Compliance Complexity and the Almighty Audit

By Nicole Hemsoth

June 12, 2010

There are a host of issues that often get wrapped into cloud security discussions ranging from network and data security to the protection of private health and financial information, but for many, security means more than just knowing data is security, it means being able to prove it. In great detail, no less.

Growing regulation governing mounting data complicates efforts for technology to keep pace with the law, which for some industries, barriers to migration for private clouds alone can create enormous challenges. What this all boils down to is compliance and what that can be pared down to, at least on the individual enterprise level, is the notion of the much-dreaded audit.

Audits are not a particular concern for all HPC applications in the cloud, certainly, but for sectors like financial services, this concern is enough to dissuade broad adoption of any cloud model — no matter how tenuous it might be at first. Furthermore, since regulation is swift and revisions are frequent, organizations are understandably concerned about how new regulation might influence their current IT environment.

Grounded Concerns Versus Lofty IT Goals

LogLogic, a San Jose, Calif.-based company offering security and log management services, recently released a report that suggested enterprises are focused on security and compliance over new technology investments. More specifically, LogLogic discussed how financial services firms in particular are still hesitant to adopt cloud — no matter what model or approach. According to their survey, “more than 75 percent of respondents are concerned about increasing government regulation” since, shall we say “enhancement” of existing regulatory measures further complicates IT at every level for those who are under the most compliance-related scrutiny.

Although the report did not go into deep specific differences between private and public clouds, it does highlight some of the critical barriers to wider cloud adoption in industries with intense regulation considerations underpinning nearly every single element of IT. The report was based on surveys with members of some of the largest international banking giants as well as numerous investment and insurance firms. It found, not surprisingly, that security was one of the biggest concerns but wrapped up in that overarching (and valid) concern are the more specific matters of transparency.

Compliance and Security Concern Trump Cloud Investments

The financial services sector is one of the most compelling to watch because they have historically been routine early adopters of technological innovation. Throw in a network, however, and the situation changes dramatically, especially with the increasingly stringent regulations that apply to specific HPC applications in the cloud that deal with personal financial and health information, for example. However, with penalities that are stiff enough to bury companies that are not compliant, the obvious driver here is keeping pace with regulation, certainly not investing in “new” technologies and ways of handling IT that might throw them into ruin.

I talked with LogLogic’s Bill Roth and Lex Van Den Berghe about some of the more specific concerns and trends that reflect the hesitancy of the financial services sector and the word that kept cropping up was “audit.” In addition to more generalized issues about data security as a whole, concerns about audits cannot be underestimated.

As Bill Roth of LogLogic noted, “In terms of the level of security required for those in the financial services industry since they’re so heavily regulated, cloud-based providers and HPC in the cloud in general still does not have the security regimes needed to satisfy a lot of regulators.” This statement is not based exclusively on the findings of this one report; the company has carried out similar studies with similar conclusions in the life sciences as well with focus on HIPPA compliance with similar conclusions.

It All Comes Down to the Audit

While LogLogic has a direct stake in helping firms overcome auditing angst, the points Roth and Van Den Berghe makes are difficult to take issue with. When asked about what the primary concern was for those they spoke with during their study, there was no question that fear of the almighty audit and its associated fines was enough to make any enterprise think twice about sending their business into a network.

As Bill Roth notes, “At the fundamental business level it is all about audits; the survey calls out that the two most important regulatory regimes people are concerned about are Sarbanes-Oxley and PCIS for credit card processing. SOX is governmental, PCIS is industry-based — people’s biggest concern is not being audited, not getting fined.

An example of the biggest requirements (two biggest) are section 404 of SOX as well as PCI rule 10. If you go to the site, the list of regulations looks scary but it’s not that much (changing default passwords on firewall) but as rule 10 states — you have to log everything; among other things, you are required to log all state changes to your firewalls so when you have an audit, there is a clear audit trail of what went on in the case of a breach.”

Are New Regulations Taking the Cloud into Account?

There is a new version of PCI specific 1.3 is coming out for final draft June 30 that has been modified to address the cloud specifically and to tighten areas of concern about wireless networking, tokenization and cloud as an overarching concept. Tokenization, which refers to personal information being stored as a token rather than a directly-accessible tide of information, is an important issue in current debates about cloud and compliance since it means that privileged data can be stored in a more secure offsite location. Elements of that are taken into consideration to allay concerns about where data is being stored, which helps appease auditors and lawyers.

