The State of Cloud Security (Pt. 1): Fundamental Risks

By By Dennis Barker, GRIDtoday

July 14, 2008

That cloud computing is risky probably doesn’t surprise you. You hand off your data to someone else, and the cloud provider might hand it off to someone else, from whence it might go somewhere else. Little details — like where it’s being stored, who’s touching it along the way, and what safeguards are being taken — aren’t always clear.

“The most significant issue for cloud computing is the simple fact that data storage falls outside the control of a company’s security infrastructure,” says Larry Ponemon, founder of the Ponemon Institute, which specializes in information security practices and privacy risk management.

A New Mountain to Climb

“[T]he cloud” has a big target painted on its side. For certain types of hackers, it’s an opportunity for new exploits, a new wall to climb, the thrill of sneaking into the servers of a very huge company. For other types, there’s the potential for a big data score. “Sophisticated cybercriminals are likely to see more value in cracking the cloud, which might contain data from a wide range of organizations,” Ponemon says.

You don’t see confirmed detailed reports, but cloud providers are attacked routinely. “Attacks are getting much more sophisticated, and more numerous,” says the CEO of one cloud services provider. “I can watch the firewall and sometimes there are a thousand probes a day into the grid infrastructure. I talk to other ISPs and hear that this is not uncommon. If you have an unprotected machine in the datacenter, it will be compromised within 10 minutes.”

“In the cloud or grid, everybody’s in the same datacenter, and this makes the security situation much worse than in a traditional environment,” says Dave Durkee, CEO of ENKI, a cloud services and virtual datacenter provider. “Everybody’s in the soup together. Cloud providers have to understand the threats and build better defenses. Too many cloud services today give their customers a software firewall and that’s it. Certain types of attacks can overwhelm a software firewall easily.”

 “Cloud is almost synonymous with shared,” says John Engates, chief technology officer for Rackspace, the big IT systems hosting company with its own cloud division, Mosso. “Historically, shared has been a bad word in hosting and IT. Shared meant that you had only logical (software) security boundaries between customers and companies rather than the traditional physical boundaries you get with dedicated gear.” He added that today’s virtualization technologies have helped to mitigate certain security and resource-contention issues.

One of the biggest problems of that shared space is sharing resources from the communal pool. Companies who store files in the cloud need to be concerned about data leakage, says Craig Balding, technical security lead for a Fortune 500 company and a man so concerned about cloud security he started cloudsecurity.org. “Cloud storage gets recycled. The storage you freed an hour ago becomes my storage when I write my files,” Balding says. “The published API calls for cloud storage are pretty high-level … thus, on the surface, the opportunity for abuse, for devious data recovery, seems low. However, my gut feeling is that there will be incidents of data leakage — through tricky or undocumented API usage or simply through failures of isolation. This will get solved over time, but there will be casualties.” 

Dominique Levin, executive vice president of marketing and strategy for LogLogic, which makes network management/surveillance tools, says “there is nothing unique about cloud computing from a security point of view.” But don’t take a lot of comfort in that sentiment. “The consequences of a security breach could be much more severe when the data of many customers is aggregated in the cloud,” Levin says. “Rather than just impacting one organization, a security breach at a cloud provider could potentially impact many customers. This in itself attracts more accidental hackers and organized crime. … It may also be more tempting for rogue employees to monetize some of their legitimate access to customer data.”

Mihai Christodorescu, a researcher in computer security at IBM’s TJ Watson Research Center (who does not speak for IBM), says he sees two significant issues around cloud computing: (1) “[t]he provider has unlimited, unauthenticated and unaudited access to the data of a cloud computing customer”; and (2) “[m]ultitenancy: cloud-computing providers often aggregate multiple customers onto the same physical machines, possibly exposing customers’ data to each other.”

And don’t forget the classic security gap: human error. “The hackers from Uzbekistan get the most press, but what we see in our monitoring is that 98 percent of security breaches are human error,” says Tamar Newberger, vice president of marketing for Catbird, a provider of monitoring and management tools for virtual and physical networks. “I can’t tell you how many times we see SSL certificates that have expired. Letting your SSL certificates expire is alarming. You have to make sure your security model for the cloud is sensitive to human error.”

