The State of Cloud Security (Pt. 1): Fundamental Risks

By By Dennis Barker, GRIDtoday

July 14, 2008

That cloud computing is risky probably doesn’t surprise you. You hand off your data to someone else, and the cloud provider might hand it off to someone else, from whence it might go somewhere else. Little details — like where it’s being stored, who’s touching it along the way, and what safeguards are being taken — aren’t always clear.

“The most significant issue for cloud computing is the simple fact that data storage falls outside the control of a company’s security infrastructure,” says Larry Ponemon, founder of the Ponemon Institute, which specializes in information security practices and privacy risk management.

A New Mountain to Climb

“[T]he cloud” has a big target painted on its side. For certain types of hackers, it’s an opportunity for new exploits, a new wall to climb, the thrill of sneaking into the servers of a very huge company. For other types, there’s the potential for a big data score. “Sophisticated cybercriminals are likely to see more value in cracking the cloud, which might contain data from a wide range of organizations,” Ponemon says.

You don’t see confirmed detailed reports, but cloud providers are attacked routinely. “Attacks are getting much more sophisticated, and more numerous,” says the CEO of one cloud services provider. “I can watch the firewall and sometimes there are a thousand probes a day into the grid infrastructure. I talk to other ISPs and hear that this is not uncommon. If you have an unprotected machine in the datacenter, it will be compromised within 10 minutes.”

“In the cloud or grid, everybody’s in the same datacenter, and this makes the security situation much worse than in a traditional environment,” says Dave Durkee, CEO of ENKI, a cloud services and virtual datacenter provider. “Everybody’s in the soup together. Cloud providers have to understand the threats and build better defenses. Too many cloud services today give their customers a software firewall and that’s it. Certain types of attacks can overwhelm a software firewall easily.”

 “Cloud is almost synonymous with shared,” says John Engates, chief technology officer for Rackspace, the big IT systems hosting company with its own cloud division, Mosso. “Historically, shared has been a bad word in hosting and IT. Shared meant that you had only logical (software) security boundaries between customers and companies rather than the traditional physical boundaries you get with dedicated gear.” He added that today’s virtualization technologies have helped to mitigate certain security and resource-contention issues.

One of the biggest problems of that shared space is sharing resources from the communal pool. Companies who store files in the cloud need to be concerned about data leakage, says Craig Balding, technical security lead for a Fortune 500 company and a man so concerned about cloud security he started cloudsecurity.org. “Cloud storage gets recycled. The storage you freed an hour ago becomes my storage when I write my files,” Balding says. “The published API calls for cloud storage are pretty high-level … thus, on the surface, the opportunity for abuse, for devious data recovery, seems low. However, my gut feeling is that there will be incidents of data leakage — through tricky or undocumented API usage or simply through failures of isolation. This will get solved over time, but there will be casualties.” 

Dominique Levin, executive vice president of marketing and strategy for LogLogic, which makes network management/surveillance tools, says “there is nothing unique about cloud computing from a security point of view.” But don’t take a lot of comfort in that sentiment. “The consequences of a security breach could be much more severe when the data of many customers is aggregated in the cloud,” Levin says. “Rather than just impacting one organization, a security breach at a cloud provider could potentially impact many customers. This in itself attracts more accidental hackers and organized crime. … It may also be more tempting for rogue employees to monetize some of their legitimate access to customer data.”

Mihai Christodorescu, a researcher in computer security at IBM’s TJ Watson Research Center (who does not speak for IBM), says he sees two significant issues around cloud computing: (1) “[t]he provider has unlimited, unauthenticated and unaudited access to the data of a cloud computing customer”; and (2) “[m]ultitenancy: cloud-computing providers often aggregate multiple customers onto the same physical machines, possibly exposing customers’ data to each other.”

And don’t forget the classic security gap: human error. “The hackers from Uzbekistan get the most press, but what we see in our monitoring is that 98 percent of security breaches are human error,” says Tamar Newberger, vice president of marketing for Catbird, a provider of monitoring and management tools for virtual and physical networks. “I can’t tell you how many times we see SSL certificates that have expired. Letting your SSL certificates expire is alarming. You have to make sure your security model for the cloud is sensitive to human error.”

Who? Where?

When you store data in the cloud, you don’t really know where it’s being stored. It could be in a datacenter on the other side of the country, it could be in another country. While this might not be a security concern for some cloud users, companies governed by certain federal data requirements, such as HIPAA and Sarbanes-Oxley, will need to know where their data is physically located.

“Enterprises considering using the cloud are less concerned about getting hacked than about auditing and compliance requirements,” says Thorsten von Eicken, chief technology officer at RightScale, a company that helps customers run and manage scalable applications on Amazon Web Services. “They want to make sure the cloud provider understands and can assist with these audits.”

