Shining a Light on Enterprise Grid Security

By By Derrick Harris, Editor

August 8, 2005

GRIDtoday editor Derrick Harris recently spoke with Glenn Brunette — vice chair of the EGA Grid Security Working Group and a distinguished engineer and chief security architect for the client solutions division at Sun Microsystems — about the Enterprise Grid Security Requirements document released by the EGA last month, including the working group’s conclusion that enterprise Grids might actually be more secure than standard computing environments.

GRIDtoday: After a year of relative silence, the EGA has really been making some noise with the working group deliverables. To what do you attribute this sudden increase in productivity? Was it assumed all the long that it would take about a year to produce deliverables, or were there setbacks that prolonged the releases of these documents?

GLENN BRUNETTE: When we launched the EGA in April 2004, we had a very aggressive charter. Before we could even begin to tackle our technical goals, it was important to build a solid foundation and establish a firm presence in the community, which we are pleased to say that we did. Over the past year, we have shown solid progress, increasing our membership by 45 percent, founding two regional steering committees in Europe and Japan and establishing five technical working groups. Once the groundwork was laid, we turned our focus on our technical deliverables, which include the Reference Model launched last May and the Security Requirements document, which we are discussing today.

It is not uncommon to see a delay between the launch of a consortium and the launch of its first deliverables. This is necessary to define and communicate a clear and consistent charter and set of goals for both the organization as a whole, and its working groups. With this foundation firmly in place, the working groups set about their work. Further, it is important for the working groups to be well aligned with each other. With the Reference Model completed, it did not take long for EGA to announce the completion and launch of the Grid Security Working Group deliverables which built upon the foundation provided by the Reference Model. We are clearly gaining momentum by building on our successes.

Gt: What are some of the major risks companies face when deploying Grids? How are they similar and/or different than risks associated with other infrastructures?

BRUNETTE: Interestingly enough, and contrary to popular opinion, our initial research indicates that enterprise Grids are actually more likely to be secure than traditional computing environments, particularly over their lifetimes.

Enterprise Grid architectures do face unique security challenges ranging from access control attacks (risks associated with unauthorized entities defeating the unified access control policy) to ensuring safe object reuse (how sensitive data could be disclosed as resource sharing becomes more common) to masquerading and hijacking attacks (where a valid Grid component can be fooled into communicating with another entity masquerading as a valid Grid component).

Fundamentally, however, enterprise Grid architectures inherit the security risks of their ancestors. Individual products and services must still be properly configured, patched, secured and maintained. Similarly, platform, network, storage and application architectures must still be constructed in ways that reinforce organizational security, privacy and regulatory compliance goals. The main difference with enterprise Grid architectures is in how these elements are managed. Enterprise Grid deployments, through the use of a Grid Management Entity, enable organizations to realize greater levels of consistency, compliance, automation and optimization as compared to more traditional infrastructures. Unique to enterprise Grid architectures is the ability to safely and consistently automate the secure provisioning, sharing, reuse, assessment and monitoring of IT assets from physical devices (e.g., disk drives and processors) to dynamically constructed application components (e.g., Web services).

Gt: How does the EGA Enterprise Grid Security Requirements document address these concerns? What are the requirements to limit or eliminate them?

BRUNETTE: The Grid Security Requirements document provides a detailed overview of enterprise Grid-specific threats, issues and requirements. With this information, organizations are armed to make better business and risk management decisions about how and where to deploy enterprise Grids within their specific environments.

Once we identified the security risks inherent in enterprise Grid computing, the Grid Security Working Group outlined ten security requirements designed to help organizations and vendors mitigate several of the threats and risks unique to enterprise Grid environments. By sharing our initial findings with vendors, consortia and end users alike, we have started a conversation that we hope will lead to improvements that help safeguard actual enterprise Grid deployments. As these initial requirements evolve and are refined, we can begin to make better decisions about what protocols, products, processes and services should be created or adjusted to help organizations better understand and manage risk associated with their enterprise Grid deployments.

Several of the requirements identified in the Security Requirements document are shared with traditional infrastructures such as Identification, Authentication and Authorization. While there are similarities to traditional deployments, these requirements take on new scope and meaning when they are applied to securing enterprise Grid architectures. Similarly, other requirements include the ability to fail security or to ensure secure isolation. These types of requirements are critical in cases such as ours where IT assets are shared, linked together and repurposed more often than in traditional environments. You can find a detailed description of each of the requirements in the final Security Requirements document available on the EGA Web site:

Gt: You said earlier that “enterprise Grids are actually more likely to be secure than traditional computing environments.” How is this possible, especially considering how often security concerns have been singled out as obstacles to Grid adoption?