Bill Roth added to this thought by discussing the HITECH Act of 2009, which just went into effect in February and now adds stiff penalties in the form of dramatic fines and now jail time to the direct misuse and mishandling of personal information. “The effect of this has been both good and bad — laws like this have a chilling effect on the move to cloud for more conservative companies who will now look several times before they engage, but it also motivates the rest of us to do better on security and auditing frameworks and technologies to roll things out sooner — the point is, no one wants to wear an orange jumpsuit.”

It’s Not Just the Enterprise That Should Be Worried…

There is no doubt that the increase in regulation is going to affect far more than the enterprises as they make sure they are compliant. Cloud vendors are going to face mounting challenges as well as they tailor their agreements to be suitable for those businesses who have made the brave decision to put some of their operations into the public cloud in particular.

Chris Hoff, a network and information security architecture expert who currently serves as the Director of Cloud and Virtualization and Data Center Solutions at Cisco Systems stated in January, “Almost all of the cloud providers I have spoken to are being absolutely hammered by customers acting on their ‘right to audit’ clauses in contracts. This is a change in behavior. Most customers have traditionally not acted on these clauses as they used them more as contingency/insurance options. With the uncertainty relating to confidentiality, integrity and availability of cloud services, this is no more. Cloud providers continue to lament that they really, really want a standardized way of responding to these requests.”

Compliance and auditing over time could mean that the ever-so attractive cloud pricing models that have brought some on board already could start to increase as cloud vendors keep pace with the staffing and support required to contend with their end of agreements.

The ultimate question becomes to what degree will compliance alone negate the benefits of using clouds in the first place? And moreover, why should firms bother with clouds when they have much bigger metaphorical fish to fry?

For more on the regulatory environment for another sector that this is of particular importance to, the life sciences industry, check out some of the more recent posts from Bruce Maches.

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

Musk’s Latest Startup Eyes Brain-Computer Links

April 21, 2017

Elon Musk, the auto and space entrepreneur and severe critic of artificial intelligence, is forming a new venture that reportedly will seek to develop an interface between the human brain and computers. Read more…

By George Leopold

MIT Mathematician Spins Up 220,000-Core Google Compute Cluster

April 21, 2017

On Thursday, Google announced that MIT math professor and computational number theorist Andrew V. Sutherland had set a record for the largest Google Compute Engine (GCE) job. Sutherland ran the massive mathematics workload on 220,000 GCE cores using preemptible virtual machine instances. Read more…

By Tiffany Trader

Nvidia P100 Shows 1.3-2.3x Speedup Over K80 GPU on Financial Apps

April 20, 2017

When it comes to the true performance of the latest silicon, every end user knows that the best processor is the one that works best for their application. Read more…

By Tiffany Trader

Quantum Adds Global Smarts to StorNext File System

April 20, 2017

Companies that use Quantum’s StorNext platform to store massive amounts of data this week got a glimpse of new storage capabilities that should make it easier to access their data horde from anywhere in the world. Read more…

By Alex Woodie

HPE Extreme Performance Solutions

HPC-Driven Weather Simulations Improving Forecasting Capabilities

In September of 1938, a massive hurricane traversed the Atlantic Ocean and made landfall in New England. Due to inadequate and incorrect forecasting, the storm struck farther north and with greater intensity than had been predicted, leaving residents and authorities with virtually no warning or time to properly prepare. Read more…

Scaling an HPC Career in Nepal Can Be a Steep Climb

April 20, 2017

Umesh Upadhyaya works as an IT Associate at the International Centre for Integrated Mountain Development (ICIMOD) in Nepal, which supports the country’s one and only HPC facility. He is directly involved in an initiative that focuses on climate change and atmosphere modeling Read more…

By Nages Sieslack

Hyperion (IDC) Paints a Bullish Picture of HPC Future

April 20, 2017

Hyperion Research – formerly IDC’s HPC group – yesterday painted a fascinating and complicated portrait of the HPC community’s health and prospects at the HPC User Forum held in Albuquerque, NM. HPC sales are up and growing ($22 billion, all HPC segments, 2016). Read more…

