Security — The Dark Side of the Cloud

By Steve Campbell

January 25, 2010

Cloud computing is a new computing paradigm for many but for the rest of us it is simply today’s version of timesharing – Timesharing 2.0. On-demand or pay-for-usage has been the norm for many HPC organizations for several decades. These users either never had the budget for their own computing resources or the project only needed limited access to powerful compute resources.

In that sense, HPC users, like the biggest commercial users, already trust cloud computing with their proprietary applications, data and results. They have been using pay-for-usage services for years and many have evolved from the early days of timesharing. In many cases, supercomputing centers and government research labs provide the compute resources. If you are a commercial HPC user in oil & gas, financial services, manufacturing or other industry, the compute resources will probably be found in the corporate datacenter.

This HPC user community has pioneered the necessary tools to allocate, measure and control access to specific users and projects while protecting the users from unauthorized access or modification of applications and data or malicious erasure or premature disclosure of results. This community also developed sophisticated accounting and charge back software that kept track of everything from CPU cycles to memory usage to access time and storage used. Suffice it to say that HPC users are well ahead of their counterparts in the commercial datacenter, and the latter would do well to look toward the former for some guidance in this area.

Without a doubt, the biggest challenge to cloud computing is security – the dark side of the cloud. In the cloud paradigm, the user community does not or should not care about the physical side of business operations. In most cases, the physical infrastructure is housed, managed and owned by a third party, and you pay for resources used just like the electric and gas utilities. Despite all these wonderful capabilities and features, security remains as much of a concern for the HPC community as it does for the consumers concerned about protecting their identity and credit card information.

Imagine for a moment the business ramifications if the results of critical drug data or aircraft design were changed and compromised by malicious activity or they were released to the world prematurely. The real and intangible costs to your company can be devastating.

Threats to the network and information security have been occurring for decades, nothing new. However, the complexity and scale of attacks are rising at an alarming rate, presenting organizations with a huge challenge as they struggle to defend against this ever-present threat. Today, cybercrime is more lucrative and less risky than other forms of criminal activity. Threat levels and attacks are on the rise, striking more and more businesses. Estimates for disruption, data theft and other nefarious activities were pegged at a staggering $1 trillion for 2008. Certainly more than a round-off error!

Just this month, the news headlines in CNET News include “Google China insiders may have helped with attack” and in the Wall Street Journal: “Fallout From Cyber Attack Spreads.” CCTV.com reported, “China’s largest search engine paralyzed in cyber-attack….” And a ZDNet headline on Jan. 21 read: “Microsoft knew of IE zero-day flaw since last September.”

In July 2009, the associatedcontent.com headlines read “Near-Simultaneous Cyber Attacks Down U.S. Government Websites.” The article reported that the attack targeted the “White House, Pentagon, NYSE, Secret Service, NSA, Homeland Security, State, Nasdaq, Treasury, FAA, FTC, and DOT Websites.”

The low risk and low-cost of entry of cyber-crime make it an attractive and lucrative “business.” Cloud-based computing exacerbates the situation by facilitating access to increasing amounts of information. IT organizations have a hard enough time defending their in-house private cloud resources. Companies offering public cloud, pay-for-usage models are faced with a more difficult challenge since they must serve multiple organizations on the same platform. At the same time, there is an opportunity for innovation of flexible cloud-based security service offerings.

The criminal element employs powerful tools such as botnets, enabling attackers to infiltrate large numbers of machines. The “2009 Emerging Cyber Threats Report from Georgia Tech Information Security Center (GTISC)” estimates that botnet-affected machines may comprise 15 percent of online computers. Another report compiled by Panda Labs estimates that in the second quarter of 2008 10 million botnet computers were used to distribute spam and malware across the Internet each day. With the growth of the cloud paradigm, more and more mission critical information will flow over the Web to publicly-hosted cloud services. The conventional wisdom of defending the perimeter is insufficient for this dynamic distributed environment. One element in common across commercial enterprise applications is that users must consider security before signing up for public cloud services.

