The State of Cloud Security (Pt. 2): It Starts with a Conversation

By By Dennis Barker, GRIDtoday

July 21, 2008

Although cloud computing presents new risk of security fiascos, there are many things providers and customers can do to take advantage of on-demand resources in a safe, reliable way. Smart people have been giving this a lot of thought.

Dave Durkee, CEO of cloud provider ENKI, says cloud security has to start with fundamentals and good hardware defenses — emphasis on hardware. “I’m a big believer in hardware firewalls,” he says. “It’s not really enough to know the signature of an attack. You need to know where the traffic is coming from in order to block it. If they fill your upstream connections, you can be shut down.”

ENKI builds its system around AppLogic, 3Tera’s grid engine, which “allows us to manage the connections inside the virtual datacenter, so you can specify the interconnections between each server,” Durkee says. “You can go from server A to B but you can’t get to C. We’re able to build this layer of security into the architecture. But you also need to go the traditional route and have hardware-based intrusion detection and a firewall sitting in front of all that grid stuff. You need multiple layers of protection, just like in the middle ages with the moat and outer walls keeping invaders from getting inside the castle.”

While virtualization technology might enable its own security risks, it also allows system designers to build security in from step one. “The key is to build security in at the planning stage, when you’re designing your virtual machines,” says Tamar Newberger, vice president of marketing for Catbird, which provides security monitoring tools for virtual and physical networks. “You have to design in policies like ‘No financial machines can leave the country,’ for example. If you don’t want employees being able to send certain types of virtual machines to, say, Tokyo, then you build that into your policies and then into your virtual infrastructure. You can have monitoring tools that alert you if someone tries to do something that violates security policy.”

IBM takes advantage of virtualization capabilities within the servers it uses in cloud centers to implement security measures, says Dennis Quan, chief technology officer for High-Performance On-Demand Solutions at IBM. Most important, he says, are isolation techniques to keep customer data and resources separate.

“A lot of work still needs to be done to secure the channels that reach the cloud outside your enterprise,” Quan says, but the company has developed solutions around its current technology. “We build isolation into the hardware, but network-based isolation is also necessary. This can be provided as part of a virtual LAN or we can use different routing technologies. In the cloud we set up for the city of Wuxi in China, we had to implement a lot of different forms of security. They have multiple software companies making use of that facility, and those companies have clients that are large enterprises around the world. So they need to have isolation. We implemented a VPN to make sure all the traffic going into the cloud is authenticated. We use virtual LANs and virtualization technologies to keep virtual machines completely isolated between different tenants in the cloud. There’s a lot more we need to do to strengthen authentication as the cloud evolves, and that’s part of what we’re learning as we build clouds around the world. The security products have had to improve to satisfy the demands of customers using these clouds.”

Security tools will have to adapt to the cloud’s pay-for-what-you-use model, says Craig Balding, technical security lead for a Fortune 500 company and proprietor of cloudsecurity.org . Real cloud security will require “dynamic provisioning and configuration of firewalls and network security monitoring devices to watch traffic from virtual compute instances spun up on demand, perhaps across multiple continents,” Balding says. “What happens when the situation suddenly changes due to demand?  This will only get solved by smart security autonomics.”

Needed: A Standard Stick

Some sort of formal agreement on who is responsible for what will help improve security for cloud customers. Dominique Levin of network security provider LogLogic suggests something like the standard developed by credit card companies for data security, known as PCI (Payment Card Industry). “PCI defines a set of minimum measures that all organizations should implement to protect sensitive information. These include things like using a firewall, limiting unnecessary risky services on your network, and user activity monitoring through log data.” 

“The problem with the cloud-based services is the lack of a strong and centralized ‘stick’ to force providers to comply with any standard. Visa and MasterCard can force adoption of the standard by levying steep fines or even refuse to process credit card transactions in the case of non-compliance. Customers of cloud providers could vote with their feet and refuse to do business until a security standard is adopted, but there is no organized ‘cloud providers customer group’ to drive and enforce a standard.  The best we can hope for is that some enlightened services providers will adopt a standard to differentiate themselves.  Once one provider is successful with such a strategy, others will follow and we will end up with a de-facto standard.”

