component2)] = 1 – [(1 – 90/100) * (1 – 90/100)] = 99/100 = 99% MTBF - is the mean time between failures which is the average amount of unit time elapsed for the successive failures.
www.neridio.com Copyright © 2022, Neridio Systems 10. Efficient Storage Replication With cloud-RAID, storage overhead for redundancy is much less. For example, if total devices are 3 instead of 5, we can tolerate 1 device failure offering a redundancy of N+1. In this deployment, say we store a file of 1GB. Then 500MB each will go to two data devices and 500MB will go to coding device allowing the failure of any device. In this model, we have overhead of 500MB extra for the total 1000MB (1GB). Storage overhead here is (1coding device/2 data devices) 50% as opposed to 100% in a replication scenario. Similarly, when we have 5 devices as shown in the model architecture, we can now tolerate the failures of two cloud services out of 5, we get the equivalent of n+2 redundancy. As we allow two devices to fail for 3 data devices, storage overhead is only 2 coding devices/3 data device = 66%. We thus avoid triplication (making three copies as in open stack) for n+2 redundancy. To put this into a perspective, think of storing 100 TB data in a cloud storage with n+2 redundancy. One typically will store this 100 TB redundantly to two more cloud services, allowing the failures of two cloud services. So total storage now maintained is 300TB. When using cloud-RAID, it only becomes 166.66 TB as 166.66 TB data is divided across 5 cloud services and still allowing two services to fail. Conclusion Traditional reliability models for hardware make certain assumptions about failure patterns (such as independence of failures among hard drives) that are not accurate in the world of cloud computing. Zero Trust, Cloud Storage Architecture from Neridio makes use of the power of virtualization at cloud level, a method of the landmark invention of Distributed Virtual cloud, bringing the idea of RAID across clouds or cloud-of-clouds paradigm to the world of storage clouds. This feature, which is referred to as cloud-RAID in this white Paper, is quintessentially an extension of RAID. Cloud-RAID improves availability, confidentiality, assures hack-proof storage experience, efficient replication and reliability of data stored in the cloud storage service. To achieve this objective, Neridio’s solution architecture compresses the data, encrypts, de- sensitizes, de-duplicates, and then makes use of erasure codes to stripe data across multiple cloud storage providers. Neridio’s suite of products uses cloud-RAID interface as the storage foundation to public storage clouds or for internal, privately managed clouds.

Recommended

Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the CloudCloudSmartz
 
Security of the Cloud
Security of the CloudSecurity of the Cloud
Security of the CloudEpoch Universal, Inc.
 
Issues in cloud computing
Issues in cloud computingIssues in cloud computing
Issues in cloud computingronak patel
 
Cloud computing seminar report
Cloud computing seminar reportCloud computing seminar report
Cloud computing seminar reportshafzonly
 
AWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceAWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceYury Chemerkin
 
I017225966
I017225966I017225966
I017225966IOSR Journals
 
A Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service ProvidersA Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service Providersiosrjce
 
Cloud management
Cloud managementCloud management
Cloud managementsurbhi jha
 

Recommended

Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the CloudCloudSmartz
 
Security of the Cloud
Security of the CloudSecurity of the Cloud
Security of the CloudEpoch Universal, Inc.
 
Issues in cloud computing
Issues in cloud computingIssues in cloud computing
Issues in cloud computingronak patel
 
Cloud computing seminar report
Cloud computing seminar reportCloud computing seminar report
Cloud computing seminar reportshafzonly
 
AWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceAWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceYury Chemerkin
 
I017225966
I017225966I017225966
I017225966IOSR Journals
 
A Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service ProvidersA Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service Providersiosrjce
 
Cloud management
Cloud managementCloud management
Cloud managementsurbhi jha
 
Features of cloud
Features of cloudFeatures of cloud
Features of cloudsagaroceanic11
 
AWS Security Challenges
AWS Security ChallengesAWS Security Challenges
AWS Security ChallengesSTO STRATEGY
 
wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125Gabor Bokor
 
Pros And Cons Of Cloud-Based Security Solutions.pptx
Pros And Cons Of Cloud-Based Security Solutions.pptxPros And Cons Of Cloud-Based Security Solutions.pptx
Pros And Cons Of Cloud-Based Security Solutions.pptxMetaorange
 