By John Russell

Intel Open Sources All Lustre Work, Brent Gorda Exits

April 19, 2017

In a letter to the Lustre community posted on the Intel website, Vice President of Intel's Data Center Group Trish Damkroger writes that effective immediately the company will be contributing all Lustre development to the open source community. Damkroger also announced that Brent Gorda, General Manager, High Performance Data Division at Intel is leaving the company. Read more…

By Tiffany Trader

Facebook Open Sources Caffe2; Nvidia, Intel Rush to Optimize

April 18, 2017

From its F8 developer conference in San Jose, Calif., today, Facebook announced Caffe2, a new open-source, cross-platform framework for deep learning. Caffe2 is the successor to Caffe, the deep learning framework developed by Berkeley AI Research and community contributors. Read more…

By Tiffany Trader

Hyperion (IDC) Paints a Bullish Picture of HPC Future

April 20, 2017

Hyperion Research – formerly IDC’s HPC group – yesterday painted a fascinating and complicated portrait of the HPC community’s health and prospects at the HPC User Forum held in Albuquerque, NM. HPC sales are up and growing ($22 billion, all HPC segments, 2016). Read more…

By John Russell

Knights Landing Processor with Omni-Path Makes Cloud Debut

April 18, 2017

HPC cloud specialist Rescale is partnering with Intel and HPC resource provider R Systems to offer first-ever cloud access to Xeon Phi "Knights Landing" processors. The infrastructure is based on the 68-core Intel Knights Landing processor with integrated Omni-Path fabric (the 7250F Xeon Phi). Read more…

By Tiffany Trader

CERN openlab Explores New CPU/FPGA Processing Solutions

April 14, 2017

Through a CERN openlab project known as the ‘High-Throughput Computing Collaboration,’ researchers are investigating the use of various Intel technologies in data filtering and data acquisition systems. Read more…

By Linda Barney

DOE Supercomputer Achieves Record 45-Qubit Quantum Simulation

April 13, 2017

In order to simulate larger and larger quantum systems and usher in an age of “quantum supremacy,” researchers are stretching the limits of today’s most advanced supercomputers. Read more…

By Tiffany Trader

Penguin Takes a Run at the Big Cloud Providers

April 12, 2017

HPC specialist Penguin Computing recently re-ran benchmarks from a study of its larger brethren and says the results show its ‘public cloud’ – Penguin on Demand (POD) – is among the leaders in cost and performance. Read more…

By John Russell

Nvidia Responds to Google TPU Benchmarking

April 10, 2017

Nvidia highlights strengths of its newest GPU silicon in response to Google's report on the performance and energy advantages of its custom tensor processor. Read more…

By Tiffany Trader

HPC and the Colocation Datacenter – a Bridge Too Far?

April 7, 2017

A more standardised HPC platform approach is making the running of HPC projects within increasing financial reach. Read more…

By Clive Longbottom, Quocirca

Google Pulls Back the Covers on Its First Machine Learning Chip

April 6, 2017

This week Google released a report detailing the design and performance characteristics of the Tensor Processing Unit (TPU), its custom ASIC for the inference phase of neural networks (NN). Read more…

By Tiffany Trader

Google Pulls Back the Covers on Its First Machine Learning Chip

April 6, 2017

This week Google released a report detailing the design and performance characteristics of the Tensor Processing Unit (TPU), its custom ASIC for the inference phase of neural networks (NN). Read more…

By Tiffany Trader

Quantum Bits: D-Wave and VW; Google Quantum Lab; IBM Expands Access

March 21, 2017

For a technology that’s usually characterized as far off and in a distant galaxy, quantum computing has been steadily picking up steam. Read more…

By John Russell

Trump Budget Targets NIH, DOE, and EPA; No Mention of NSF

March 16, 2017

President Trump’s proposed U.S. fiscal 2018 budget issued today sharply cuts science spending while bolstering military spending as he promised during the campaign. Read more…

By John Russell

HPC Compiler Company PathScale Seeks Life Raft

March 23, 2017

HPCwire has learned that HPC compiler company PathScale has fallen on difficult times and is asking the community for help or actively seeking a buyer for its assets. Read more…

