{"id":73707,"date":"2019-12-11T04:54:11","date_gmt":"2019-12-11T04:54:11","guid":{"rendered":"https:\/\/www.whizlabs.com\/blog\/?p=73707"},"modified":"2019-12-11T04:55:22","modified_gmt":"2019-12-11T04:55:22","slug":"risks-and-benefits-of-open-source-cloud","status":"publish","type":"post","link":"https:\/\/www.whizlabs.com\/blog\/risks-and-benefits-of-open-source-cloud\/","title":{"rendered":"Open Source in the Cloud: Risks and Benefits"},"content":{"rendered":"<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">More and more organizations are <\/span><a href=\"https:\/\/www.cnbc.com\/2019\/05\/06\/microsoft-ceo-touts-open-approach-at-build-2019-conference.html\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">using cloud-based open source<\/span><\/a><span style=\"font-weight: 400;\"> to build, manage, and secure systems. Many organizations are adopting open source without even realizing it when they choose to use managed services.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">An example of this wide-spread use is found in <a href=\"https:\/\/www.whizlabs.com\/blog\/introduction-to-kubernetes\/\" target=\"_blank\" rel=\"noopener noreferrer\">Kubernetes<\/a>, the most popular container orchestration system. Whether you\u2019re using open source components and code knowingly or not, you need to understand how their inclusion can affect you.<\/span><\/p>\n<blockquote><p>Becoming a certified cloud professional makes you stand out of the crowd. Here are the <a href=\"https:\/\/www.whizlabs.com\/blog\/5-best-cloud-certifications-in-2018\/\" target=\"_blank\" rel=\"noopener noreferrer follow\" data-wpel-link=\"internal\">best cloud certifications<\/a> for the growth of your cloud career!<\/p><\/blockquote>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">In this article, you\u2019ll learn how open source is being used in the cloud. You\u2019ll also learn some of the risks and benefits of open source use.\u00a0<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Open Source Components in the Cloud<\/span><\/h2>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">You can use open source as an entire cloud platform, as tools within the cloud, or as parts of cloud applications.\u00a0<\/span><\/p>\n<h4 style=\"text-align: justify;\">Open Source Platforms<\/h4>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Open source cloud platforms include OpenStack and CloudStack. You can use these platforms on their own or in a hybrid configuration with proprietary clouds. Open source cloud platforms use a combination of vendors for processing, storage, and networking resources. You can also use them to build clouds using your existing hardware and data centers.<\/span><\/p>\n<h4 style=\"text-align: justify;\">Open Source Tools<\/h4>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Commonly used open source tools include <a href=\"https:\/\/www.whizlabs.com\/blog\/ansible-introduction\/\" target=\"_blank\" rel=\"noopener noreferrer\">Ansible<\/a> and GitLab. These tools are often used to add functionality to cloud services that are otherwise unavailable or unaffordable. Open source tools typically require hosting.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">You can also use open source tools as Software as a Service (SaaS), Infrastructure as a Service (IaaS), or Platform as a Service (PaaS). These services are generally available as a free, feature or resource-limited tier of a subscription plan. An increasing number of open source tools are being offered as managed services by cloud providers as well.\u00a0<\/span><\/p>\n<h4 style=\"text-align: justify;\">Open Source Code<\/h4>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">When you include open source in cloud applications you can use it in the form of frameworks, libraries, or snippets of code. These are included during application development. Some examples include <a href=\"https:\/\/www.whizlabs.com\/blog\/docker-fundamentals\/\" target=\"_blank\" rel=\"noopener noreferrer\">Docker<\/a>, <a href=\"https:\/\/www.whizlabs.com\/blog\/learn-apache-spark\/\" target=\"_blank\" rel=\"noopener noreferrer\">Apache Spark<\/a>, and Bootstrap.\u00a0<\/span><\/p>\n<p><a href=\"https:\/\/www.whizlabs.com\/learn-kubernetes-with-aws-and-docker\/\" target=\"_blank\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-71809 size-full td-animation-stack-type0-2\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2019\/04\/Kubernetes_with_AWS_and_Docker.gif\" alt=\"Kubernetes with AWS and Docker\" width=\"728\" height=\"90\" \/><\/a><\/p>\n<h3 style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Risks of Using Open Source<\/span><\/h3>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">When choosing to adopt open source tools, platforms, and code into your systems, it is important to know your risks. Knowing these risks can help you more efficiently direct security resources and protect your systems.<\/span><\/p>\n<h4 style=\"text-align: justify;\">1. Lack of Dedicated Support<\/h4>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Open source products typically do not come with any sort of customer support. The exception to this is if you choose to use a managed service or pay a subscription for hosting or additional features. With most open source components, your only form of support is the community surrounding the product.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Support for open source code is unofficial, less structured than traditional support, and contributors are not obligated to assist you. You can ask for community help and you are generally encouraged to, but it is not available 24\/7 or on-demand. Additionally, you need to be active in the community to know about recent issues and learn best practices for your implementation.