See-Through Clouds

One word seems to come up in virtually every conversation about strengthening cloud security: Transparency. (See also: lack thereof.)

“The lack of transparency is a big issue in cloud computing,” says John Engates, chief technology officer for Rackspace, the large IT systems hosting company with its own cloud division, Mosso. “As cloud computing is a fairly new concept, most of the current players are holding many details of their platform close to the vest. This includes details like size of the cloud, technology powering the cloud, security practices around the operations of the cloud, locations of data centers, personnel background, etc. Security-by-obscurity does not work. Large corporate IT buyers will demand security audits and assurances around controls. … Most existing clouds don’t provide this kind of transparency. Before we see widespread adoption by big enterprises and government agencies, we’ll need quite a bit more transparency around these sorts of details. Secrecy is not a long-term competitive advantage and companies that are willing to be upfront and tell their customers more about the cloud infrastructure that’s hosting their data will win in the end.”

Engates recommends testing transparency by also asking:

  • Where is the cloud? Can I see the datacenter?
  • Can I get my data out of your cloud?
  • Is my data wiped from the cloud when I delete it?
  • How do you protect my data from other people who have access to the cloud?
  • Have you ever had a data breach in your cloud?
  • Do you encrypt my data in transit? At rest?

Not everyone says they’re worried about security issues in the cloud. “A lot of this is more about irrational psychological barriers. It’s like saying I don’t trust the bank to keep my money,” says Geva Perry, chief marketing officer at GigaSpaces Technologies, whose products enable companies to run and scale high-performance applicationss on grids. “There’s no reason to think that any corporate datacenter is more secure than the datacenter of a serious cloud provider like an Amazon or a Google or any of the others. These companies specialize in running massive datacenters.”

“I would not shy away from using cloud-based services,” says Levin of LogLogic, “but I would demand that my cloud provider doubles down on security and compliance measures. I would ask simple questions such as ‘Will you know at any given time who is accessing my data?’”

As the cloud evolves and more people store data “there,” the most important security tool might be a really simple one: “You may have the best security people, the smartest technology, but are you ready to have the security conversation?” asks Balding. “Are you willing to engage at a meaningful level? The biggest problem today from outside the cloud is that security is definitely cloud y — when it needs to be transparent.”

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

House Bill Seeks Study on Quantum Computing, Identifying Benefits, Supply Chain Risks

May 27, 2020

New legislation under consideration (H.R.6919, Advancing Quantum Computing Act) requests that the Secretary of Commerce conduct a comprehensive study on quantum computing to assess the benefits of the technology for Amer Read more…

By Tiffany Trader

$100B Plan Submitted for Massive Remake and Expansion of NSF

May 27, 2020

Legislation to reshape, expand - and rename - the National Science Foundation has been submitted in both the U.S. House and Senate. The proposal, which seems to have bipartisan support, calls for giving NSF $100 billion Read more…

By John Russell

IBM Boosts Deep Learning Accuracy on Memristive Chips

May 27, 2020

IBM researchers have taken another step towards making in-memory computing based on phase change (PCM) memory devices a reality. Papers in Nature and Frontiers in Neuroscience this month present IBM work using a mixed-si Read more…

By John Russell

Australian Researchers Break All-Time Internet Speed Record

May 26, 2020

If you’ve been stuck at home for the last few months, you’ve probably become more attuned to the quality (or lack thereof) of your internet connection. Even in the U.S. (which has a reasonably fast average broadband Read more…

By Oliver Peckham

Hats Over Hearts: Remembering Rich Brueckner

May 26, 2020

It is with great sadness that we announce the death of Rich Brueckner. His passing is an unexpected and enormous blow to both his family and our HPC family. Rich was born in Milwaukee, Wisconsin on April 12, 1962. His Read more…

AWS Solution Channel

Computational Fluid Dynamics on AWS

Over the past 30 years Computational Fluid Dynamics (CFD) has grown to become a key part of many engineering design processes. From aircraft design to modelling the blood flow in our bodies, the ability to understand the behaviour of fluids has enabled countless innovations and improved the time to market for many products. Read more…