Cloud Computing Lecture 02.pptx
Cloud Computing Lecture 02.pptxCloud Computing Lecture 02.pptx
Cloud Computing Lecture 02.pptxboti39263
 
The Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docxThe Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docxcherry686017
 
Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigmfanc1985
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risksRevital Lapidot
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risksRevital Lapidot
 
Clouding computing
Clouding computingClouding computing
Clouding computingMadhavi39
 
Cloud computing
Cloud computingCloud computing
Cloud computingDulith Kasun
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik FergusonCloudExpoEurope
 
Cloud computing
Cloud computingCloud computing
Cloud computingakanksha botke
 
Cloud computing-overview
Cloud computing-overviewCloud computing-overview
Cloud computing-overviewshraddhaudage
 
Cloud Computing Overview | Torry Harris Whitepaper
Cloud Computing Overview | Torry Harris WhitepaperCloud Computing Overview | Torry Harris Whitepaper
Cloud Computing Overview | Torry Harris WhitepaperTorry Harris Business Solutions
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataEMC
 
Best cloud computing training institute in noida
Best cloud computing training institute in noidaBest cloud computing training institute in noida
Best cloud computing training institute in noidataramandal
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESHappiest Minds Technologies
 
Third Party Cloud Management
Third Party Cloud ManagementThird Party Cloud Management
Third Party Cloud ManagementOrchestrate Mortgage and Title Solutions, LLC
 
Secure Computing in Enterprise Cloud Environments
Secure Computing in Enterprise Cloud EnvironmentsSecure Computing in Enterprise Cloud Environments
Secure Computing in Enterprise Cloud EnvironmentsShaun Thomas
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 

More Related Content

Similar to cloud Raid

AWS Security Challenges
AWS Security ChallengesAWS Security Challenges
AWS Security ChallengesSTO STRATEGY
 
wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125Gabor Bokor
 
Pros And Cons Of Cloud-Based Security Solutions.pptx
Pros And Cons Of Cloud-Based Security Solutions.pptxPros And Cons Of Cloud-Based Security Solutions.pptx
Pros And Cons Of Cloud-Based Security Solutions.pptxMetaorange
 
Cloud Computing Lecture 02.pptx
Cloud Computing Lecture 02.pptxCloud Computing Lecture 02.pptx
Cloud Computing Lecture 02.pptxboti39263
 
The Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docxThe Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docxcherry686017
 
Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigmfanc1985
 
Clouding computing
Clouding computingClouding computing
Clouding computingMadhavi39
 
Cloud computing-overview
Cloud computing-overviewCloud computing-overview
Cloud computing-overviewshraddhaudage
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataEMC
 
Best cloud computing training institute in noida
Best cloud computing training institute in noidaBest cloud computing training institute in noida
Best cloud computing training institute in noidataramandal
 
Secure Computing in Enterprise Cloud Environments
Secure Computing in Enterprise Cloud EnvironmentsSecure Computing in Enterprise Cloud Environments
Secure Computing in Enterprise Cloud EnvironmentsShaun Thomas
 

Similar to cloud Raid (20)

Features of cloud
Features of cloudFeatures of cloud
Features of cloud
 
AWS Security Challenges
AWS Security ChallengesAWS Security Challenges
AWS Security Challenges
 
wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125
 
Pros And Cons Of Cloud-Based Security Solutions.pptx
Pros And Cons Of Cloud-Based Security Solutions.pptxPros And Cons Of Cloud-Based Security Solutions.pptx
Pros And Cons Of Cloud-Based Security Solutions.pptx
 
Cloud Computing Lecture 02.pptx
Cloud Computing Lecture 02.pptxCloud Computing Lecture 02.pptx
Cloud Computing Lecture 02.pptx
 
The Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docxThe Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docx
 
Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigm
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 
Cloud security risks
Cloud security risksCloud security risks
Cloud security risks
 
Clouding computing
Clouding computingClouding computing
Clouding computing
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud computing-overview
Cloud computing-overviewCloud computing-overview
Cloud computing-overview
 
