Security — The Dark Side of the Cloud

By Steve Campbell

January 25, 2010

Cloud computing is a new computing paradigm for many but for the rest of us it is simply today’s version of timesharing – Timesharing 2.0. On-demand or pay-for-usage has been the norm for many HPC organizations for several decades. These users either never had the budget for their own computing resources or the project only needed limited access to powerful compute resources.

In that sense, HPC users, like the biggest commercial users, already trust cloud computing with their proprietary applications, data and results. They have been using pay-for-usage services for years and many have evolved from the early days of timesharing. In many cases, supercomputing centers and government research labs provide the compute resources. If you are a commercial HPC user in oil & gas, financial services, manufacturing or other industry, the compute resources will probably be found in the corporate datacenter.

This HPC user community has pioneered the necessary tools to allocate, measure and control access to specific users and projects while protecting the users from unauthorized access or modification of applications and data or malicious erasure or premature disclosure of results. This community also developed sophisticated accounting and charge back software that kept track of everything from CPU cycles to memory usage to access time and storage used. Suffice it to say that HPC users are well ahead of their counterparts in the commercial datacenter, and the latter would do well to look toward the former for some guidance in this area.

Without a doubt, the biggest challenge to cloud computing is security – the dark side of the cloud. In the cloud paradigm, the user community does not or should not care about the physical side of business operations. In most cases, the physical infrastructure is housed, managed and owned by a third party, and you pay for resources used just like the electric and gas utilities. Despite all these wonderful capabilities and features, security remains as much of a concern for the HPC community as it does for the consumers concerned about protecting their identity and credit card information.

Imagine for a moment the business ramifications if the results of critical drug data or aircraft design were changed and compromised by malicious activity or they were released to the world prematurely. The real and intangible costs to your company can be devastating.

Threats to the network and information security have been occurring for decades, nothing new. However, the complexity and scale of attacks are rising at an alarming rate, presenting organizations with a huge challenge as they struggle to defend against this ever-present threat. Today, cybercrime is more lucrative and less risky than other forms of criminal activity. Threat levels and attacks are on the rise, striking more and more businesses. Estimates for disruption, data theft and other nefarious activities were pegged at a staggering $1 trillion for 2008. Certainly more than a round-off error!

Just this month, the news headlines in CNET News include “Google China insiders may have helped with attack” and in the Wall Street Journal: “Fallout From Cyber Attack Spreads.” CCTV.com reported, “China’s largest search engine paralyzed in cyber-attack….” And a ZDNet headline on Jan. 21 read: “Microsoft knew of IE zero-day flaw since last September.”

In July 2009, the associatedcontent.com headlines read “Near-Simultaneous Cyber Attacks Down U.S. Government Websites.” The article reported that the attack targeted the “White House, Pentagon, NYSE, Secret Service, NSA, Homeland Security, State, Nasdaq, Treasury, FAA, FTC, and DOT Websites.”

The low risk and low-cost of entry of cyber-crime make it an attractive and lucrative “business.” Cloud-based computing exacerbates the situation by facilitating access to increasing amounts of information. IT organizations have a hard enough time defending their in-house private cloud resources. Companies offering public cloud, pay-for-usage models are faced with a more difficult challenge since they must serve multiple organizations on the same platform. At the same time, there is an opportunity for innovation of flexible cloud-based security service offerings.

The criminal element employs powerful tools such as botnets, enabling attackers to infiltrate large numbers of machines. The “2009 Emerging Cyber Threats Report from Georgia Tech Information Security Center (GTISC)” estimates that botnet-affected machines may comprise 15 percent of online computers. Another report compiled by Panda Labs estimates that in the second quarter of 2008 10 million botnet computers were used to distribute spam and malware across the Internet each day. With the growth of the cloud paradigm, more and more mission critical information will flow over the Web to publicly-hosted cloud services. The conventional wisdom of defending the perimeter is insufficient for this dynamic distributed environment. One element in common across commercial enterprise applications is that users must consider security before signing up for public cloud services.

During SC09, I met with many of the HPC infrastructure vendors and also spoke with some real-world HPC cloud users about the concerns they have using cloud computing for their workloads. (This was not a structured industry survey.) Some did express concerns about security but mainly in the context of using public cloud resources versus their private cloud resources. However, they also expressed concerns about transitioning their HPC workloads from in-house resources to external public cloud resources, as it is a very different scenario and from commercial workloads. From a security standpoint the concerns ranged from unauthorized access to exposure of critical information to malicious activity. Additional concerns include the movement and encryption of data to public clouds and the subsequent persistence once workloads have been completed. Has the data really been deleted? It is all about the data integrity.