BRUNETTE: Security has often been a concern for enterprise Grid adoption, specifically because the risks and threats were relatively unknown. The Grid Security Working Group set out to identify these unique threats so organizations will be better armed with information to make appropriate risk management decisions as they adopt enterprise Grids. Vendors can also leverage it to enhance their products and technologies to make them more competitive and more readily able to support their customers’ security needs.

Availability and centralized security management are two vital security benefits that led us to the conclusion that enterprise Grid environments are better positioned to be more secure. By moving away from a “silo-ed” security management model, enterprise Grids enable organizations to more easily manage, automate, audit and optimize their security processes and configurations to more rapidly respond to business opportunities and security events.

Gt: How did the security working group utilize knowledge gained by any end-user participants (from their own Grid deployments) in creating the document?

BRUNETTE: The Grid Security Working Group included organizations and vendors from a variety of disciplines. This diversity enabled the group to develop a broad picture of the potential uses for and deployment scenarios of enterprise Grid-based solutions. The Grid Security Working Group did not work in isolation. Meeting with the other EGA working groups and discussing their points of view, in particular, helped to give us the bigger picture for how enterprise Grids will be used and consequently areas where they could be at risk.

To validate our initial findings, we then leveraged our individual relationships with customers and end users to obtain additional data to help refine the set of threats, risks and recommendations that were developed. It is likely that this material will continue to evolve as more use cases are defined and customer deployment scenarios are considered, but we believe that our outreach work has significantly contributed to the strength of our initial baseline.

Gt: How wide or narrow is the focus of the document? Does it focus on Grids deployed within a single data center, or does it cover multi-site Grid deployments, which would seem to have different and greater associated risks?

BRUNETTE: Overall, the initial focus of all EGA working groups is on commercial enterprise applications within a single data center, as they are considered the lifeblood of most organizations. We expect to extend the scope of these working groups into multi-data center models, as well as technical enterprise applications in the future.

Specifically, in terms of the Grid Security Working Group, the scope covers the unique security issues in an enterprise Grid environment where components are centrally managed and may be shared or rapidly repurposed. Version one of the Requirements document focuses on enterprise Grid security requirements. Later versions will address how these requirements can be satisfied using new and existing policy, processes and technology. As the EGA working groups extend their scope beyond the single data center use case, security topics such as federation, cross-organizational trust models and cooperative management, auditing and monitoring techniques will be addressed.

Gt: How did the working group address the role of Web services standards and security as they relate to Grid security?

BRUNETTE: The focus of the Security Requirements document was to better understand the problem space, identify enterprise Grid specific security challenges and to develop an initial set of security attributes that should be made available to customers deploying enterprise Grids within their environment. While the working group did not focus on specific products, technologies, protocols or standards, the working group did consider several typical enterprise Grid deployment and use scenarios including those supporting Web services.

The Grid Security Working Group continues to elaborate on its initial work by identifying new security gaps and requirements as appropriate, documenting more detailed architectural, procedural and technical solution strategies and recommendations, and cooperating with other standards bodies and working groups to better understand how their work can help support the deployment of secure enterprise Grids.

Gt: How will this document affect the work being done by various bodies (GGF, OASIS, etc.) to establish standards?

BRUNETTE: The EGA was not established to reinvent or relive discussions related to non-Grid or traditional enterprise security controls and best practices. The singular focus of the EGA’s working groups is to provide a basis for collaboration among organizations like OASIS, SNIA and DMTF to help eliminate redundant standards development activities to speed enterprise Grid adoption.

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

What’s New in Computing vs. COVID-19: Fugaku, Congress, De Novo Design & More

July 2, 2020

Supercomputing, big data and artificial intelligence are crucial tools in the fight against the coronavirus pandemic. Around the world, researchers, corporations and governments are urgently devoting their computing reso Read more…

By Oliver Peckham

OpenPOWER Reboot – New Director, New Silicon Partners, Leveraging Linux Foundation Connections

July 2, 2020

Earlier this week the OpenPOWER Foundation announced the contribution of IBM’s A21 Power processor core design to the open source community. Roughly this time last year, IBM announced open sourcing its Power instructio Read more…

By John Russell

HPC Career Notes: July 2020 Edition

July 1, 2020

In this monthly feature, we'll keep you up-to-date on the latest career developments for individuals in the high-performance computing community. Whether it's a promotion, new company hire, or even an accolade, we've got Read more…