Cloud Computing Overview | Torry Harris Whitepaper
Cloud Computing Overview | Torry Harris WhitepaperCloud Computing Overview | Torry Harris Whitepaper
Cloud Computing Overview | Torry Harris Whitepaper
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud Data
 
Best cloud computing training institute in noida
Best cloud computing training institute in noidaBest cloud computing training institute in noida
Best cloud computing training institute in noida
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKES
 
Third Party Cloud Management
Third Party Cloud ManagementThird Party Cloud Management
Third Party Cloud Management
 
Secure Computing in Enterprise Cloud Environments
Secure Computing in Enterprise Cloud EnvironmentsSecure Computing in Enterprise Cloud Environments
Secure Computing in Enterprise Cloud Environments
 

Recently uploaded

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 

Recently uploaded (20)

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 

cloud Raid

  • 1. www.neridio.com Copyright © 2022, Neridio Systems August 2022 Zero Trust, Cloud Storage Architecture – Towards No Single Point of Breach or Cyber Attacks Overview Public clouds have now become a part of every organization’s IT infrastructure outsourcing strategy, even Individuals cannot do without cloud-based storage services for getting on with their daily lives. Public storage services such as Amazon S3, Microsoft Azure or Google Cloud enable organizations to manage data with zero capital expenses. These benefits also come with new challenges such as security, lack of control, visibility, availability outages and reliability. While cloud computing is a utility, cloud storage is not. This white paper draws sharp lines between the two and explains business case of avoiding single point of cyber- attack, data breaches or lack of control. Businesses using cloud services should find a way of outsourcing storage without outsourcing control on their data. If an organization is to depend solely on a single cloud storage provider, it will find limitations and risks. Secure Cloud Integration technology from Neridio Systems makes use of the power of virtualization at cloud level, a method of the landmark invention of Distributed Virtual Cloud bringing the idea of RAID across clouds – also referred as cloud-RAID in this white paper. Powered by path- breaking invention on Distributed Virtual Storage Cloud Towards Attack and Breach proof Cloud Storage Experience US Patent Patent #9128626 (Granted in 2015) Peter Chacko Founding Inventor peter@neridio.com White Paper
  • 2. www.neridio.com Copyright © 2022, Neridio Systems Business Case for Multi-Cloud Storage Model – Virtual Cloud for Security in-Cloud Major barriers to cloud adoption are the security and operational risks associated with any cloud infrastructures, these risks include hardware failure, malicious attacks, software bugs, power outages, malware, server configuration, cyber-threats and insider threats. Such failure and attack vectors are not new, but their risk is amplified by the large-scale nature of the cloud. They can even be disastrous when data loss and corruption, breaches of data confidentiality and malicious tampering with data occur. Strong protections beyond encryption are therefore a necessity for data outsourced to the cloud. Other key concerns hindering migration into a public cloud is lack of availability and reliability guarantees. Well-known cloud providers have experienced a temporary lack of availability lasting at least several hours and striking loss of personal customer data. Sample Deployment Architecture Referring to the architecture below, we have connected five cloud storage services with the system implementing cloud-RAID; denoted as cloud1, cloud2, cloud3, cloud4 and cloud5 and “cloud-RAID system” respectively. The three primary data systems shown as Data source A, Data source B and Data source C are indicative data sources which can be co-located or can come from different edge locations connected to the system running the implementation of multi-cloud storage virtualization technology in the cloud-RAID system. This is a case of 3 data devices and 2 coding devices with a total of 5 devices with any two devices can be erased or unavailable without data loss.
  • 3. www.neridio.com Copyright © 2022, Neridio Systems With cloud-Raid, data is de-centralized with optional encryption or de-sensitization and each erasure coded fragment is unintelligible and hack proof, information theoretically. This means a Quantum computer cannot break the system because only partial, un- intelligible data exists at any location; as it would otherwise happen when full data, protected by encryption is available. This intermediary layer of software, implementing cloud-RAID, can range from a simple library receiving data from or rendering data to a single data source, to a multi-site, multi-cloud storage gateway as a virtual appliance connecting multiple data sources; abstracting all backend cloud storage services as a single, “virtual” cloud. Optionally cloud-RAID module can be protected by High Availability service in case cloud-RAID module is an appliance with metadata protection and related information which is shown as RationalVault foundation in the diagram. This can also provide security telemetry. Business Benefits 1. Cyber-attack Immunity through NO-SINGLE-POINT-OF-ATTACK With only an information-theoretic fragment of any data is stored in any location, erasure or corruption of one piece of data infrastructure through a cyber-attack is tolerated with zero data loss, by the very nature of erasure coded information dispersal. 