HPC users often have many options available for running their workloads. For example, an academic user may have access to in-house central computing resources shared between multiple departments, or even access to large-scale supercomputing centers. In this environment the user data, results and applications are still very much ‘in-house’ and even though there is some security risk, the users are better protected in this environment. HPC users in private industry, especially those in large-scale multinational companies, may have the option of private clouds available for their workloads, and like HPC academic users, have fewer security concerns. However, if the HPC user is looking at commercial third-party cloud providers of public clouds, whether it is Amazon’s EC2, Google’s App Engine or better still, HPC-specific cloud vendors, they should spend the time to ensure that these vendors fully address their security issues, encryption, and persistence.

To those organizations that do not have internal private clouds and want to use cloud computing from a third party vendor, I recommend you consider the following five security evaluation criteria:

  1. Evaluate the vendor’s security features very carefully. Ensure that they provide more than just password-protected access.
     
  2. Look into the collaboration tools and resource sharing to prevent data leakage. Security is all about the data.
     
  3. Look into authentication and the basic infrastructure security. What happens in the event of a disaster? What’s their disaster recovery plan, backup procedures and how often do they test this process? Has the provider ever had a failure or security breach and if so what happened?
     
  4. Can they build a private cloud for your workload? What’s their data persistence policy? Can they guarantee data transfer security form in-house resources to public cloud?
     
  5. Ask to review their best practices policy and procedures and check to see if it includes security audits and regular testing.

Cloud computing is not so much a new technology as it is a new delivery model, but its impact will be enormous. Research firm IDC estimated that worldwide cloud services in 2009 were $17.4 billion, and are forecasted to grow to $44.2 billion in 2013. The economies of scale and centralized resources create new security challenges to an already stressed IT infrastructure.

This concentration of resources and data will be a tempting target for cyber criminals. Consequently, cloud-based security must be more robust. Spend the time to evaluate the security and make sure it is designed in and not added on after a breach. Partner with a trusted vendor. And if in doubt, seek advice.

About the Author

Steve Campbell, an HPC Industry Consultant and HPC/Cloud Evangelist, has held senior VP positions in product management and product marketing for HPC and Enterprise vendors. Campbell has served in the vice president of marketing capacity for Hitachi, Sun Microsystems, FPS Computing and has also had lead marketing roles in Convex Computer Corporation and Scientific Computer Systems. Campbell has also served on the boards of and as interim CEO/CMO of several early-stage technology companies.

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

IBM Unveils Latest Achievements in AI Hardware

December 13, 2019

“The increased capabilities of contemporary AI models provide unprecedented recognition accuracy, but often at the expense of larger computational and energetic effort,” IBM Research wrote in a blog post. “Therefor Read more…

By Oliver Peckham

Focused on ‘Silicon TAM,’ Intel Puts Gary Patton, Former GlobalFoundries CTO, in Charge of Design Enablement

December 12, 2019

Change within Intel’s upper management – and to its company mission – has continued as a published report has disclosed that chip technology heavyweight Gary Patton, GlobalFoundries’ CTO and R&D SVP as well a Read more…

By Doug Black

Quantum Bits: Rigetti Debuts New Gates, D-Wave Cuts NEC Deal, AWS Jumps into the Quantum Pool

December 12, 2019

There’s been flurry of significant news in the quantum computing world. Yesterday, Rigetti introduced a new family of gates that reduces circuit depth required on some problems and D-Wave struck a deal with NEC to coll Read more…

By John Russell

How Formula 1 Used Cloud HPC to Build the Next Generation of Racing

December 12, 2019

Formula 1, Rob Smedley explained, is maybe the biggest racing spectacle in the world, with five hundred million fans tuning in for every race. Smedley, a chief engineer with Formula 1’s performance engineering and anal Read more…

By Oliver Peckham

RPI Powers Up ‘AiMOS’ AI Supercomputer

December 11, 2019

Designed to push the frontiers of computing chip and systems performance optimized for AI workloads, an 8 petaflops (Linpack) IBM Power9-based supercomputer has been unveiled in upstate New York that will be used by IBM Read more…

By Doug Black

AWS Solution Channel

Making High Performance Computing Affordable and Accessible for Small and Medium Businesses with HPC on AWS

High performance computing (HPC) brings a powerful set of tools to a broad range of industries, helping to drive innovation and boost revenue in finance, genomics, oil and gas extraction, and other fields. Read more…

IBM Accelerated Insights

GPU Scheduling and Resource Accounting: The Key to an Efficient AI Data Center

[Connect with LSF users and learn new skills in the IBM Spectrum LSF User Community!]

