The State of Cloud Security (Pt. 2): It Starts with a Conversation

By By Dennis Barker, GRIDtoday

July 21, 2008

Although cloud computing presents new risk of security fiascos, there are many things providers and customers can do to take advantage of on-demand resources in a safe, reliable way. Smart people have been giving this a lot of thought.

Dave Durkee, CEO of cloud provider ENKI, says cloud security has to start with fundamentals and good hardware defenses — emphasis on hardware. “I’m a big believer in hardware firewalls,” he says. “It’s not really enough to know the signature of an attack. You need to know where the traffic is coming from in order to block it. If they fill your upstream connections, you can be shut down.”

ENKI builds its system around AppLogic, 3Tera’s grid engine, which “allows us to manage the connections inside the virtual datacenter, so you can specify the interconnections between each server,” Durkee says. “You can go from server A to B but you can’t get to C. We’re able to build this layer of security into the architecture. But you also need to go the traditional route and have hardware-based intrusion detection and a firewall sitting in front of all that grid stuff. You need multiple layers of protection, just like in the middle ages with the moat and outer walls keeping invaders from getting inside the castle.”

While virtualization technology might enable its own security risks, it also allows system designers to build security in from step one. “The key is to build security in at the planning stage, when you’re designing your virtual machines,” says Tamar Newberger, vice president of marketing for Catbird, which provides security monitoring tools for virtual and physical networks. “You have to design in policies like ‘No financial machines can leave the country,’ for example. If you don’t want employees being able to send certain types of virtual machines to, say, Tokyo, then you build that into your policies and then into your virtual infrastructure. You can have monitoring tools that alert you if someone tries to do something that violates security policy.”

IBM takes advantage of virtualization capabilities within the servers it uses in cloud centers to implement security measures, says Dennis Quan, chief technology officer for High-Performance On-Demand Solutions at IBM. Most important, he says, are isolation techniques to keep customer data and resources separate.

“A lot of work still needs to be done to secure the channels that reach the cloud outside your enterprise,” Quan says, but the company has developed solutions around its current technology. “We build isolation into the hardware, but network-based isolation is also necessary. This can be provided as part of a virtual LAN or we can use different routing technologies. In the cloud we set up for the city of Wuxi in China, we had to implement a lot of different forms of security. They have multiple software companies making use of that facility, and those companies have clients that are large enterprises around the world. So they need to have isolation. We implemented a VPN to make sure all the traffic going into the cloud is authenticated. We use virtual LANs and virtualization technologies to keep virtual machines completely isolated between different tenants in the cloud. There’s a lot more we need to do to strengthen authentication as the cloud evolves, and that’s part of what we’re learning as we build clouds around the world. The security products have had to improve to satisfy the demands of customers using these clouds.”

Security tools will have to adapt to the cloud’s pay-for-what-you-use model, says Craig Balding, technical security lead for a Fortune 500 company and proprietor of cloudsecurity.org . Real cloud security will require “dynamic provisioning and configuration of firewalls and network security monitoring devices to watch traffic from virtual compute instances spun up on demand, perhaps across multiple continents,” Balding says. “What happens when the situation suddenly changes due to demand?  This will only get solved by smart security autonomics.”

Needed: A Standard Stick

Some sort of formal agreement on who is responsible for what will help improve security for cloud customers. Dominique Levin of network security provider LogLogic suggests something like the standard developed by credit card companies for data security, known as PCI (Payment Card Industry). “PCI defines a set of minimum measures that all organizations should implement to protect sensitive information. These include things like using a firewall, limiting unnecessary risky services on your network, and user activity monitoring through log data.” 

“The problem with the cloud-based services is the lack of a strong and centralized ‘stick’ to force providers to comply with any standard. Visa and MasterCard can force adoption of the standard by levying steep fines or even refuse to process credit card transactions in the case of non-compliance. Customers of cloud providers could vote with their feet and refuse to do business until a security standard is adopted, but there is no organized ‘cloud providers customer group’ to drive and enforce a standard.  The best we can hope for is that some enlightened services providers will adopt a standard to differentiate themselves.  Once one provider is successful with such a strategy, others will follow and we will end up with a de-facto standard.”

See-Through Clouds

One word seems to come up in virtually every conversation about strengthening cloud security: Transparency. (See also: lack thereof.)

“The lack of transparency is a big issue in cloud computing,” says John Engates, chief technology officer for Rackspace, the large IT systems hosting company with its own cloud division, Mosso. “As cloud computing is a fairly new concept, most of the current players are holding many details of their platform close to the vest. This includes details like size of the cloud, technology powering the cloud, security practices around the operations of the cloud, locations of data centers, personnel background, etc. Security-by-obscurity does not work. Large corporate IT buyers will demand security audits and assurances around controls. … Most existing clouds don’t provide this kind of transparency. Before we see widespread adoption by big enterprises and government agencies, we’ll need quite a bit more transparency around these sorts of details. Secrecy is not a long-term competitive advantage and companies that are willing to be upfront and tell their customers more about the cloud infrastructure that’s hosting their data will win in the end.”