2. Hack-proof Cloud Storage with Information Theoretical Security – Zero Trust, Cloud Storage Architecture for NO-SINGLE-POINT-OF-BREACH As we encrypt the storage with erasure coding with flexible key management with random keys which can be deduced from the original content or customer-supplied keys, any data at a single cloud reveals no information and is unintelligible. An adversary has to hack a minimum of 3 service providers (out of 5 cloud services as in the example) which is much more difficult than hacking into any single cloud service. This makes the security Information-Theoretical than Computational. This is a big deal for customers having sensitive data.
  • 4. www.neridio.com Copyright © 2022, Neridio Systems 3. True Freedom from Vendor Lock-in Vendor Lock-in is a barrier to businesses adopting cloud services. Also, businesses who use cloud storage service face the following challenges; ➢ What if the service vendor increases the service costs or reduces the service features that were earlier offered free of cost? ➢ What if a vendor goes out of business? - remember the sudden demise of Nirvanix, a popular cloud storage service giving little time to cloud storage customers to take back their data. ➢ What if an established company stops a service? - remember, discontinuity of EMC Atmos service. All these above business events require any organization to build a layer of vendor service availability insulation. Our Multi-cloud Storage Virtualization stack provides this insulation layer and delivers this true freedom. This a big deal when it comes to relying on a cloud storage service provider. 4. Finest Privacy Control on Storage Data with no Vendor Lock-in As cloud-RAID is not dependent on any single cloud for data availability or security guarantee, cloud-RAID completely eliminates vendor lock-in with full control on data privacy. As no complete data is stored with any provider and also the stored data is just a mathematical fragment with optional encryption. Data breach at a cloud service provider data center or an insider attack event to the cloud provider will reveal no information of the customer data. This provides true information-theoretical security, as opposed to computational security. 5. Transparent Cloud Storage Migration - made easier With a true virtualization layer available in the form of a software layer in between, migrating data across cloud providers is now better automated. Every IT admin will face a daunting day of executing a storage migration project when they decide to move the infrequently accessed storage to the cloud or due to a data center consolidation or in case of a new data center would want to migrate storage from the cloud provider back to their own data center. IT needs a layer of data mobility automation, in between various storage mediums. With Distributed Virtual Cloud Architecture, cloud storage migration workflows are simply made easier.
  • 5. www.neridio.com Copyright © 2022, Neridio Systems 6. Outsourcing Storage - but without outsourcing control Cloud computing is popularly considered akin to electric utility and the industry also equates cloud storage as a utility which is a fundamental misinterpretation. Cloud storage is not a utility – it is the strategic asset of any digital business and is distributed. The Virtual Cloud Storage Architecture provides the foundation of retaining the full ownership, control, and privacy of customer-owned cloud storage assets to be outsourced to various cloud storage provider, without the actual “control” being outsourced, as there is a layer of insulation, abstraction at the cloud storage integration layer. This is a huge imperative for any enterprise having important and private data in the cloud for their competitive business. Multi-cloud Storage Virtualization layer provides that control by software. Anything in software, once all bugs are removed, always works, unlike hardware. 7. Most Secure Backup Target Experience and Safest Long Term Archiving Target Experience Cloud storage backup and archiving are now becoming popular. But when the underlying cloud storage is not insulated from failures physically bound to cloud storage interface, or service outages not protected from insider-attacks at the cloud provider infrastructure, or data breaches at the cloud provider level, cloud backups are not safe. Long-term cloud archiving is not possible when a cloud provider survival rate is not guaranteed for decades. Like any service, any provider mortality has to be taken into account. Distributed, Virtual Cloud Architecture provides the software abstraction that the customer controls, and can now store data in the cloud long term for decades, as there are no provider dependencies or cloud data leaks. 