Who? Where?

When you store data in the cloud, you don’t really know where it’s being stored. It could be in a datacenter on the other side of the country, it could be in another country. While this might not be a security concern for some cloud users, companies governed by certain federal data requirements, such as HIPAA and Sarbanes-Oxley, will need to know where their data is physically located.

“Enterprises considering using the cloud are less concerned about getting hacked than about auditing and compliance requirements,” says Thorsten von Eicken, chief technology officer at RightScale, a company that helps customers run and manage scalable applications on Amazon Web Services. “They want to make sure the cloud provider understands and can assist with these audits.”

As for who is handling or has access to your valuable data, you won’t necessarily know. Your provider might seem totally reliable, but who are they relying on? This reliance on lower-level providers — what Balding calls “outsourcing of trust” — is a “potential landmine.” “Layered cloud services rely on lower levels to function correctly,” he explains. “As a high-level cloud service provider, my security rests on the layer below me. What due diligence did I do?  How accurate is my understanding of their security?  Do I just ‘trust’ what they tell me?”

Virtual Problems

The virtual machines that populate the cloud carry the same dangers as their metal-and-plastic counterparts. “A virtual machine, after all, is just a virtualized version of a physical machine, with all the same risks. You have to assess the risks and take precautions,” says Catbird’s Newberger.

But the virtual environment does raise two significant concerns, she says: (1) it can be very easy for a person to launch rogue machines into the network; and (2) because there apparently have been no successful compromises yet, the hypervisor that controls the environment is “a juicy target for hackers.”

The hypermobility of VMs also raises complications. What if regulated data is migrated to an unprotected rack? What about a machine image that’s been lying in some obscure location in the cloud, can you be sure it’s secure when it reappears on the network? Does it have the latest patches?

Just the Beginning

Nearly everyone interviewed for this astory pointed out that these are “the early days” of cloudward migration and that new threats and new defenses will develop. “Despite security issues, cloud computing is cheap, efficient, and likely to grow in importance over the next few years,” security expert Ponemon says. “Companies need to find ways to enjoy the benefits of cloud computing without sacrificing too much control over security.”

“To really take the cloud to where it can go, and to increase the value it can give customers, cloud service providers need to get much more serious about protecting cloud assets of their clients,” ENKI’s Durkee says. “They need to offer the same security services they’d have in their own datacenter. It has to improve, but people will have to first go into a loss state or a fear state — they’ll have to lose something or fear something.”

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

Hyperion: AI-driven HPC Industry Continues to Push Growth Projections

November 21, 2019

Three major forces – AI, cloud and exascale – are combining to raise the HPC industry to heights exceeding expectations. According to market study results released this week by Hyperion Research at SC19 in Denver, Read more…

By Doug Black

At SC19: Bespoke Supercomputing for Climate and Weather

November 20, 2019

Weather and climate applications are some of the most important uses of HPC – a good model can save lives, as well as billions of dollars. But many weather and climate models struggle to run efficiently in their HPC en Read more…

By Oliver Peckham

Microsoft, Nvidia Launch Cloud HPC Service

November 20, 2019

Nvidia and Microsoft have joined forces to offer a cloud HPC capability based on the GPU vendor’s V100 Tensor Core chips linked via an InfiniBand network scaling up to 800 graphics processors. The partners announced Read more…

By George Leopold

Hazra Retiring from Intel Data Center Group, Successor Not Known

November 20, 2019

Rajeeb Hazra, corporate VP of Intel’s Data Center Group and GM for the Enterprise and Government Group, is retiring after more than 24 years at the company. At this writing, his successor is unknown. An earlier story on... Read more…

By Doug Black

Jensen Huang’s SC19 – Fast Cars, a Strong Arm, and Aiming for the Cloud(s)

November 20, 2019

We’ve come to expect Nvidia CEO Jensen Huang’s annual SC keynote to contain stunning graphics and lively bravado (with plenty of examples) in support of GPU-accelerated computing. In recent years, AI has joined the s Read more…

By John Russell

AWS Solution Channel

Making High Performance Computing Affordable and Accessible for Small and Medium Businesses with HPC on AWS

High performance computing (HPC) brings a powerful set of tools to a broad range of industries, helping to drive innovation and boost revenue in finance, genomics, oil and gas extraction, and other fields. Read more…

IBM Accelerated Insights

Data Management – The Key to a Successful AI Project

 

Five characteristics of an awesome AI data infrastructure

[Attend the IBM LSF & HPC User Group Meeting at SC19 in Denver on November 19!]