Supercomputer Simulations Reveal the Fate of the Neanderthals

May 25, 2020

For hundreds of thousands of years, neanderthals roamed the planet, eventually (almost 50,000 years ago) giving way to homo sapiens, which quickly became the dominant primate species, with the neanderthals disappearing b Read more…

By Oliver Peckham

$100B Plan Submitted for Massive Remake and Expansion of NSF

May 27, 2020

Legislation to reshape, expand - and rename - the National Science Foundation has been submitted in both the U.S. House and Senate. The proposal, which seems to Read more…

By John Russell

IBM Boosts Deep Learning Accuracy on Memristive Chips

May 27, 2020

IBM researchers have taken another step towards making in-memory computing based on phase change (PCM) memory devices a reality. Papers in Nature and Frontiers Read more…

By John Russell

Nvidia Q1 Earnings Top Expectations, Datacenter Revenue Breaks $1B

May 22, 2020

Nvidia’s seemingly endless roll continued in the first quarter with the company announcing blockbuster earnings that exceeded Wall Street expectations. Nvidia Read more…

By Doug Black

Microsoft’s Massive AI Supercomputer on Azure: 285k CPU Cores, 10k GPUs

May 20, 2020

Microsoft has unveiled a supercomputing monster – among the world’s five most powerful, according to the company – aimed at what is known in scientific an Read more…

By Doug Black

HPC in Life Sciences 2020 Part 1: Rise of AMD, Data Management’s Wild West, More 

May 20, 2020

Given the disruption caused by the COVID-19 pandemic and the massive enlistment of major HPC resources to fight the pandemic, it is especially appropriate to re Read more…

By John Russell

AMD Epyc Rome Picked for New Nvidia DGX, but HGX Preserves Intel Option

May 19, 2020

AMD continues to make inroads into the datacenter with its second-generation Epyc "Rome" processor, which last week scored a win with Nvidia's announcement that Read more…

By Tiffany Trader

Hacking Streak Forces European Supercomputers Offline in Midst of COVID-19 Research Effort

May 18, 2020

This week, a number of European supercomputers discovered intrusive malware hosted on their systems. Now, in the midst of a massive supercomputing research effo Read more…

By Oliver Peckham

Nvidia’s Ampere A100 GPU: Up to 2.5X the HPC, 20X the AI

May 14, 2020

Nvidia's first Ampere-based graphics card, the A100 GPU, packs a whopping 54 billion transistors on 826mm2 of silicon, making it the world's largest seven-nanom Read more…

By Tiffany Trader

Supercomputer Modeling Tests How COVID-19 Spreads in Grocery Stores

April 8, 2020

In the COVID-19 era, many people are treating simple activities like getting gas or groceries with caution as they try to heed social distancing mandates and protect their own health. Still, significant uncertainty surrounds the relative risk of different activities, and conflicting information is prevalent. A team of Finnish researchers set out to address some of these uncertainties by... Read more…

By Oliver Peckham

[email protected] Turns Its Massive Crowdsourced Computer Network Against COVID-19

March 16, 2020

For gamers, fighting against a global crisis is usually pure fantasy – but now, it’s looking more like a reality. As supercomputers around the world spin up Read more…

By Oliver Peckham

[email protected] Rallies a Legion of Computers Against the Coronavirus

March 24, 2020

Last week, we highlighted [email protected], a massive, crowdsourced computer network that has turned its resources against the coronavirus pandemic sweeping the globe – but [email protected] isn’t the only game in town. The internet is buzzing with crowdsourced computing... Read more…

By Oliver Peckham

Global Supercomputing Is Mobilizing Against COVID-19

March 12, 2020

Tech has been taking some heavy losses from the coronavirus pandemic. Global supply chains have been disrupted, virtually every major tech conference taking place over the next few months has been canceled... Read more…

By Oliver Peckham

DoE Expands on Role of COVID-19 Supercomputing Consortium

March 25, 2020

After announcing the launch of the COVID-19 High Performance Computing Consortium on Sunday, the Department of Energy yesterday provided more details on its sco Read more…