During SC09, I met with many of the HPC infrastructure vendors and also spoke with some real-world HPC cloud users about the concerns they have using cloud computing for their workloads. (This was not a structured industry survey.) Some did express concerns about security but mainly in the context of using public cloud resources versus their private cloud resources. However, they also expressed concerns about transitioning their HPC workloads from in-house resources to external public cloud resources, as it is a very different scenario and from commercial workloads. From a security standpoint the concerns ranged from unauthorized access to exposure of critical information to malicious activity. Additional concerns include the movement and encryption of data to public clouds and the subsequent persistence once workloads have been completed. Has the data really been deleted? It is all about the data integrity.

HPC users often have many options available for running their workloads. For example, an academic user may have access to in-house central computing resources shared between multiple departments, or even access to large-scale supercomputing centers. In this environment the user data, results and applications are still very much ‘in-house’ and even though there is some security risk, the users are better protected in this environment. HPC users in private industry, especially those in large-scale multinational companies, may have the option of private clouds available for their workloads, and like HPC academic users, have fewer security concerns. However, if the HPC user is looking at commercial third-party cloud providers of public clouds, whether it is Amazon’s EC2, Google’s App Engine or better still, HPC-specific cloud vendors, they should spend the time to ensure that these vendors fully address their security issues, encryption, and persistence.

To those organizations that do not have internal private clouds and want to use cloud computing from a third party vendor, I recommend you consider the following five security evaluation criteria:

  1. Evaluate the vendor’s security features very carefully. Ensure that they provide more than just password-protected access.
     
  2. Look into the collaboration tools and resource sharing to prevent data leakage. Security is all about the data.
     
  3. Look into authentication and the basic infrastructure security. What happens in the event of a disaster? What’s their disaster recovery plan, backup procedures and how often do they test this process? Has the provider ever had a failure or security breach and if so what happened?
     
  4. Can they build a private cloud for your workload? What’s their data persistence policy? Can they guarantee data transfer security form in-house resources to public cloud?
     
  5. Ask to review their best practices policy and procedures and check to see if it includes security audits and regular testing.

Cloud computing is not so much a new technology as it is a new delivery model, but its impact will be enormous. Research firm IDC estimated that worldwide cloud services in 2009 were $17.4 billion, and are forecasted to grow to $44.2 billion in 2013. The economies of scale and centralized resources create new security challenges to an already stressed IT infrastructure.

This concentration of resources and data will be a tempting target for cyber criminals. Consequently, cloud-based security must be more robust. Spend the time to evaluate the security and make sure it is designed in and not added on after a breach. Partner with a trusted vendor. And if in doubt, seek advice.

About the Author

Steve Campbell, an HPC Industry Consultant and HPC/Cloud Evangelist, has held senior VP positions in product management and product marketing for HPC and Enterprise vendors. Campbell has served in the vice president of marketing capacity for Hitachi, Sun Microsystems, FPS Computing and has also had lead marketing roles in Convex Computer Corporation and Scientific Computer Systems. Campbell has also served on the boards of and as interim CEO/CMO of several early-stage technology companies.

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

CMU’s Latest “Card Shark” – Libratus – is Beating the Poker Pros (Again)

January 20, 2017

It’s starting to look like Carnegie Mellon University has a gambling problem – can’t stay away from the poker table. Read more…

By John Russell

IDG to Be Bought by Chinese Investors; IDC to Spin Out HPC Group

January 19, 2017

US-based publishing and investment firm International Data Group, Inc. (IDG) will be acquired by a pair of Chinese investors, China Oceanwide Holdings Group Co., Ltd. Read more…

By Tiffany Trader

Weekly Twitter Roundup (Jan. 19, 2017)

January 19, 2017

Here at HPCwire, we aim to keep the HPC community apprised of the most relevant and interesting news items that get tweeted throughout the week. Read more…