AI is powered by data

While neural networks seem to get all the glory, data is the unsung hero of AI projects – data lies at the heart of everything from model training to tuning to selection to validation. Read more…

SC19 Student Cluster Competition: Know Your Teams

November 19, 2019

I’m typing this live from Denver, the location of the 2019 Student Cluster Competition… and, oh yeah, the annual SC conference too. The attendance this year should be north of 13,000 people, with the majority attende Read more…

By Dan Olds

Hyperion: AI-driven HPC Industry Continues to Push Growth Projections

November 21, 2019

Three major forces – AI, cloud and exascale – are combining to raise the HPC industry to heights exceeding expectations. According to market study results r Read more…

By Doug Black

At SC19: Bespoke Supercomputing for Climate and Weather

November 20, 2019

Weather and climate applications are some of the most important uses of HPC – a good model can save lives, as well as billions of dollars. But many weather an Read more…

By Oliver Peckham

Hazra Retiring from Intel Data Center Group, Successor Not Known

November 20, 2019

Rajeeb Hazra, corporate VP of Intel’s Data Center Group and GM for the Enterprise and Government Group, is retiring after more than 24 years at the company. At this writing, his successor is unknown. An earlier story on... Read more…

By Doug Black

Jensen Huang’s SC19 – Fast Cars, a Strong Arm, and Aiming for the Cloud(s)

November 20, 2019

We’ve come to expect Nvidia CEO Jensen Huang’s annual SC keynote to contain stunning graphics and lively bravado (with plenty of examples) in support of GPU Read more…

By John Russell

Top500: US Maintains Performance Lead; Arm Tops Green500

November 18, 2019

The 54th Top500, revealed today at SC19, is a familiar list: the U.S. Summit (ORNL) and Sierra (LLNL) machines, offering 148.6 and 94.6 petaflops respectively, Read more…

By Tiffany Trader

ScaleMatrix and Nvidia Launch ‘Deploy Anywhere’ DGX HPC and AI in a Controlled Enclosure

November 18, 2019

HPC and AI in a phone booth: ScaleMatrix and Nvidia announced today at the SC19 conference in Denver a joint offering that puts up to 13 petaflops of Nvidia DGX Read more…

By Doug Black

Intel Debuts New GPU – Ponte Vecchio – and Outlines Aspirations for oneAPI

November 17, 2019

Intel today revealed a few more details about its forthcoming Xe line of GPUs – the top SKU is named Ponte Vecchio and will be used in Aurora, the first plann Read more…

By John Russell

SC19: Welcome to Denver

November 17, 2019

A significant swath of the HPC community has come to Denver for SC19, which began today (Sunday) with a rich technical program. As is customary, the ribbon cutt Read more…

By Tiffany Trader

Supercomputer-Powered AI Tackles a Key Fusion Energy Challenge

August 7, 2019

Fusion energy is the Holy Grail of the energy world: low-radioactivity, low-waste, zero-carbon, high-output nuclear power that can run on hydrogen or lithium. T Read more…

By Oliver Peckham

Using AI to Solve One of the Most Prevailing Problems in CFD

October 17, 2019

How can artificial intelligence (AI) and high-performance computing (HPC) solve mesh generation, one of the most commonly referenced problems in computational engineering? A new study has set out to answer this question and create an industry-first AI-mesh application... Read more…

By James Sharpe

Cray Wins NNSA-Livermore ‘El Capitan’ Exascale Contract

August 13, 2019

Cray has won the bid to build the first exascale supercomputer for the National Nuclear Security Administration (NNSA) and Lawrence Livermore National Laborator Read more…