<\/span><\/p>\n<h4 style=\"text-align: justify;\">2. Liability Risks<\/h4>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Liability risks with open source components come from several aspects. The first issue is licensing. There are over <\/span><a href=\"https:\/\/opensource.org\/licenses\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">200 different open source licenses<\/span><\/a><span style=\"font-weight: 400;\">, each with their own rules and restrictions. It is up to you to determine whether you are legally able to use open source components and for what purposes. This is also true for products you implement that use open-source components.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">The second issue is security. If open-source components implement insecure practices and your data is breached, it\u2019s your responsibility. For traditional applications and platforms, the vendor is responsible for product security at the code level. For open-source components, community efforts are made to securely code but are not guaranteed.\u00a0<\/span><\/p>\n<h4 style=\"text-align: justify;\">3.\u00a0Widely Known Vulnerabilities<\/h4>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Vulnerabilities in open-source components are made public by both the community and by public oversight organizations. Attackers can use public vulnerability information to easily target organizations.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Risk is often amplified in the public cloud since resource use requires exposure to the Internet. An example of this is what happened to <\/span><a href=\"https:\/\/arstechnica.com\/information-technology\/2017\/09\/massive-equifax-breach-caused-by-failure-to-patch-two-month-old-bug\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">Equifax in 2017<\/span><\/a><span style=\"font-weight: 400;\"> when they failed to apply a patch that had been released two months earlier. Public knowledge of vulnerabilities can be both a risk and benefit. The benefit aspect is covered below.<\/span><\/p>\n<h3 style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Benefits of Using Open Source<\/span><\/h3>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">When deciding whether to use open source components, it helps to know what the benefits of implementation are. Once you know these benefits, you can weigh them against the potential risks to make an informed decision.<\/span><\/p>\n<h4 style=\"text-align: justify;\">1. Supportive Community<\/h4>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Open-source components are developed by a community of contributors. Community reliance means that a range of expertise and experience go into development. It also means that often more eyes are checking and verifying the functionality and security of code. Contributors are usually passionate about making an excellent product and are not simply working to finish a project.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Another benefit of community collaboration is that security patches can be pushed out faster than with proprietary products. Making vulnerabilities public knowledge can be beneficial since more people are available to address them. Additionally, some of the organizations that report on vulnerabilities create resources for addressing and avoiding such risks. The Open Web Application Security Project (OWASP) is one example.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">OWASP itself is an open-source community and many open-source contributors use its recommendations when coding. Although the <\/span><a href=\"https:\/\/resources.whitesourcesoftware.com\/blog-whitesource\/owasp-top-10-vulnerabilities\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">OWASP Top 10 vulnerabilities<\/span><\/a><span style=\"font-weight: 400;\"> list isn\u2019t a foolproof guide, you can use it to focus security resources.<\/span><\/p>\n<h4 style=\"text-align: justify;\">2.\u00a0Portability and Control<\/h4>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Open-source components are entirely portable and can be used with any compatible environment. As a user, you have complete control over the component, as well as any data associated with it. Portability and control mean that you don\u2019t have to worry about vendor lock-in, like with proprietary components.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">It also means that you can avoid the increased risk associated with providing data and environment access to third-party providers. Open-source code is entirely transparent and freely available for examination. You know exactly how your data is being handled. With access to source code, you can also customize components to your specific needs, provided you have programming expertise.<\/span><\/p>\n<h4 style=\"text-align: justify;\">3. Cost Savings<\/h4>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Cost savings is the number one benefit for many open-source users. Open-source components are typically free to use, at least with a limited feature set or in a limited capacity. Free use or reduced costs enable companies to operate on leaner budgets and can increase the competitiveness of smaller organizations.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Open-source can also provide benefits if you already have technical debt in the form of hardware and data centers. For example, open-source cloud platforms can be used to build private clouds on your existing resources. Keep in mind, that these cost savings come with higher time and maintenance demands than managed options.