Engates recommends testing transparency by also asking:

  • Where is the cloud? Can I see the datacenter?
  • Can I get my data out of your cloud?
  • Is my data wiped from the cloud when I delete it?
  • How do you protect my data from other people who have access to the cloud?
  • Have you ever had a data breach in your cloud?
  • Do you encrypt my data in transit? At rest?

Not everyone says they’re worried about security issues in the cloud. “A lot of this is more about irrational psychological barriers. It’s like saying I don’t trust the bank to keep my money,” says Geva Perry, chief marketing officer at GigaSpaces Technologies, whose products enable companies to run and scale high-performance applicationss on grids. “There’s no reason to think that any corporate datacenter is more secure than the datacenter of a serious cloud provider like an Amazon or a Google or any of the others. These companies specialize in running massive datacenters.”

“I would not shy away from using cloud-based services,” says Levin of LogLogic, “but I would demand that my cloud provider doubles down on security and compliance measures. I would ask simple questions such as ‘Will you know at any given time who is accessing my data?’”

As the cloud evolves and more people store data “there,” the most important security tool might be a really simple one: “You may have the best security people, the smartest technology, but are you ready to have the security conversation?” asks Balding. “Are you willing to engage at a meaningful level? The biggest problem today from outside the cloud is that security is definitely cloud y — when it needs to be transparent.”

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industry updates delivered to you every week!

MLPerf Inference 4.0 Results Showcase GenAI; Nvidia Still Dominates

March 28, 2024

There were no startling surprises in the latest MLPerf Inference benchmark (4.0) results released yesterday. Two new workloads — Llama 2 and Stable Diffusion XL — were added to the benchmark suite as MLPerf continues Read more…

Q&A with Nvidia’s Chief of DGX Systems on the DGX-GB200 Rack-scale System

March 27, 2024

Pictures of Nvidia's new flagship mega-server, the DGX GB200, on the GTC show floor got favorable reactions on social media for the sheer amount of computing power it brings to artificial intelligence.  Nvidia's DGX Read more…

Call for Participation in Workshop on Potential NSF CISE Quantum Initiative

March 26, 2024

Editor’s Note: Next month there will be a workshop to discuss what a quantum initiative led by NSF’s Computer, Information Science and Engineering (CISE) directorate could entail. The details are posted below in a Ca Read more…

Waseda U. Researchers Reports New Quantum Algorithm for Speeding Optimization

March 25, 2024

Optimization problems cover a wide range of applications and are often cited as good candidates for quantum computing. However, the execution time for constrained combinatorial optimization applications on quantum device Read more…

NVLink: Faster Interconnects and Switches to Help Relieve Data Bottlenecks

March 25, 2024

Nvidia’s new Blackwell architecture may have stolen the show this week at the GPU Technology Conference in San Jose, California. But an emerging bottleneck at the network layer threatens to make bigger and brawnier pro Read more…

Who is David Blackwell?

March 22, 2024

During GTC24, co-founder and president of NVIDIA Jensen Huang unveiled the Blackwell GPU. This GPU itself is heavily optimized for AI work, boasting 192GB of HBM3E memory as well as the the ability to train 1 trillion pa Read more…

MLPerf Inference 4.0 Results Showcase GenAI; Nvidia Still Dominates

March 28, 2024

There were no startling surprises in the latest MLPerf Inference benchmark (4.0) results released yesterday. Two new workloads — Llama 2 and Stable Diffusion Read more…

Q&A with Nvidia’s Chief of DGX Systems on the DGX-GB200 Rack-scale System

March 27, 2024

Pictures of Nvidia's new flagship mega-server, the DGX GB200, on the GTC show floor got favorable reactions on social media for the sheer amount of computing po Read more…

NVLink: Faster Interconnects and Switches to Help Relieve Data Bottlenecks

March 25, 2024

Nvidia’s new Blackwell architecture may have stolen the show this week at the GPU Technology Conference in San Jose, California. But an emerging bottleneck at Read more…

Who is David Blackwell?