By Thomas Ayres

France’s CEA and Japan’s RIKEN to Partner on ARM and Exascale

January 19, 2017

France’s CEA and Japan’s RIKEN institute announced a multi-faceted five-year collaboration to advance HPC generally and prepare for exascale computing. Among the particulars are efforts to: build out the ARM ecosystem; work on code development and code sharing on the existing and future platforms; share expertise in specific application areas (material and seismic sciences for example); improve techniques for using numerical simulation with big data; and expand HPC workforce training. It seems to be a very full agenda. Read more…

By Nishi Katsuya and John Russell

HPE Extreme Performance Solutions

Remote Visualization: An Integral Technology for Upstream Oil & Gas

As the exploration and production (E&P) of natural resources evolves into an even more complex and vital task, visualization technology has become integral for the upstream oil and gas industry. Read more…

ARM Waving: Attention, Deployments, and Development

January 18, 2017

It’s been a heady two weeks for the ARM HPC advocacy camp. At this week’s Mont-Blanc Project meeting held at the Barcelona Supercomputer Center, Cray announced plans to build an ARM-based supercomputer in the U.K. while Mont-Blanc selected Cavium’s ThunderX2 ARM chip for its third phase of development. Last week, France’s CEA and Japan’s Riken announced a deep collaboration aimed largely at fostering the ARM ecosystem. This activity follows a busy 2016 when SoftBank acquired ARM, OpenHPC announced ARM support, ARM released its SVE spec, Fujistu chose ARM for the post K machine, and ARM acquired HPC tool provider Allinea in December. Read more…

By John Russell

Women Coders from Russia, Italy, and Poland Top Study

January 17, 2017

According to a study posted on HackerRank today the best women coders as judged by performance on HackerRank challenges come from Russia, Italy, and Poland. Read more…

By John Russell

Spurred by Global Ambitions, Inspur in Joint HPC Deal with DDN

January 17, 2017

Inspur, the fast-growth cloud computing and server vendor from China that has several systems on the current Top500 list, and DDN, a leader in high-end storage, have announced a joint sales and marketing agreement to produce solutions based on DDN storage platforms integrated with servers, networking, software and services from Inspur. Read more…

By Doug Black

Weekly Twitter Roundup (Jan. 12, 2017)

January 12, 2017

Here at HPCwire, we aim to keep the HPC community apprised of the most relevant and interesting news items that get tweeted throughout the week. Read more…

By Thomas Ayres

IDG to Be Bought by Chinese Investors; IDC to Spin Out HPC Group

January 19, 2017

US-based publishing and investment firm International Data Group, Inc. (IDG) will be acquired by a pair of Chinese investors, China Oceanwide Holdings Group Co., Ltd. Read more…

By Tiffany Trader

France’s CEA and Japan’s RIKEN to Partner on ARM and Exascale

January 19, 2017

France’s CEA and Japan’s RIKEN institute announced a multi-faceted five-year collaboration to advance HPC generally and prepare for exascale computing. Among the particulars are efforts to: build out the ARM ecosystem; work on code development and code sharing on the existing and future platforms; share expertise in specific application areas (material and seismic sciences for example); improve techniques for using numerical simulation with big data; and expand HPC workforce training. It seems to be a very full agenda. Read more…

By Nishi Katsuya and John Russell

ARM Waving: Attention, Deployments, and Development

January 18, 2017

It’s been a heady two weeks for the ARM HPC advocacy camp. At this week’s Mont-Blanc Project meeting held at the Barcelona Supercomputer Center, Cray announced plans to build an ARM-based supercomputer in the U.K. while Mont-Blanc selected Cavium’s ThunderX2 ARM chip for its third phase of development. Last week, France’s CEA and Japan’s Riken announced a deep collaboration aimed largely at fostering the ARM ecosystem. This activity follows a busy 2016 when SoftBank acquired ARM, OpenHPC announced ARM support, ARM released its SVE spec, Fujistu chose ARM for the post K machine, and ARM acquired HPC tool provider Allinea in December. Read more…