As for who is handling or has access to your valuable data, you won’t necessarily know. Your provider might seem totally reliable, but who are they relying on? This reliance on lower-level providers — what Balding calls “outsourcing of trust” — is a “potential landmine.” “Layered cloud services rely on lower levels to function correctly,” he explains. “As a high-level cloud service provider, my security rests on the layer below me. What due diligence did I do?  How accurate is my understanding of their security?  Do I just ‘trust’ what they tell me?”

Virtual Problems

The virtual machines that populate the cloud carry the same dangers as their metal-and-plastic counterparts. “A virtual machine, after all, is just a virtualized version of a physical machine, with all the same risks. You have to assess the risks and take precautions,” says Catbird’s Newberger.

But the virtual environment does raise two significant concerns, she says: (1) it can be very easy for a person to launch rogue machines into the network; and (2) because there apparently have been no successful compromises yet, the hypervisor that controls the environment is “a juicy target for hackers.”

The hypermobility of VMs also raises complications. What if regulated data is migrated to an unprotected rack? What about a machine image that’s been lying in some obscure location in the cloud, can you be sure it’s secure when it reappears on the network? Does it have the latest patches?

Just the Beginning

Nearly everyone interviewed for this astory pointed out that these are “the early days” of cloudward migration and that new threats and new defenses will develop. “Despite security issues, cloud computing is cheap, efficient, and likely to grow in importance over the next few years,” security expert Ponemon says. “Companies need to find ways to enjoy the benefits of cloud computing without sacrificing too much control over security.”

“To really take the cloud to where it can go, and to increase the value it can give customers, cloud service providers need to get much more serious about protecting cloud assets of their clients,” ENKI’s Durkee says. “They need to offer the same security services they’d have in their own datacenter. It has to improve, but people will have to first go into a loss state or a fear state — they’ll have to lose something or fear something.”

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industry updates delivered to you every week!

MLPerf Inference 4.0 Results Showcase GenAI; Nvidia Still Dominates

March 28, 2024

There were no startling surprises in the latest MLPerf Inference benchmark (4.0) results released yesterday. Two new workloads — Llama 2 and Stable Diffusion XL — were added to the benchmark suite as MLPerf continues Read more…

Q&A with Nvidia’s Chief of DGX Systems on the DGX-GB200 Rack-scale System

March 27, 2024

Pictures of Nvidia's new flagship mega-server, the DGX GB200, on the GTC show floor got favorable reactions on social media for the sheer amount of computing power it brings to artificial intelligence.  Nvidia's DGX Read more…

Call for Participation in Workshop on Potential NSF CISE Quantum Initiative

March 26, 2024

Editor’s Note: Next month there will be a workshop to discuss what a quantum initiative led by NSF’s Computer, Information Science and Engineering (CISE) directorate could entail. The details are posted below in a Ca Read more…

Waseda U. Researchers Reports New Quantum Algorithm for Speeding Optimization

March 25, 2024

Optimization problems cover a wide range of applications and are often cited as good candidates for quantum computing. However, the execution time for constrained combinatorial optimization applications on quantum device Read more…

NVLink: Faster Interconnects and Switches to Help Relieve Data Bottlenecks

March 25, 2024

Nvidia’s new Blackwell architecture may have stolen the show this week at the GPU Technology Conference in San Jose, California. But an emerging bottleneck at the network layer threatens to make bigger and brawnier pro Read more…

Who is David Blackwell?

March 22, 2024

During GTC24, co-founder and president of NVIDIA Jensen Huang unveiled the Blackwell GPU. This GPU itself is heavily optimized for AI work, boasting 192GB of HBM3E memory as well as the the ability to train 1 trillion pa Read more…

MLPerf Inference 4.0 Results Showcase GenAI; Nvidia Still Dominates

March 28, 2024

There were no startling surprises in the latest MLPerf Inference benchmark (4.0) results released yesterday. Two new workloads — Llama 2 and Stable Diffusion Read more…

Q&A with Nvidia’s Chief of DGX Systems on the DGX-GB200 Rack-scale System

March 27, 2024

Pictures of Nvidia's new flagship mega-server, the DGX GB200, on the GTC show floor got favorable reactions on social media for the sheer amount of computing po Read more…

NVLink: Faster Interconnects and Switches to Help Relieve Data Bottlenecks

March 25, 2024

Nvidia’s new Blackwell architecture may have stolen the show this week at the GPU Technology Conference in San Jose, California. But an emerging bottleneck at Read more…

Who is David Blackwell?