March 22, 2024

During GTC24, co-founder and president of NVIDIA Jensen Huang unveiled the Blackwell GPU. This GPU itself is heavily optimized for AI work, boasting 192GB of HB Read more…

Nvidia Looks to Accelerate GenAI Adoption with NIM

March 19, 2024

Today at the GPU Technology Conference, Nvidia launched a new offering aimed at helping customers quickly deploy their generative AI applications in a secure, s Read more…

The Generative AI Future Is Now, Nvidia’s Huang Says

March 19, 2024

We are in the early days of a transformative shift in how business gets done thanks to the advent of generative AI, according to Nvidia CEO and cofounder Jensen Read more…

Nvidia’s New Blackwell GPU Can Train AI Models with Trillions of Parameters

March 18, 2024

Nvidia's latest and fastest GPU, codenamed Blackwell, is here and will underpin the company's AI plans this year. The chip offers performance improvements from Read more…

Nvidia Showcases Quantum Cloud, Expanding Quantum Portfolio at GTC24

March 18, 2024

Nvidia’s barrage of quantum news at GTC24 this week includes new products, signature collaborations, and a new Nvidia Quantum Cloud for quantum developers. Wh Read more…

Alibaba Shuts Down its Quantum Computing Effort

November 30, 2023

In case you missed it, China’s e-commerce giant Alibaba has shut down its quantum computing research effort. It’s not entirely clear what drove the change. Read more…

Nvidia H100: Are 550,000 GPUs Enough for This Year?

August 17, 2023

The GPU Squeeze continues to place a premium on Nvidia H100 GPUs. In a recent Financial Times article, Nvidia reports that it expects to ship 550,000 of its lat Read more…

Shutterstock 1285747942

AMD’s Horsepower-packed MI300X GPU Beats Nvidia’s Upcoming H200

December 7, 2023

AMD and Nvidia are locked in an AI performance battle – much like the gaming GPU performance clash the companies have waged for decades. AMD has claimed it Read more…

DoD Takes a Long View of Quantum Computing

December 19, 2023

Given the large sums tied to expensive weapon systems – think $100-million-plus per F-35 fighter – it’s easy to forget the U.S. Department of Defense is a Read more…

Synopsys Eats Ansys: Does HPC Get Indigestion?

February 8, 2024

Recently, it was announced that Synopsys is buying HPC tool developer Ansys. Started in Pittsburgh, Pa., in 1970 as Swanson Analysis Systems, Inc. (SASI) by John Swanson (and eventually renamed), Ansys serves the CAE (Computer Aided Engineering)/multiphysics engineering simulation market. Read more…

Choosing the Right GPU for LLM Inference and Training

December 11, 2023

Accelerating the training and inference processes of deep learning models is crucial for unleashing their true potential and NVIDIA GPUs have emerged as a game- Read more…

Intel’s Server and PC Chip Development Will Blur After 2025

January 15, 2024

Intel's dealing with much more than chip rivals breathing down its neck; it is simultaneously integrating a bevy of new technologies such as chiplets, artificia Read more…

Baidu Exits Quantum, Closely Following Alibaba’s Earlier Move

January 5, 2024

Reuters reported this week that Baidu, China’s giant e-commerce and services provider, is exiting the quantum computing development arena. Reuters reported � Read more…

Leading Solution Providers

Contributors

Comparing NVIDIA A100 and NVIDIA L40S: Which GPU is Ideal for AI and Graphics-Intensive Workloads?

October 30, 2023

With long lead times for the NVIDIA H100 and A100 GPUs, many organizations are looking at the new NVIDIA L40S GPU, which it’s a new GPU optimized for AI and g Read more…

Shutterstock 1179408610

Google Addresses the Mysteries of Its Hypercomputer 

December 28, 2023

When Google launched its Hypercomputer earlier this month (December 2023), the first reaction was, "Say what?" It turns out that the Hypercomputer is Google's t Read more…

AMD MI3000A

How AMD May Get Across the CUDA Moat

October 5, 2023

When discussing GenAI, the term "GPU" almost always enters the conversation and the topic often moves toward performance and access. Interestingly, the word "GPU" is assumed to mean "Nvidia" products. (As an aside, the popular Nvidia hardware used in GenAI are not technically... Read more…

Shutterstock 1606064203

Meta’s Zuckerberg Puts Its AI Future in the Hands of 600,000 GPUs

January 25, 2024

In under two minutes, Meta's CEO, Mark Zuckerberg, laid out the company's AI plans, which included a plan to build an artificial intelligence system with the eq Read more…

Google Introduces ‘Hypercomputer’ to Its AI Infrastructure

December 11, 2023

Google ran out of monikers to describe its new AI system released on December 7. Supercomputer perhaps wasn't an apt description, so it settled on Hypercomputer Read more…

China Is All In on a RISC-V Future

January 8, 2024

The state of RISC-V in China was discussed in a recent report released by the Jamestown Foundation, a Washington, D.C.-based think tank. The report, entitled "E Read more…

Intel Won’t Have a Xeon Max Chip with New Emerald Rapids CPU

December 14, 2023

As expected, Intel officially announced its 5th generation Xeon server chips codenamed Emerald Rapids at an event in New York City, where the focus was really o Read more…

IBM Quantum Summit: Two New QPUs, Upgraded Qiskit, 10-year Roadmap and More

December 4, 2023

IBM kicks off its annual Quantum Summit today and will announce a broad range of advances including its much-anticipated 1121-qubit Condor QPU, a smaller 133-qu Read more…

  • arrow
  • Click Here for More Headlines
  • arrow
HPCwire