By John Russell

Spurred by Global Ambitions, Inspur in Joint HPC Deal with DDN

January 17, 2017

Inspur, the fast-growth cloud computing and server vendor from China that has several systems on the current Top500 list, and DDN, a leader in high-end storage, have announced a joint sales and marketing agreement to produce solutions based on DDN storage platforms integrated with servers, networking, software and services from Inspur. Read more…

By Doug Black

For IBM/OpenPOWER: Success in 2017 = (Volume) Sales

January 11, 2017

To a large degree IBM and the OpenPOWER Foundation have done what they said they would – assembling a substantial and growing ecosystem and bringing Power-based products to market, all in about three years. Read more…

By John Russell

UberCloud Cites Progress in HPC Cloud Computing

January 10, 2017

200 HPC cloud experiments, 80 case studies, and a ton of hands-on experience gained, that’s the harvest of four years of UberCloud HPC Experiments. Read more…

By Wolfgang Gentzsch and Burak Yenier

A Conversation with Women in HPC Director Toni Collis

January 6, 2017

In this SC16 video interview, HPCwire Managing Editor Tiffany Trader sits down with Toni Collis, the director and founder of the Women in HPC (WHPC) network, to discuss the strides made since the organization’s debut in 2014. Read more…

By Tiffany Trader

BioTeam’s Berman Charts 2017 HPC Trends in Life Sciences

January 4, 2017

Twenty years ago high performance computing was nearly absent from life sciences. Today it’s used throughout life sciences and biomedical research. Genomics and the data deluge from modern lab instruments are the main drivers, but so is the longer-term desire to perform predictive simulation in support of Precision Medicine (PM). There’s even a specialized life sciences supercomputer, ‘Anton’ from D.E. Shaw Research, and the Pittsburgh Supercomputing Center is standing up its second Anton 2 and actively soliciting project proposals. There’s a lot going on. Read more…

By John Russell

AWS Beats Azure to K80 General Availability

September 30, 2016

Amazon Web Services has seeded its cloud with Nvidia Tesla K80 GPUs to meet the growing demand for accelerated computing across an increasingly-diverse range of workloads. The P2 instance family is a welcome addition for compute- and data-focused users who were growing frustrated with the performance limitations of Amazon's G2 instances, which are backed by three-year-old Nvidia GRID K520 graphics cards. Read more…

By Tiffany Trader

US, China Vie for Supercomputing Supremacy

November 14, 2016

The 48th edition of the TOP500 list is fresh off the presses and while there is no new number one system, as previously teased by China, there are a number of notable entrants from the US and around the world and significant trends to report on. Read more…

By Tiffany Trader

For IBM/OpenPOWER: Success in 2017 = (Volume) Sales

January 11, 2017

To a large degree IBM and the OpenPOWER Foundation have done what they said they would – assembling a substantial and growing ecosystem and bringing Power-based products to market, all in about three years. Read more…

By John Russell

Vectors: How the Old Became New Again in Supercomputing

September 26, 2016

Vector instructions, once a powerful performance innovation of supercomputing in the 1970s and 1980s became an obsolete technology in the 1990s. But like the mythical phoenix bird, vector instructions have arisen from the ashes. Here is the history of a technology that went from new to old then back to new. Read more…

By Lynd Stringer

Container App ‘Singularity’ Eases Scientific Computing

October 20, 2016

HPC container platform Singularity is just six months out from its 1.0 release but already is making inroads across the HPC research landscape. It's in use at Lawrence Berkeley National Laboratory (LBNL), where Singularity founder Gregory Kurtzer has worked in the High Performance Computing Services (HPCS) group for 16 years. Read more…

By Tiffany Trader

Dell EMC Engineers Strategy to Democratize HPC

September 29, 2016

The freshly minted Dell EMC division of Dell Technologies is on a mission to take HPC mainstream with a strategy that hinges on engineered solutions, beginning with a focus on three industry verticals: manufacturing, research and life sciences. "Unlike traditional HPC where everybody bought parts, assembled parts and ran the workloads and did iterative engineering, we want folks to focus on time to innovation and let us worry about the infrastructure," said Jim Ganthier, senior vice president, validated solutions organization at Dell EMC Converged Platforms Solution Division. Read more…