GPUs are the new CPUs

GPUs have become a staple technology in modern HPC and AI data centers. Read more…

At SC19: Developing a Digital Twin

December 11, 2019

In the not too distant future, we can expect to see our skies filled with unmanned aerial vehicles (UAVs) delivering packages, maybe even people, from location to location. In such a world, there will also be a digital twin for each UAV in the fleet: a virtual model that will follow the UAV through its existence, evolving with time. Read more…

By Aaron Dubrow

Focused on ‘Silicon TAM,’ Intel Puts Gary Patton, Former GlobalFoundries CTO, in Charge of Design Enablement

December 12, 2019

Change within Intel’s upper management – and to its company mission – has continued as a published report has disclosed that chip technology heavyweight G Read more…

By Doug Black

Quantum Bits: Rigetti Debuts New Gates, D-Wave Cuts NEC Deal, AWS Jumps into the Quantum Pool

December 12, 2019

There’s been flurry of significant news in the quantum computing world. Yesterday, Rigetti introduced a new family of gates that reduces circuit depth require Read more…

By John Russell

RPI Powers Up ‘AiMOS’ AI Supercomputer

December 11, 2019

Designed to push the frontiers of computing chip and systems performance optimized for AI workloads, an 8 petaflops (Linpack) IBM Power9-based supercomputer has Read more…

By Doug Black

At SC19: Developing a Digital Twin

December 11, 2019

In the not too distant future, we can expect to see our skies filled with unmanned aerial vehicles (UAVs) delivering packages, maybe even people, from location to location. In such a world, there will also be a digital twin for each UAV in the fleet: a virtual model that will follow the UAV through its existence, evolving with time. Read more…

By Aaron Dubrow

Intel’s Jim Clarke on its New Cryo-controller and why Intel isn’t Late to the Quantum Party

December 9, 2019

Intel today introduced the ‘first-of-its-kind’ cryo-controller chip for quantum computing and previewed a cryo-prober tool for characterizing quantum proces Read more…

By John Russell

On the Spack Track @SC19

December 5, 2019

At the annual supercomputing conference, SC19 in Denver, Colorado, there were Spack events each day of the conference. As a reflection of its grassroots heritage, nine sessions were planned by more than a dozen thought leaders from seven organizations, including three U.S. national Department of Energy (DOE) laboratories and Sylabs... Read more…

By Elizabeth Leake

Intel’s New Hyderabad Design Center Targets Exascale Era Technologies

December 3, 2019

Intel's Raja Koduri was in India this week to help launch a new 300,000 square foot design and engineering center in Hyderabad, which will focus on advanced com Read more…

By Tiffany Trader

AWS Debuts 7nm 2nd-Gen Graviton Arm Processor

December 3, 2019

The “x86 Big Bang,” in which market dominance of the venerable Intel CPU has exploded into fragments of processor options suited to varying workloads, has n Read more…

By Doug Black

Using AI to Solve One of the Most Prevailing Problems in CFD

October 17, 2019

How can artificial intelligence (AI) and high-performance computing (HPC) solve mesh generation, one of the most commonly referenced problems in computational engineering? A new study has set out to answer this question and create an industry-first AI-mesh application... Read more…

By James Sharpe

D-Wave’s Path to 5000 Qubits; Google’s Quantum Supremacy Claim

September 24, 2019

On the heels of IBM’s quantum news last week come two more quantum items. D-Wave Systems today announced the name of its forthcoming 5000-qubit system, Advantage (yes the name choice isn’t serendipity), at its user conference being held this week in Newport, RI. Read more…

By John Russell

DARPA Looks to Propel Parallelism

September 4, 2019

As Moore’s law runs out of steam, new programming approaches are being pursued with the goal of greater hardware performance with less coding. The Defense Advanced Projects Research Agency is launching a new programming effort aimed at leveraging the benefits of massive distributed parallelism with less sweat. Read more…