By John Russell

Supercomputer Simulations Reveal the Fate of the Neanderthals

May 25, 2020

For hundreds of thousands of years, neanderthals roamed the planet, eventually (almost 50,000 years ago) giving way to homo sapiens, which quickly became the do Read more…

By Oliver Peckham

Steve Scott Lays Out HPE-Cray Blended Product Roadmap

March 11, 2020

Last week, the day before the El Capitan processor disclosures were made at HPE's new headquarters in San Jose, Steve Scott (CTO for HPC & AI at HPE, and former Cray CTO) was on-hand at the Rice Oil & Gas HPC conference in Houston. He was there to discuss the HPE-Cray transition and blended roadmap, as well as his favorite topic, Cray's eighth-gen networking technology, Slingshot. Read more…

By Tiffany Trader

Honeywell’s Big Bet on Trapped Ion Quantum Computing

April 7, 2020

Honeywell doesn’t spring to mind when thinking of quantum computing pioneers, but a decade ago the high-tech conglomerate better known for its control systems waded deliberately into the then calmer quantum computing (QC) waters. Fast forward to March when Honeywell announced plans to introduce an ion trap-based quantum computer whose ‘performance’ would... Read more…

By John Russell

Leading Solution Providers

SC 2019 Virtual Booth Video Tour

AMD
AMD
ASROCK RACK
ASROCK RACK
AWS
AWS
CEJN
CJEN
CRAY
CRAY
DDN
DDN
DELL EMC
DELL EMC
IBM
IBM
MELLANOX
MELLANOX
ONE STOP SYSTEMS
ONE STOP SYSTEMS
PANASAS
PANASAS
SIX NINES IT
SIX NINES IT
VERNE GLOBAL
VERNE GLOBAL
WEKAIO
WEKAIO

Contributors

Fujitsu A64FX Supercomputer to Be Deployed at Nagoya University This Summer

February 3, 2020

Japanese tech giant Fujitsu announced today that it will supply Nagoya University Information Technology Center with the first commercial supercomputer powered Read more…

By Tiffany Trader

Tech Conferences Are Being Canceled Due to Coronavirus

March 3, 2020

Several conferences scheduled to take place in the coming weeks, including Nvidia’s GPU Technology Conference (GTC) and the Strata Data + AI conference, have Read more…

By Alex Woodie

Exascale Watch: El Capitan Will Use AMD CPUs & GPUs to Reach 2 Exaflops

March 4, 2020

HPE and its collaborators reported today that El Capitan, the forthcoming exascale supercomputer to be sited at Lawrence Livermore National Laboratory and serve Read more…

By John Russell

‘Billion Molecules Against COVID-19’ Challenge to Launch with Massive Supercomputing Support

April 22, 2020

Around the world, supercomputing centers have spun up and opened their doors for COVID-19 research in what may be the most unified supercomputing effort in hist Read more…

By Oliver Peckham

Cray to Provide NOAA with Two AMD-Powered Supercomputers

February 24, 2020

The United States’ National Oceanic and Atmospheric Administration (NOAA) last week announced plans for a major refresh of its operational weather forecasting supercomputers, part of a 10-year, $505.2 million program, which will secure two HPE-Cray systems for NOAA’s National Weather Service to be fielded later this year and put into production in early 2022. Read more…

By Tiffany Trader

Summit Supercomputer is Already Making its Mark on Science

September 20, 2018

Summit, now the fastest supercomputer in the world, is quickly making its mark in science – five of the six finalists just announced for the prestigious 2018 Read more…

By John Russell

15 Slides on Programming Aurora and Exascale Systems

May 7, 2020

Sometime in 2021, Aurora, the first planned U.S. exascale system, is scheduled to be fired up at Argonne National Laboratory. Cray (now HPE) and Intel are the k Read more…

By John Russell

TACC Supercomputers Run Simulations Illuminating COVID-19, DNA Replication

March 19, 2020

As supercomputers around the world spin up to combat the coronavirus, the Texas Advanced Computing Center (TACC) is announcing results that may help to illumina Read more…

By Staff report

  • arrow
  • Click Here for More Headlines
  • arrow
Do NOT follow this link or you will be banned from the site!
Share This