By Tiffany Trader

Lighting up Aurora: Behind the Scenes at the Creation of the DOE’s Upcoming 200 Petaflops Supercomputer

December 1, 2016

In April 2015, U.S. Department of Energy Undersecretary Franklin Orr announced that Intel would be the prime contractor for Aurora: Read more…

By Jan Rowell

Enlisting Deep Learning in the War on Cancer

December 7, 2016

Sometime in Q2 2017 the first ‘results’ of the Joint Design of Advanced Computing Solutions for Cancer (JDACS4C) will become publicly available according to Rick Stevens. He leads one of three JDACS4C pilot projects pressing deep learning (DL) into service in the War on Cancer. Read more…

By John Russell

Leading Solution Providers

D-Wave SC16 Update: What’s Bo Ewald Saying These Days

November 18, 2016

Tucked in a back section of the SC16 exhibit hall, quantum computing pioneer D-Wave has been talking up its new 2000-qubit processor announced in September. Forget for a moment the criticism sometimes aimed at D-Wave. This small Canadian company has sold several machines including, for example, ones to Lockheed and NASA, and has worked with Google on mapping machine learning problems to quantum computing. In July Los Alamos National Laboratory took possession of a 1000-quibit D-Wave 2X system that LANL ordered a year ago around the time of SC15. Read more…

By John Russell

CPU Benchmarking: Haswell Versus POWER8

June 2, 2015

With OpenPOWER activity ramping up and IBM’s prominent role in the upcoming DOE machines Summit and Sierra, it’s a good time to look at how the IBM POWER CPU stacks up against the x86 Xeon Haswell CPU from Intel. Read more…

By Tiffany Trader

Nvidia Sees Bright Future for AI Supercomputing

November 23, 2016

Graphics chipmaker Nvidia made a strong showing at SC16 in Salt Lake City last week. Read more…

By Tiffany Trader

Beyond von Neumann, Neuromorphic Computing Steadily Advances

March 21, 2016

Neuromorphic computing – brain inspired computing – has long been a tantalizing goal. The human brain does with around 20 watts what supercomputers do with megawatts. And power consumption isn’t the only difference. Fundamentally, brains ‘think differently’ than the von Neumann architecture-based computers. While neuromorphic computing progress has been intriguing, it has still not proven very practical. Read more…

By John Russell

BioTeam’s Berman Charts 2017 HPC Trends in Life Sciences

January 4, 2017

Twenty years ago high performance computing was nearly absent from life sciences. Today it’s used throughout life sciences and biomedical research. Genomics and the data deluge from modern lab instruments are the main drivers, but so is the longer-term desire to perform predictive simulation in support of Precision Medicine (PM). There’s even a specialized life sciences supercomputer, ‘Anton’ from D.E. Shaw Research, and the Pittsburgh Supercomputing Center is standing up its second Anton 2 and actively soliciting project proposals. There’s a lot going on. Read more…

By John Russell

The Exascale Computing Project Awards $39.8M to 22 Projects

September 7, 2016

The Department of Energy’s Exascale Computing Project (ECP) hit an important milestone today with the announcement of its first round of funding, moving the nation closer to its goal of reaching capable exascale computing by 2023. Read more…

By Tiffany Trader

Dell Knights Landing Machine Sets New STAC Records

November 2, 2016

The Securities Technology Analysis Center, commonly known as STAC, has released a new report characterizing the performance of the Knight Landing-based Dell PowerEdge C6320p server on the STAC-A2 benchmarking suite, widely used by the financial services industry to test and evaluate computing platforms. The Dell machine has set new records for both the baseline Greeks benchmark and the large Greeks benchmark. Read more…

By Tiffany Trader

What Knights Landing Is Not

June 18, 2016

As we get ready to launch the newest member of the Intel Xeon Phi family, code named Knights Landing, it is natural that there be some questions and potentially some confusion. Read more…

By James Reinders, Intel

  • arrow
  • Click Here for More Headlines
  • arrow
Share This