By Tiffany Trader

DARPA Looks to Propel Parallelism

September 4, 2019

As Moore’s law runs out of steam, new programming approaches are being pursued with the goal of greater hardware performance with less coding. The Defense Advanced Projects Research Agency is launching a new programming effort aimed at leveraging the benefits of massive distributed parallelism with less sweat. Read more…

By George Leopold

AMD Launches Epyc Rome, First 7nm CPU

August 8, 2019

From a gala event at the Palace of Fine Arts in San Francisco yesterday (Aug. 7), AMD launched its second-generation Epyc Rome x86 chips, based on its 7nm proce Read more…

By Tiffany Trader

D-Wave’s Path to 5000 Qubits; Google’s Quantum Supremacy Claim

September 24, 2019

On the heels of IBM’s quantum news last week come two more quantum items. D-Wave Systems today announced the name of its forthcoming 5000-qubit system, Advantage (yes the name choice isn’t serendipity), at its user conference being held this week in Newport, RI. Read more…

By John Russell

Ayar Labs to Demo Photonics Chiplet in FPGA Package at Hot Chips

August 19, 2019

Silicon startup Ayar Labs continues to gain momentum with its DARPA-backed optical chiplet technology that puts advanced electronics and optics on the same chip Read more…

By Tiffany Trader

Crystal Ball Gazing: IBM’s Vision for the Future of Computing

October 14, 2019

Dario Gil, IBM’s relatively new director of research, painted a intriguing portrait of the future of computing along with a rough idea of how IBM thinks we’ Read more…

By John Russell

Leading Solution Providers

ISC 2019 Virtual Booth Video Tour

CRAY
CRAY
DDN
DDN
DELL EMC
DELL EMC
GOOGLE
GOOGLE
ONE STOP SYSTEMS
ONE STOP SYSTEMS
PANASAS
PANASAS
VERNE GLOBAL
VERNE GLOBAL

Cray, Fujitsu Both Bringing Fujitsu A64FX-based Supercomputers to Market in 2020

November 12, 2019

The number of top-tier HPC systems makers has shrunk due to a steady march of M&A activity, but there is increased diversity and choice of processing compon Read more…

By Tiffany Trader

Intel Confirms Retreat on Omni-Path

August 1, 2019

Intel Corp.’s plans to make a big splash in the network fabric market for linking HPC and other workloads has apparently belly-flopped. The chipmaker confirmed to us the outlines of an earlier report by the website CRN that it has jettisoned plans for a second-generation version of its Omni-Path interconnect... Read more…

By Staff report

Kubernetes, Containers and HPC

September 19, 2019

Software containers and Kubernetes are important tools for building, deploying, running and managing modern enterprise applications at scale and delivering enterprise software faster and more reliably to the end user — while using resources more efficiently and reducing costs. Read more…

By Daniel Gruber, Burak Yenier and Wolfgang Gentzsch, UberCloud

Dell Ramps Up HPC Testing of AMD Rome Processors

October 21, 2019

Dell Technologies is wading deeper into the AMD-based systems market with a growing evaluation program for the latest Epyc (Rome) microprocessors from AMD. In a Read more…

By John Russell

Rise of NIH’s Biowulf Mirrors the Rise of Computational Biology

July 29, 2019

The story of NIH’s supercomputer Biowulf is fascinating, important, and in many ways representative of the transformation of life sciences and biomedical res Read more…

By John Russell

Xilinx vs. Intel: FPGA Market Leaders Launch Server Accelerator Cards

August 6, 2019

The two FPGA market leaders, Intel and Xilinx, both announced new accelerator cards this week designed to handle specialized, compute-intensive workloads and un Read more…

By Doug Black

Intel Debuts New GPU – Ponte Vecchio – and Outlines Aspirations for oneAPI

November 17, 2019

Intel today revealed a few more details about its forthcoming Xe line of GPUs – the top SKU is named Ponte Vecchio and will be used in Aurora, the first plann Read more…

By John Russell

When Dense Matrix Representations Beat Sparse

September 9, 2019

In our world filled with unintended consequences, it turns out that saving memory space to help deal with GPU limitations, knowing it introduces performance pen Read more…

By James Reinders

  • arrow
  • Click Here for More Headlines
  • arrow
Do NOT follow this link or you will be banned from the site!
Share This