Security in Cloud Computing Not So Different from Security in Telco

By Leslie Guth for SCOPE Alliance

January 4, 2011

During a recent “Cloud Computing in Telecom” SCOPE workshop, presenters and attendees expressed considerable interest in cloud security. Presenter Rao Vasireddy of Alcatel-Lucent, who advocated using “secure by design” principles to secure the cloud, talked to Leslie Guth from SCOPE about his presentation.

LG: What specifically causes concern in cloud security for users and service providers?

RV: According to recent industry research, 72% of organizations are “extremely concerned” or “very concerned” about security in the cloud environment (2010 research firm TheInfoPro). Concerns range from phishing and data loss and recovery to regulatory compliance and everywhere in between.

LG: What are the security concerns when deploying a Telecom application in the cloud?
 
RV: It is often believed that security in cloud computing is completely different than security in a traditional Telco environment. But this is not necessarily true. Many security issues are the same for cloud computing as for traditional IT technologies (e.g. phishing, data loss).

LG: Could you give us a few examples of cloud computing security issues?

RV: Sure. Cloud computing security issues include shared technology vulnerabilities, data loss or leakage, malicious insiders, hijack traffic, insecure API, nefarious use of service or abuse cases and unknown risk profiles. These all pose serious threats to secure cloud computing.

LG: What security concerns are specific to the telecom environment?

RV:  Security concerns in a telecom environment range from secure management, control, and user data/sessions to secure infrastructure, services, and applications. Secure IT, operations and development along with compliance and security by design are also specific to the telecom environment.

LG: You mentioned securing the cloud can be done in much the same way that traditional Telco environments are secured. Could you elaborate on this?

RV: The complex issues of security in a cloud environment need to be simplified with an objective to establish a security baseline by leveraging current practices, standards and well-known security attributes as metrics. For example, key security attributes include access control, authentication/authorization, data confidentiality, privacy, data integrity, data confidentiality and non-repudiation. These metrics can be analyzed to determine where shortcomings or security gaps exist and how countermeasures can be applied.

The “secure by design” process has been useful in the development and maintenance of Telco equipment and solutions. The process has a proven track record in the development and operations of telecom and enterprise solutions. It can be used and adapted by leveraging cloud computing security standards and best practices and lessons learned in the telecom space, for example, leveraging practices such as implementing hardening access privileges.

LG: What are some of the specific attributes of the “secure by design” process that are important to note? 

RV: The “secure by design” process removes or reduces the risk opportunity, sets the perimeter wherever you choose, creates resilience, creates transparency in security, makes access control context-sensitive, certifies the systems and meets compliance regulations.

As an addition, telecom can also leverage traditional cloud computing configurations such as Software as a Service (SaaS), which delivers online services providing traditional and custom on-demand applications; Platforms as a Service (PaaS), an open development platform that allows application developers to build or modify SW for faster and cheaper TTM; and Infrastructure as a Service (IaaS) which facilitates the sell transport, CDN, computing resources on a pay-per-use basis.

LG: What particular aspects of telecom synergy could be leveraged?

RV: Peering, settlement, SLA’s, customer support, multi-vender interoperability, global footprint and mobility can all be leveraged.

LG: Why would the telecom industry want to enter the cloud market and how can “security by design” mitigate the risks?

RV: The telecom industry has new challenges and opportunities. Cloud computing is a new opportunity for telecom, while creating security in this environment is a new challenge.

The need for security in the cloud environment is strong due to an increased need for regulatory compliance, a need to provide a guarantee of security and privacy to protect sensitive corporate data and consumer privacy, and a need to offer a reliable, available service.

“Security by design” is attractive because standards and compliance are built in. Standards enable organizations to build security programs in a consistent and effective manner. “Security by design” standards allow for strong information security organization, unambiguous and up-to-date security policies and awareness, identification of critical assets and risk management, an adaptable information security architecture, security that is integrated in all phases of the product lifecycle, a testable business continuity program, and standards-based security programs.

“Security by design” allows the creation of resilience and transparency and it allows for secure assets, data, and users, anytime, anywhere.

LG: What steps should be taken before employing telecom security standards in cloud computing?

RV: First, it is important to identify potential impacts on standards development and priorities for standards needed to promote and facilitate cloud computing. Also, it is essential to investigate future study items and related actions for fixed and mobile networks and analyze how interoperability can be explored in cloud computing.

Potential impacts on standards development need to be identified. These may include NGN including mobile and overlaying platforms; transport layer technologies; terminals and application aspects over broadband networks; ICT and climate change; management and control including signaling; interface of networks and interoperability; quality of service and security; and distributed media-rich processing and intelligent media coding.

LG: How would you summarize the connection between telecom and security technologies?