March 22, 2024

During GTC24, co-founder and president of NVIDIA Jensen Huang unveiled the Blackwell GPU. This GPU itself is heavily optimized for AI work, boasting 192GB of HB Read more…

Nvidia Looks to Accelerate GenAI Adoption with NIM

March 19, 2024

Today at the GPU Technology Conference, Nvidia launched a new offering aimed at helping customers quickly deploy their generative AI applications in a secure, s Read more…

The Generative AI Future Is Now, Nvidia’s Huang Says

March 19, 2024

We are in the early days of a transformative shift in how business gets done thanks to the advent of generative AI, according to Nvidia CEO and cofounder Jensen Read more…

Nvidia’s New Blackwell GPU Can Train AI Models with Trillions of Parameters

March 18, 2024

Nvidia's latest and fastest GPU, codenamed Blackwell, is here and will underpin the company's AI plans this year. The chip offers performance improvements from Read more…

Nvidia Showcases Quantum Cloud, Expanding Quantum Portfolio at GTC24

March 18, 2024

Nvidia’s barrage of quantum news at GTC24 this week includes new products, signature collaborations, and a new Nvidia Quantum Cloud for quantum developers. Wh Read more…

Alibaba Shuts Down its Quantum Computing Effort

November 30, 2023

In case you missed it, China’s e-commerce giant Alibaba has shut down its quantum computing research effort. It’s not entirely clear what drove the change. Read more…

Nvidia H100: Are 550,000 GPUs Enough for This Year?

August 17, 2023

The GPU Squeeze continues to place a premium on Nvidia H100 GPUs. In a recent Financial Times article, Nvidia reports that it expects to ship 550,000 of its lat Read more…

Shutterstock 1285747942

AMD’s Horsepower-packed MI300X GPU Beats Nvidia’s Upcoming H200

December 7, 2023

AMD and Nvidia are locked in an AI performance battle – much like the gaming GPU performance clash the companies have waged for decades. AMD has claimed it Read more…

DoD Takes a Long View of Quantum Computing

December 19, 2023

Given the large sums tied to expensive weapon systems – think $100-million-plus per F-35 fighter – it’s easy to forget the U.S. Department of Defense is a Read more…

Synopsys Eats Ansys: Does HPC Get Indigestion?

February 8, 2024

Recently, it was announced that Synopsys is buying HPC tool developer Ansys. Started in Pittsburgh, Pa., in 1970 as Swanson Analysis Systems, Inc. (SASI) by John Swanson (and eventually renamed), Ansys serves the CAE (Computer Aided Engineering)/multiphysics engineering simulation market. Read more…

Choosing the Right GPU for LLM Inference and Training

December 11, 2023

Accelerating the training and inference processes of deep learning models is crucial for unleashing their true potential and NVIDIA GPUs have emerged as a game- Read more…

Intel’s Server and PC Chip Development Will Blur After 2025

January 15, 2024

Intel's dealing with much more than chip rivals breathing down its neck; it is simultaneously integrating a bevy of new technologies such as chiplets, artificia Read more…

Baidu Exits Quantum, Closely Following Alibaba’s Earlier Move

January 5, 2024

Reuters reported this week that Baidu, China’s giant e-commerce and services provider, is exiting the quantum computing development arena. Reuters reported � Read more…

Leading Solution Providers

Contributors

Comparing NVIDIA A100 and NVIDIA L40S: Which GPU is Ideal for AI and Graphics-Intensive Workloads?

October 30, 2023

With long lead times for the NVIDIA H100 and A100 GPUs, many organizations are looking at the new NVIDIA L40S GPU, which it’s a new GPU optimized for AI and g Read more…

Shutterstock 1179408610

Google Addresses the Mysteries of Its Hypercomputer 

December 28, 2023

When Google launched its Hypercomputer earlier this month (December 2023), the first reaction was, "Say what?" It turns out that the Hypercomputer is Google's t Read more…

AMD MI3000A

How AMD May Get Across the CUDA Moat

October 5, 2023

When discussing GenAI, the term "GPU" almost always enters the conversation and the topic often moves toward performance and access. Interestingly, the word "GPU" is assumed to mean "Nvidia" products. (As an aside, the popular Nvidia hardware used in GenAI are not technically... Read more…

Shutterstock 1606064203

Meta’s Zuckerberg Puts Its AI Future in the Hands of 600,000 GPUs

January 25, 2024

In under two minutes, Meta's CEO, Mark Zuckerberg, laid out the company's AI plans, which included a plan to build an artificial intelligence system with the eq Read more…

Google Introduces ‘Hypercomputer’ to Its AI Infrastructure

December 11, 2023

Google ran out of monikers to describe its new AI system released on December 7. Supercomputer perhaps wasn't an apt description, so it settled on Hypercomputer Read more…

China Is All In on a RISC-V Future

January 8, 2024

The state of RISC-V in China was discussed in a recent report released by the Jamestown Foundation, a Washington, D.C.-based think tank. The report, entitled "E Read more…

Intel Won’t Have a Xeon Max Chip with New Emerald Rapids CPU

December 14, 2023

As expected, Intel officially announced its 5th generation Xeon server chips codenamed Emerald Rapids at an event in New York City, where the focus was really o Read more…

IBM Quantum Summit: Two New QPUs, Upgraded Qiskit, 10-year Roadmap and More

December 4, 2023

IBM kicks off its annual Quantum Summit today and will announce a broad range of advances including its much-anticipated 1121-qubit Condor QPU, a smaller 133-qu Read more…

  • arrow
  • Click Here for More Headlines
  • arrow
HPCwire