By Mariana Iriarte

Supercomputers Enable Radical, Promising New COVID-19 Drug Development Approach

July 1, 2020

Around the world, innumerable supercomputers are sifting through billions of molecules in a desperate search for a viable therapeutic to treat COVID-19. Those molecules are pulled from enormous databases of known compoun Read more…

By Oliver Peckham

HPC-Powered Simulations Reveal a Looming Climatic Threat to Vital Monsoon Seasons

June 30, 2020

As June draws to a close, eyes are turning to the latter half of the year – and with it, the monsoon and hurricane seasons that can prove vital or devastating for many of the world’s coastal communities. Now, climate Read more…

By Oliver Peckham

AWS Solution Channel

Maxar Builds HPC on AWS to Deliver Forecasts 58% Faster Than Weather Supercomputer

When weather threatens drilling rigs, refineries, and other energy facilities, oil and gas companies want to move fast to protect personnel and equipment. And for firms that trade commodity shares in oil, precious metals, crops, and livestock, the weather can significantly impact their buy-sell decisions. Read more…

Intel® HPC + AI Pavilion

Supercomputing the Pandemic: Scientific Community Tackles COVID-19 from Multiple Perspectives

Since their inception, supercomputers have taken on the biggest, most complex, and most data-intensive computing challenges—from confirming Einstein’s theories about gravitational waves to predicting the impacts of climate change. Read more…

Hyperion Forecast – Headwinds in 2020 Won’t Stifle Cloud HPC Adoption or Arm’s Rise

June 30, 2020

The semiannual taking of HPC’s pulse by Hyperion Research – late fall at SC and early summer at ISC – is a much-watched indicator of things come. This year is no different though the conversion of ISC to a digital Read more…

By John Russell

OpenPOWER Reboot – New Director, New Silicon Partners, Leveraging Linux Foundation Connections

July 2, 2020

Earlier this week the OpenPOWER Foundation announced the contribution of IBM’s A21 Power processor core design to the open source community. Roughly this time Read more…

By John Russell

Hyperion Forecast – Headwinds in 2020 Won’t Stifle Cloud HPC Adoption or Arm’s Rise

June 30, 2020

The semiannual taking of HPC’s pulse by Hyperion Research – late fall at SC and early summer at ISC – is a much-watched indicator of things come. This yea Read more…

By John Russell

Racism and HPC: a Special Podcast

June 29, 2020

Promoting greater diversity in HPC is a much-discussed goal and ostensibly a long-sought goal in HPC. Yet it seems clear HPC is far from achieving this goal. Re Read more…

Top500 Trends: Movement on Top, but Record Low Turnover

June 25, 2020

The 55th installment of the Top500 list saw strong activity in the leadership segment with four new systems in the top ten and a crowning achievement from the f Read more…

By Tiffany Trader

ISC 2020 Keynote: Hope for the Future, Praise for Fugaku and HPC’s Pandemic Response

June 24, 2020

In stark contrast to past years Thomas Sterling’s ISC20 keynote today struck a more somber note with the COVID-19 pandemic as the central character in Sterling’s annual review of worldwide trends in HPC. Better known for his engaging manner and occasional willingness to poke prickly egos, Sterling instead strode through the numbing statistics associated... Read more…

By John Russell

ISC 2020’s Student Cluster Competition Winners Announced

June 24, 2020

Normally, the Student Cluster Competition involves teams of students building real computing clusters on the show floors of major supercomputer conferences and Read more…

By Oliver Peckham

Hoefler’s Whirlwind ISC20 Virtual Tour of ML Trends in 9 Slides

June 23, 2020

The ISC20 experience this year via livestreaming and pre-recordings is interesting and perhaps a bit odd. That said presenters’ efforts to condense their comments makes for economic use of your time. Torsten Hoefler’s whirlwind 12-minute tour of ML is a great example. Hoefler, leader of the planned ISC20 Machine Learning... Read more…

By John Russell

At ISC, the Fight Against COVID-19 Took the Stage – and Yes, Fugaku Was There

June 23, 2020

With over nine million infected and nearly half a million dead, the COVID-19 pandemic has seized the world’s attention for several months. It has also dominat Read more…

By Oliver Peckham

Supercomputer Modeling Tests How COVID-19 Spreads in Grocery Stores

April 8, 2020

In the COVID-19 era, many people are treating simple activities like getting gas or groceries with caution as they try to heed social distancing mandates and protect their own health. Still, significant uncertainty surrounds the relative risk of different activities, and conflicting information is prevalent. A team of Finnish researchers set out to address some of these uncertainties by... Read more…

By Oliver Peckham

[email protected] Turns Its Massive Crowdsourced Computer Network Against COVID-19