RV: In short, telecom and security technologies have a symbiotic relationship. Telecom has a proven track record of security, scalability, reliability, operations, and customer trust. “Security by design” is key to telecom and cloud security. Synergy between cloud and telecom security is driven by common customer and business issues as well as technology and standards. 

Thanks to Rao Vasireddy of Alcatel-Lucent for participating in this interview.

SCOPE Alliance’s recent “Cloud Computing in Telecom” workshop was an important step toward what will be an ongoing security in cloud computing in telecom discussion. We look forward to continuing this discussion as we explore the opportunities that cloud computing can offer users and service providers. We invite those who are interested in this topic to visit the SCOPE website at www.scope-alliance.org and let us know your specific area of interest to help further this discussion.

SCOPE Alliance will be publishing a white paper on this topic in 2011.
 

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

Japan Meteorological Agency Takes Delivery of Pair of Crays

May 21, 2018

Cray has supplied two identical Cray XC50 supercomputers to the Japan Meteorological Agency (JMA) in northwestern Tokyo. Boasting more than 18 petaflops combined peak computing capacity, the new systems will extend the a Read more…

By Tiffany Trader

ASC18: Final Results Revealed & Wrapped Up

May 17, 2018

It was an exciting week at ASC18 in Nanyang, China. The student teams braved extreme heat, extremely difficult applications, and extreme competition in order to cross the cluster competition finish line. The gala awards ceremony took place on Wednesday. The auditorium was packed with student teams, various dignitaries, the media, and other interested parties. So what happened? Read more…

By Dan Olds

ASC18: Tough Applications & Tough Luck

May 17, 2018

The applications at the ASC18 Student Cluster Competition were tough. Tougher than the $3.99 steak special at your local greasy spoon restaurant. The apps are so tough that even Chuck Norris backs away from them slowly. Read more…

By Dan Olds

HPE Extreme Performance Solutions

HPC and AI Convergence is Accelerating New Levels of Intelligence

Data analytics is the most valuable tool in the digital marketplace – so much so that organizations are employing high performance computing (HPC) capabilities to rapidly collect, share, and analyze endless streams of data. Read more…

IBM Accelerated Insights

Mastering the Big Data Challenge in Cognitive Healthcare

Patrick Chain, genomics researcher at Los Alamos National Laboratory, posed a question in a recent blog: What if a nurse could swipe a patient’s saliva and run a quick genetic test to determine if the patient’s sore throat was caused by a cold virus or a bacterial infection? Read more…

Spring Meetings Underscore Quantum Computing’s Rise

May 17, 2018

The month of April 2018 saw four very important and interesting meetings to discuss the state of quantum computing technologies, their potential impacts, and the technology challenges ahead. These discussions happened in Read more…

By Alex R. Larzelere

Japan Meteorological Agency Takes Delivery of Pair of Crays

May 21, 2018

Cray has supplied two identical Cray XC50 supercomputers to the Japan Meteorological Agency (JMA) in northwestern Tokyo. Boasting more than 18 petaflops combine Read more…

By Tiffany Trader

ASC18: Final Results Revealed & Wrapped Up

May 17, 2018

It was an exciting week at ASC18 in Nanyang, China. The student teams braved extreme heat, extremely difficult applications, and extreme competition in order to cross the cluster competition finish line. The gala awards ceremony took place on Wednesday. The auditorium was packed with student teams, various dignitaries, the media, and other interested parties. So what happened? Read more…

By Dan Olds

Spring Meetings Underscore Quantum Computing’s Rise

May 17, 2018

The month of April 2018 saw four very important and interesting meetings to discuss the state of quantum computing technologies, their potential impacts, and th Read more…

By Alex R. Larzelere

Quantum Network Hub Opens in Japan

May 17, 2018

Following on the launch of its Q Commercial quantum network last December with 12 industrial and academic partners, the official Japanese hub at Keio University is now open to facilitate the exploration of quantum applications important to science and business. The news comes a week after IBM announced that North Carolina State University was the first U.S. university to join its Q Network. Read more…

By Tiffany Trader

Democratizing HPC: OSC Releases Version 1.3 of OnDemand

May 16, 2018

Making HPC resources readily available and easier to use for scientists who may have less HPC expertise is an ongoing challenge. Open OnDemand is a project by t Read more…

By John Russell

PRACE 2017 Annual Report: Exascale Aspirations; Industry Collaboration; HPC Training

May 15, 2018

The Partnership for Advanced Computing in Europe (PRACE) today released its annual report showcasing 2017 activities and providing a glimpse into thinking about Read more…

By John Russell

US Forms AI Brain Trust

May 11, 2018

Amid calls for a U.S. strategy for promoting AI development, the Trump administration is forming a senior-level panel to help coordinate government and industry research efforts. The Select Committee on Artificial Intelligence was announced Thursday (May 10) during a White House summit organized by the Office of Science and Technology Policy (OSTP). Read more…

By George Leopold

Emerging Advanced Scale Tech Trends Focus of Annual Tabor Conference

May 9, 2018

At Tabor Communications' annual Advanced Scale Forum (ASF) held this week in Austin, the focus was on enterprise adoption of HPC-class technologies and high performance data analytics (HPDA). It’s a confab that brings together end users (CIOs, IT planners, department heads) and vendors and encourages... Read more…

By the Editorial Team

MLPerf – Will New Machine Learning Benchmark Help Propel AI Forward?

