HPCwire: Security -- The Dark Side of the Cloud

The Leading Source for Global News and Information Covering the Ecosystem of High Productivity Computing

HPCwire >> Special Features >> HPC in the Cloud >> HPC in the Cloud Features

January 25, 2010

Security -- The Dark Side of the Cloud

by Steve Campbell

Page: 1 of 2
1 | 2 All »

Cloud computing is a new computing paradigm for many but for the rest of us it is simply today's version of timesharing -- Timesharing 2.0. On-demand or pay-for-usage has been the norm for many HPC organizations for several decades. These users either never had the budget for their own computing resources or the project only needed limited access to powerful compute resources.

In that sense, HPC users, like the biggest commercial users, already trust cloud computing with their proprietary applications, data and results. They have been using pay-for-usage services for years and many have evolved from the early days of timesharing. In many cases, supercomputing centers and government research labs provide the compute resources. If you are a commercial HPC user in oil & gas, financial services, manufacturing or other industry, the compute resources will probably be found in the corporate datacenter.

This HPC user community has pioneered the necessary tools to allocate, measure and control access to specific users and projects while protecting the users from unauthorized access or modification of applications and data or malicious erasure or premature disclosure of results. This community also developed sophisticated accounting and charge back software that kept track of everything from CPU cycles to memory usage to access time and storage used. Suffice it to say that HPC users are well ahead of their counterparts in the commercial datacenter, and the latter would do well to look toward the former for some guidance in this area.

Without a doubt, the biggest challenge to cloud computing is security -- the dark side of the cloud. In the cloud paradigm, the user community does not or should not care about the physical side of business operations. In most cases, the physical infrastructure is housed, managed and owned by a third party, and you pay for resources used just like the electric and gas utilities. Despite all these wonderful capabilities and features, security remains as much of a concern for the HPC community as it does for the consumers concerned about protecting their identity and credit card information.

Imagine for a moment the business ramifications if the results of critical drug data or aircraft design were changed and compromised by malicious activity or they were released to the world prematurely. The real and intangible costs to your company can be devastating.

Threats to the network and information security have been occurring for decades, nothing new. However, the complexity and scale of attacks are rising at an alarming rate, presenting organizations with a huge challenge as they struggle to defend against this ever-present threat. Today, cybercrime is more lucrative and less risky than other forms of criminal activity. Threat levels and attacks are on the rise, striking more and more businesses. Estimates for disruption, data theft and other nefarious activities were pegged at a staggering $1 trillion for 2008. Certainly more than a round-off error!

Just this month, the news headlines in CNET News include "Google China insiders may have helped with attack" and in the Wall Street Journal: "Fallout From Cyber Attack Spreads." CCTV.com reported, "China's largest search engine paralyzed in cyber-attack…." And a ZDNet headline on Jan. 21 read: "Microsoft knew of IE zero-day flaw since last September."

In July 2009, the associatedcontent.com headlines read "Near-Simultaneous Cyber Attacks Down U.S. Government Websites." The article reported that the attack targeted the "White House, Pentagon, NYSE, Secret Service, NSA, Homeland Security, State, Nasdaq, Treasury, FAA, FTC, and DOT Websites."

The low risk and low-cost of entry of cyber-crime make it an attractive and lucrative "business." Cloud-based computing exacerbates the situation by facilitating access to increasing amounts of information. IT organizations have a hard enough time defending their in-house private cloud resources. Companies offering public cloud, pay-for-usage models are faced with a more difficult challenge since they must serve multiple organizations on the same platform. At the same time, there is an opportunity for innovation of flexible cloud-based security service offerings.

The criminal element employs powerful tools such as botnets, enabling attackers to infiltrate large numbers of machines. The "2009 Emerging Cyber Threats Report from Georgia Tech Information Security Center (GTISC)" estimates that botnet-affected machines may comprise 15 percent of online computers. Another report compiled by Panda Labs estimates that in the second quarter of 2008 10 million botnet computers were used to distribute spam and malware across the Internet each day. With the growth of the cloud paradigm, more and more mission critical information will flow over the Web to publicly-hosted cloud services. The conventional wisdom of defending the perimeter is insufficient for this dynamic distributed environment. One element in common across commercial enterprise applications is that users must consider security before signing up for public cloud services.