8. Truly available cloud service or business continuity at cloud level Any leading cloud vendor distributes the storage resources across various data centers in various geographies, built for failures. Subscribers can choose various regions level redundancy at the API level. But there is always a slim possibility of a zero-day attack that could affect a single system that in-turn affects the provider at a global scale (For example, say DNS service or service routing components or the similar service that distributes the subscriber requests). When service is virtualized at the cloud provider level from the customer–controlled software layer, such failures are easily tolerated without bringing any business outage to a subscriber as service failure is abstracted out, like a single failed disk in a RAID allows the failure of any disk or multiple disks.
  • 6. www.neridio.com Copyright © 2022, Neridio Systems 9. Availability To calculate the Availability, we should introduce three new terms - MTBF, MTTR and MTTF Availability is calculated as ‘MTBF / (MTTF +MTTR)’ Availability is enhanced by parallel coupling with a hot standby. Say we have two components having 90% availability. If it is serially coupled for load sharing of a service then total availability is reduced (also, failure of one component can bring down the service). As availability is yielded by the equation: Any cloud service offers the availability of 99.9 at a minimum. As we couple all in parallel, and allow 2 failures, we consider it as 3 components allowing the other two to fail, yielding the equation, 1 – [ (1 – 99.9/100) * (1 – 99.9/100) ] Which is more than 99.999, that is a market exclusive SLA metric ! MTTR - is the mean time to recover, the average amount of time for the recovery process to repair the outage. MTTF - is the mean time to fail, the average amount of time to fail after the previous repair. Serially Coupled Availability (total) = Avail (component 1) * Avail (component 2) = 90/100 * 90/100 = 81/100 = 81% Parallelly Coupled Availability (total) = 1 - [ (1 – Avail component 1) * (1 – Avail component2)] = 1 – [(1 – 90/100) * (1 – 90/100)] = 99/100 = 99% MTBF - is the mean time between failures which is the average amount of unit time elapsed for the successive failures.
  • 7. www.neridio.com Copyright © 2022, Neridio Systems 10. Efficient Storage Replication With cloud-RAID, storage overhead for redundancy is much less. For example, if total devices are 3 instead of 5, we can tolerate 1 device failure offering a redundancy of N+1. In this deployment, say we store a file of 1GB. Then 500MB each will go to two data devices and 500MB will go to coding device allowing the failure of any device. In this model, we have overhead of 500MB extra for the total 1000MB (1GB). Storage overhead here is (1coding device/2 data devices) 50% as opposed to 100% in a replication scenario. Similarly, when we have 5 devices as shown in the model architecture, we can now tolerate the failures of two cloud services out of 5, we get the equivalent of n+2 redundancy. As we allow two devices to fail for 3 data devices, storage overhead is only 2 coding devices/3 data device = 66%. We thus avoid triplication (making three copies as in open stack) for n+2 redundancy. To put this into a perspective, think of storing 100 TB data in a cloud storage with n+2 redundancy. One typically will store this 100 TB redundantly to two more cloud services, allowing the failures of two cloud services. So total storage now maintained is 300TB. When using cloud-RAID, it only becomes 166.66 TB as 166.66 TB data is divided across 5 cloud services and still allowing two services to fail. Conclusion Traditional reliability models for hardware make certain assumptions about failure patterns (such as independence of failures among hard drives) that are not accurate in the world of cloud computing. Zero Trust, Cloud Storage Architecture from Neridio makes use of the power of virtualization at cloud level, a method of the landmark invention of Distributed Virtual cloud, bringing the idea of RAID across clouds or cloud-of-clouds paradigm to the world of storage clouds. This feature, which is referred to as cloud-RAID in this white Paper, is quintessentially an extension of RAID. Cloud-RAID improves availability, confidentiality, assures hack-proof storage experience, efficient replication and reliability of data stored in the cloud storage service. To achieve this objective, Neridio’s solution architecture compresses the data, encrypts, de- sensitizes, de-duplicates, and then makes use of erasure codes to stripe data across multiple cloud storage providers. Neridio’s suite of products uses cloud-RAID interface as the storage foundation to public storage clouds or for internal, privately managed clouds.