May 2, 2018

Let the AI benchmarking wars begin. Today, a diverse group from academia and industry – Google, Baidu, Intel, AMD, Harvard, and Stanford among them – releas Read more…

By John Russell

How the Cloud Is Falling Short for HPC

March 15, 2018

The last couple of years have seen cloud computing gradually build some legitimacy within the HPC world, but still the HPC industry lies far behind enterprise I Read more…

By Chris Downing

Russian Nuclear Engineers Caught Cryptomining on Lab Supercomputer

February 12, 2018

Nuclear scientists working at the All-Russian Research Institute of Experimental Physics (RFNC-VNIIEF) have been arrested for using lab supercomputing resources to mine crypto-currency, according to a report in Russia’s Interfax News Agency. Read more…

By Tiffany Trader

Nvidia Responds to Google TPU Benchmarking

April 10, 2017

Nvidia highlights strengths of its newest GPU silicon in response to Google's report on the performance and energy advantages of its custom tensor processor. Read more…

By Tiffany Trader

Deep Learning at 15 PFlops Enables Training for Extreme Weather Identification at Scale

March 19, 2018

Petaflop per second deep learning training performance on the NERSC (National Energy Research Scientific Computing Center) Cori supercomputer has given climate Read more…

By Rob Farber

Researchers Measure Impact of ‘Meltdown’ and ‘Spectre’ Patches on HPC Workloads

January 17, 2018

Computer scientists from the Center for Computational Research, State University of New York (SUNY), University at Buffalo have examined the effect of Meltdown Read more…

By Tiffany Trader

AI Cloud Competition Heats Up: Google’s TPUs, Amazon Building AI Chip

February 12, 2018

Competition in the white hot AI (and public cloud) market pits Google against Amazon this week, with Google offering AI hardware on its cloud platform intended Read more…

By Doug Black

US Plans $1.8 Billion Spend on DOE Exascale Supercomputing

April 11, 2018

On Monday, the United States Department of Energy announced its intention to procure up to three exascale supercomputers at a cost of up to $1.8 billion with th Read more…

By Tiffany Trader

Leading Solution Providers

Lenovo Unveils Warm Water Cooled ThinkSystem SD650 in Rampup to LRZ Install

February 22, 2018

This week Lenovo took the wraps off the ThinkSystem SD650 high-density server with third-generation direct water cooling technology developed in tandem with par Read more…

By Tiffany Trader

HPC and AI – Two Communities Same Future

January 25, 2018

According to Al Gara (Intel Fellow, Data Center Group), high performance computing and artificial intelligence will increasingly intertwine as we transition to Read more…

By Rob Farber

Inventor Claims to Have Solved Floating Point Error Problem

January 17, 2018

"The decades-old floating point error problem has been solved," proclaims a press release from inventor Alan Jorgensen. The computer scientist has filed for and Read more…

By Tiffany Trader

Google Chases Quantum Supremacy with 72-Qubit Processor

March 7, 2018

Google pulled ahead of the pack this week in the race toward "quantum supremacy," with the introduction of a new 72-qubit quantum processor called Bristlecone. Read more…

By Tiffany Trader

HPE Wins $57 Million DoD Supercomputing Contract

February 20, 2018

Hewlett Packard Enterprise (HPE) today revealed details of its massive $57 million HPC contract with the U.S. Department of Defense (DoD). The deal calls for HP Read more…

By Tiffany Trader

CFO Steps down in Executive Shuffle at Supermicro

January 31, 2018

Supermicro yesterday announced senior management shuffling including prominent departures, the completion of an audit linked to its delayed Nasdaq filings, and Read more…

By John Russell

Deep Learning Portends ‘Sea Change’ for Oil and Gas Sector

February 1, 2018

The billowing compute and data demands that spurred the oil and gas industry to be the largest commercial users of high-performance computing are now propelling Read more…

By Tiffany Trader

Nvidia Ups Hardware Game with 16-GPU DGX-2 Server and 18-Port NVSwitch

March 27, 2018

Nvidia unveiled a raft of new products from its annual technology conference in San Jose today, and despite not offering up a new chip architecture, there were still a few surprises in store for HPC hardware aficionados. Read more…

By Tiffany Trader

  • arrow
  • Click Here for More Headlines
  • arrow
Share This