Page: 1 of 2
1 | 2 All »

Article Tools

Share Options

(Digg, Technorati, more)

Subscribe

Subscribe to HPCwire

Discussion

There are 0 discussion items posted.

Join the Discussion

You must be a registered user in order to comment on HPCwire stories.

Members enjoy:

	Access to Special Content, including Podcasts, Webcasts, and Whitepapers and more!
	Ability to take an active role in the discussions that are shaping the HPC technology discipline!
	Special offers available only to HPCwire members!

Become a Registered User Today!

Registered Users Log in Here to Comment

Email Address:	Password (case sensitive)

Remember me	Forgot Password?

RSS Feeds

Feeds by Topic

Feeds by Industry

Feeds by Content Type

Feature Articles

Moscow State University Supercomputer Has Petaflop Aspirations

The Moscow State University supercomputer, Lomonosov, has been selected for a high-performance makeover, with the goal of tripling its processing power to achieve petaflop-level performance in 2010. T-Platforms, who developed and manufactured the supercomputer, is the odds-on favorite to lead the project.
Read More...

Intel Ups Performance Ante with Westmere Server Chips

Right on schedule, Intel has launched its Xeon 5600 processors, codenamed "Westmere EP." The 5600 represents the 32nm sequel to the Xeon 5500 (Nehalem EP) for dual-socket servers. Intel is touting better performance and energy efficiency, along with new security features, as the big selling points of the new Xeons.
Read More...

The Week in Review

The ACM Turing Award goes to the creator of the modern personal computer; and Voltaire announces a mid-range InfiniBand switch and new technology that accelerates distributed applications. We recap those stories and more in our weekly wrapup.
Read More...

Read more HPCwire features...

Top Headlines

AMD: OEMs primed for Opteron 6100s

Mar 17 | The Register | But what about the tier ones? Read more...

Arrival of the Desktop Supercomputer

Mar 17 | Cadalyst Magazine | A new generation of workstations is changing the nature of technical computing. Read more...

Scheduling HPC In The Cloud

Mar 17 | Linux Magazine | Latest iteration of Sun Grid Engine able to tap into Cloud. Read more...

Tailoring Medicine with Supercomputers

Mar 16 | Bio-IT World | Biotech firm builds genetic models from patient data. Read more...

Gelsinger Stuns Analysts and Colleagues with Storage Pool Plan

Mar 15 | The Register | EMC's grand vision for unified global storage. Read more...

Read more headlines...

Featured Whitepapers

Virtualization for Aggregation And The vSMP Architecture™

Jan 12 | | In-depth look at vSMP Foundation server virtualization technology, technical implementation, use cases and capabilities. The technical whitepaper provides an architectural overview and details on the three vSMP Foundation products: vSMP Foundation for SMP, vSMP Foundation for Cluster and vSMP Foundation for Cloud.

Copper Cable Technologies for High Performance Computing

Jan 18 | | This white paper discusses Gore’s copper cable assemblies, and how they continue to exceed the standards for providing reliable, cost-effective solutions for high-performance computer applications.

View the White Paper Library

Multimedia

Webcast: Virtualized Data Center Roundtable

Join this online panel discussion for live Q&A with leading industry experts, analysts, and end-users to discuss the latest innovations, best practices, barriers to implementation, and measurable benefits of server virtualization with a particular focus on today's real world solutions.

Webcast: Watch SC09 Birds of a Feather Video: Scalable Fault-Tolerant HPC Supercomputers

Learn about scalable fault-tolerant architectures and examples of energy efficient and scalable supercomputing clusters using dual QDR InfiniBand to combine capacity computing with network failover capabilities with the help of programming languages such as MPI and a robust Linux cluster management package.

Webcast: High Performance Computing for a Smarter Planet

LIVE@SCO9: The IBM team discusses new innovations in hardware, software and services that help clients better understand their workloads and get insight from their R&D efforts. Technology demonstrations include the soon-to-be-released Power7 HPC processor, the DCS990 system with 2.4 petabytes of storage, the xCAT management tool, secure HPC cloud computing and more. Winners of two HPCwire Readers' and Editors’ Choice Awards! Take the IBM virtual tour at SC09 or more information go online to: http://www-03.ibm.com/systems/deepcomputing/sc09.html