By Tiffany Trader

Nvidia Responds to Google TPU Benchmarking

April 10, 2017

Nvidia highlights strengths of its newest GPU silicon in response to Google's report on the performance and energy advantages of its custom tensor processor. Read more…

By Tiffany Trader

For IBM/OpenPOWER: Success in 2017 = (Volume) Sales

January 11, 2017

To a large degree IBM and the OpenPOWER Foundation have done what they said they would – assembling a substantial and growing ecosystem and bringing Power-based products to market, all in about three years. Read more…

By John Russell

CPU-based Visualization Positions for Exascale Supercomputing

March 16, 2017

In this contributed perspective piece, Intel’s Jim Jeffers makes the case that CPU-based visualization is now widely adopted and as such is no longer a contrarian view, but is rather an exascale requirement. Read more…

By Jim Jeffers, Principal Engineer and Engineering Leader, Intel

TSUBAME3.0 Points to Future HPE Pascal-NVLink-OPA Server

February 17, 2017

Since our initial coverage of the TSUBAME3.0 supercomputer yesterday, more details have come to light on this innovative project. Of particular interest is a new board design for NVLink-equipped Pascal P100 GPUs that will create another entrant to the space currently occupied by Nvidia's DGX-1 system, IBM's "Minsky" platform and the Supermicro SuperServer (1028GQ-TXR). Read more…

By Tiffany Trader

Leading Solution Providers

Tokyo Tech’s TSUBAME3.0 Will Be First HPE-SGI Super

February 16, 2017

In a press event Friday afternoon local time in Japan, Tokyo Institute of Technology (Tokyo Tech) announced its plans for the TSUBAME3.0 supercomputer, which will be Japan’s “fastest AI supercomputer,” Read more…

By Tiffany Trader

IBM Wants to be “Red Hat” of Deep Learning

January 26, 2017

IBM today announced the addition of TensorFlow and Chainer deep learning frameworks to its PowerAI suite of deep learning tools, which already includes popular offerings such as Caffe, Theano, and Torch. Read more…

By John Russell

Is Liquid Cooling Ready to Go Mainstream?

February 13, 2017

Lost in the frenzy of SC16 was a substantial rise in the number of vendors showing server oriented liquid cooling technologies. Three decades ago liquid cooling was pretty much the exclusive realm of the Cray-2 and IBM mainframe class products. That’s changing. We are now seeing an emergence of x86 class server products with exotic plumbing technology ranging from Direct-to-Chip to servers and storage completely immersed in a dielectric fluid. Read more…

By Steve Campbell

BioTeam’s Berman Charts 2017 HPC Trends in Life Sciences

January 4, 2017

Twenty years ago high performance computing was nearly absent from life sciences. Today it’s used throughout life sciences and biomedical research. Genomics and the data deluge from modern lab instruments are the main drivers, but so is the longer-term desire to perform predictive simulation in support of Precision Medicine (PM). There’s even a specialized life sciences supercomputer, ‘Anton’ from D.E. Shaw Research, and the Pittsburgh Supercomputing Center is standing up its second Anton 2 and actively soliciting project proposals. There’s a lot going on. Read more…

By John Russell

HPC Startup Advances Auto-Parallelization’s Promise

January 23, 2017

The shift from single core to multicore hardware has made finding parallelism in codes more important than ever, but that hasn’t made the task of parallel programming any easier. Read more…

By Tiffany Trader

HPC Technique Propels Deep Learning at Scale

February 21, 2017

Researchers from Baidu’s Silicon Valley AI Lab (SVAIL) have adapted a well-known HPC communication technique to boost the speed and scale of their neural network training and now they are sharing their implementation with the larger deep learning community. Read more…

By Tiffany Trader

US Supercomputing Leaders Tackle the China Question

March 15, 2017

Joint DOE-NSA report responds to the increased global pressures impacting the competitiveness of U.S. supercomputing. Read more…

By Tiffany Trader

IDG to Be Bought by Chinese Investors; IDC to Spin Out HPC Group

January 19, 2017

US-based publishing and investment firm International Data Group, Inc. (IDG) will be acquired by a pair of Chinese investors, China Oceanwide Holdings Group Co., Ltd. Read more…

By Tiffany Trader

  • arrow
  • Click Here for More Headlines
  • arrow
Share This