By George Leopold

Ayar Labs to Demo Photonics Chiplet in FPGA Package at Hot Chips

August 19, 2019

Silicon startup Ayar Labs continues to gain momentum with its DARPA-backed optical chiplet technology that puts advanced electronics and optics on the same chip Read more…

By Tiffany Trader

SC19: IBM Changes Its HPC-AI Game Plan

November 25, 2019

It’s probably fair to say IBM is known for big bets. Summit supercomputer – a big win. Red Hat acquisition – looking like a big win. OpenPOWER and Power processors – jury’s out? At SC19, long-time IBMer Dave Turek sketched out a different kind of bet for Big Blue – a small ball strategy, if you’ll forgive the baseball analogy... Read more…

By John Russell

Cray, Fujitsu Both Bringing Fujitsu A64FX-based Supercomputers to Market in 2020

November 12, 2019

The number of top-tier HPC systems makers has shrunk due to a steady march of M&A activity, but there is increased diversity and choice of processing compon Read more…

By Tiffany Trader

Crystal Ball Gazing: IBM’s Vision for the Future of Computing

October 14, 2019

Dario Gil, IBM’s relatively new director of research, painted a intriguing portrait of the future of computing along with a rough idea of how IBM thinks we’ Read more…

By John Russell

Kubernetes, Containers and HPC

September 19, 2019

Software containers and Kubernetes are important tools for building, deploying, running and managing modern enterprise applications at scale and delivering enterprise software faster and more reliably to the end user — while using resources more efficiently and reducing costs. Read more…

By Daniel Gruber, Burak Yenier and Wolfgang Gentzsch, UberCloud

Leading Solution Providers

SC 2019 Virtual Booth Video Tour

AMD
AMD
CEJN
CJEN
DDN
DDN
MELLANOX
MELLANOX
ONE STOP SYSTEMS
ONE STOP SYSTEMS
PANASAS
PANASAS
SIX NINES IT
SIX NINES IT
VERNE GLOBAL
VERNE GLOBAL
WEKAIO
WEKAIO

Intel Debuts New GPU – Ponte Vecchio – and Outlines Aspirations for oneAPI

November 17, 2019

Intel today revealed a few more details about its forthcoming Xe line of GPUs – the top SKU is named Ponte Vecchio and will be used in Aurora, the first plann Read more…

By John Russell

Dell Ramps Up HPC Testing of AMD Rome Processors

October 21, 2019

Dell Technologies is wading deeper into the AMD-based systems market with a growing evaluation program for the latest Epyc (Rome) microprocessors from AMD. In a Read more…

By John Russell

SC19: Welcome to Denver

November 17, 2019

A significant swath of the HPC community has come to Denver for SC19, which began today (Sunday) with a rich technical program. As is customary, the ribbon cutt Read more…

By Tiffany Trader

When Dense Matrix Representations Beat Sparse

September 9, 2019

In our world filled with unintended consequences, it turns out that saving memory space to help deal with GPU limitations, knowing it introduces performance pen Read more…

By James Reinders

Cerebras to Supply DOE with Wafer-Scale AI Supercomputing Technology

September 17, 2019

Cerebras Systems, which debuted its wafer-scale AI silicon at Hot Chips last month, has entered into a multi-year partnership with Argonne National Laboratory and Lawrence Livermore National Laboratory as part of a larger collaboration with the U.S. Department of Energy... Read more…

By Tiffany Trader

With the Help of HPC, Astronomers Prepare to Deflect a Real Asteroid

September 26, 2019

For years, NASA has been running simulations of asteroid impacts to understand the risks (and likelihoods) of asteroids colliding with Earth. Now, NASA and the European Space Agency (ESA) are preparing for the next, crucial step in planetary defense against asteroid impacts: physically deflecting a real asteroid. Read more…

By Oliver Peckham

Jensen Huang’s SC19 – Fast Cars, a Strong Arm, and Aiming for the Cloud(s)

November 20, 2019

We’ve come to expect Nvidia CEO Jensen Huang’s annual SC keynote to contain stunning graphics and lively bravado (with plenty of examples) in support of GPU Read more…

By John Russell

IBM Opens Quantum Computing Center; Announces 53-Qubit Machine

September 19, 2019

Gauging progress in quantum computing is a tricky thing. IBM yesterday announced the opening of the IBM Quantum Computing Center in New York, with five 20-qubit Read more…

By John Russell

  • arrow
  • Click Here for More Headlines
  • arrow
Do NOT follow this link or you will be banned from the site!
Share This