<\/span><\/p>\n<h3 style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Conclusion<\/span><\/h3>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">You are highly unlikely to be able to avoid open-source components entirely. <\/span><a href=\"https:\/\/www.synopsys.com\/content\/dam\/synopsys\/sig-assets\/reports\/rep-ossra-19.pdf\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400;\">Recent studies<\/span><\/a><span style=\"font-weight: 400;\"> have found that out of 1200 codebases, at least 90% are using at least one open-source component.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">While you may not be intentionally including these components, the tools you\u2019re using probably are. It\u2019s important to know the risks you\u2019re facing with open-source use. Once you understand your risks, you can better secure your system and data, and take advantage of open-source.<\/span><\/p>\n<p>Whizlabs is pioneering online certification training industry with its <a href=\"https:\/\/www.whizlabs.com\/cloud-certification-training-courses\/\" target=\"_blank\" rel=\"noopener noreferrer follow\" data-wpel-link=\"internal\">cloud certification online courses and exam simulators<\/a>. So, prepare now to start your career in cloud computing and get one of the highest paying jobs in the market. If you are already a cloud professional then bring your career one level up with one of the cloud computing certifications.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>More and more organizations are using cloud-based open source to build, manage, and secure systems. Many organizations are adopting open source without even realizing it when they choose to use managed services.\u00a0 An example of this wide-spread use is found in Kubernetes, the most popular container orchestration system. Whether you\u2019re using open source components and code knowingly or not, you need to understand how their inclusion can affect you. Becoming a certified cloud professional makes you stand out of the crowd. Here are the best cloud certifications for the growth of your cloud career! In this article, you\u2019ll learn how [&hellip;]<\/p>\n","protected":false},"author":13,"featured_media":73709,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[10],"tags":[2711,2709,2710],"class_list":["post-73707","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud-computing-certifications","tag-benefits-of-using-open-source","tag-open-source","tag-risks-of-using-open-source"],"uagb_featured_image_src":{"full":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2019\/12\/Open-Source_in_Cloud_Risks_and_Benefits.png",600,315,false],"thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2019\/12\/Open-Source_in_Cloud_Risks_and_Benefits-150x150.png",150,150,true],"medium":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2019\/12\/Open-Source_in_Cloud_Risks_and_Benefits-300x158.png",300,158,true],"medium_large":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2019\/12\/Open-Source_in_Cloud_Risks_and_Benefits.png",600,315,false],"large":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2019\/12\/Open-Source_in_Cloud_Risks_and_Benefits.png",600,315,false],"1536x1536":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2019\/12\/Open-Source_in_Cloud_Risks_and_Benefits.png",600,315,false],"2048x2048":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2019\/12\/Open-Source_in_Cloud_Risks_and_Benefits.png",600,315,false],"profile_24":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2019\/12\/Open-Source_in_Cloud_Risks_and_Benefits.png",24,13,false],"profile_48":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2019\/12\/Open-Source_in_Cloud_Risks_and_Benefits.png",48,25,false],"profile_96":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2019\/12\/Open-Source_in_Cloud_Risks_and_Benefits.png",96,50,false],"profile_150":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2019\/12\/Open-Source_in_Cloud_Risks_and_Benefits.png",150,79,false],"profile_300":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2019\/12\/Open-Source_in_Cloud_Risks_and_Benefits.png",300,158,false],"tptn_thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2019\/12\/Open-Source_in_Cloud_Risks_and_Benefits-250x250.png",250,250,true],"web-stories-poster-portrait":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2019\/12\/Open-Source_in_Cloud_Risks_and_Benefits.png",600,315,false],"web-stories-publisher-logo":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2019\/12\/Open-Source_in_Cloud_Risks_and_Benefits.png",96,50,false],"web-stories-thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2019\/12\/Open-Source_in_Cloud_Risks_and_Benefits.png",150,79,false]},"uagb_author_info":{"display_name":"Pavan Gumaste","author_link":"https:\/\/www.whizlabs.com\/blog\/author\/pavan\/"},"uagb_comment_info":3,"uagb_excerpt":"More and more organizations are using cloud-based open source to build, manage, and secure systems. Many organizations are adopting open source without even realizing it when they choose to use managed services.\u00a0 An example of this wide-spread use is found in Kubernetes, the most popular container orchestration system. Whether you\u2019re using open source components and&hellip;","_links":{"self":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/73707","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/comments?post=73707"}],"version-history":[{"count":3,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/73707\/revisions"}],"predecessor-version":[{"id":73728,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/73707\/revisions\/73728"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/media\/73709"}],"wp:attachment":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/media?parent=73707"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/categories?post=73707"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/tags?post=73707"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}