March 16, 2020

For gamers, fighting against a global crisis is usually pure fantasy – but now, it’s looking more like a reality. As supercomputers around the world spin up Read more…

By Oliver Peckham

[email protected] Rallies a Legion of Computers Against the Coronavirus

March 24, 2020

Last week, we highlighted [email protected], a massive, crowdsourced computer network that has turned its resources against the coronavirus pandemic sweeping the globe – but [email protected] isn’t the only game in town. The internet is buzzing with crowdsourced computing... Read more…

By Oliver Peckham

Global Supercomputing Is Mobilizing Against COVID-19

March 12, 2020

Tech has been taking some heavy losses from the coronavirus pandemic. Global supply chains have been disrupted, virtually every major tech conference taking place over the next few months has been canceled... Read more…

By Oliver Peckham

Supercomputer Simulations Reveal the Fate of the Neanderthals

May 25, 2020

For hundreds of thousands of years, neanderthals roamed the planet, eventually (almost 50,000 years ago) giving way to homo sapiens, which quickly became the do Read more…

By Oliver Peckham

DoE Expands on Role of COVID-19 Supercomputing Consortium

March 25, 2020

After announcing the launch of the COVID-19 High Performance Computing Consortium on Sunday, the Department of Energy yesterday provided more details on its sco Read more…

By John Russell

Steve Scott Lays Out HPE-Cray Blended Product Roadmap

March 11, 2020

Last week, the day before the El Capitan processor disclosures were made at HPE's new headquarters in San Jose, Steve Scott (CTO for HPC & AI at HPE, and former Cray CTO) was on-hand at the Rice Oil & Gas HPC conference in Houston. He was there to discuss the HPE-Cray transition and blended roadmap, as well as his favorite topic, Cray's eighth-gen networking technology, Slingshot. Read more…

By Tiffany Trader

Honeywell’s Big Bet on Trapped Ion Quantum Computing

April 7, 2020

Honeywell doesn’t spring to mind when thinking of quantum computing pioneers, but a decade ago the high-tech conglomerate better known for its control systems waded deliberately into the then calmer quantum computing (QC) waters. Fast forward to March when Honeywell announced plans to introduce an ion trap-based quantum computer whose ‘performance’ would... Read more…

By John Russell

Leading Solution Providers


Neocortex Will Be First-of-Its-Kind 800,000-Core AI Supercomputer

June 9, 2020

Pittsburgh Supercomputing Center (PSC - a joint research organization of Carnegie Mellon University and the University of Pittsburgh) has won a $5 million award Read more…

By Tiffany Trader

‘Billion Molecules Against COVID-19’ Challenge to Launch with Massive Supercomputing Support

April 22, 2020

Around the world, supercomputing centers have spun up and opened their doors for COVID-19 research in what may be the most unified supercomputing effort in hist Read more…

By Oliver Peckham

Australian Researchers Break All-Time Internet Speed Record

May 26, 2020

If you’ve been stuck at home for the last few months, you’ve probably become more attuned to the quality (or lack thereof) of your internet connection. Even Read more…

By Oliver Peckham

Nvidia’s Ampere A100 GPU: Up to 2.5X the HPC, 20X the AI

May 14, 2020

Nvidia's first Ampere-based graphics card, the A100 GPU, packs a whopping 54 billion transistors on 826mm2 of silicon, making it the world's largest seven-nanom Read more…

By Tiffany Trader

15 Slides on Programming Aurora and Exascale Systems

May 7, 2020

Sometime in 2021, Aurora, the first planned U.S. exascale system, is scheduled to be fired up at Argonne National Laboratory. Cray (now HPE) and Intel are the k Read more…

By John Russell

10nm, 7nm, 5nm…. Should the Chip Nanometer Metric Be Replaced?

June 1, 2020

The biggest cool factor in server chips is the nanometer. AMD beating Intel to a CPU built on a 7nm process node* – with 5nm and 3nm on the way – has been i Read more…

By Doug Black

Summit Supercomputer is Already Making its Mark on Science

September 20, 2018

Summit, now the fastest supercomputer in the world, is quickly making its mark in science – five of the six finalists just announced for the prestigious 2018 Read more…

By John Russell

TACC Supercomputers Run Simulations Illuminating COVID-19, DNA Replication

March 19, 2020

As supercomputers around the world spin up to combat the coronavirus, the Texas Advanced Computing Center (TACC) is announcing results that may help to illumina Read more…

By Staff report

  • arrow
  • Click Here for More Headlines
  • arrow
Do NOT follow this link or you will be banned from the site!
Share This