In an effort to broaden support for enterprise grid computing, the Enterprise Grid Alliance [EGA] has released...
a paper focusing on risks, threats, security requirements and safer collaboration for the unique environment.
"From our collaborative research over the last year, the EGA determined that enterprise grid environments are better positioned to satisfy a company's security and compliance objectives compared to traditional models of computing [based on] availability and centralized security management," said Lee Cooper, chairman of the Enterprise Grid Alliance Grid Security working group. "By moving away from a 'silo-ed' security management model, enterprise grids allow organizations to more easily manage security configurations and respond rapidly to security events."
"Grid computing puts enterprises in a better position to automate many of the internal controls required by regulatory compliance," added Cooper, who is also director of the security management program at Oracle Corp. "This appears true during initial deployment, as well as throughout the lifetime of the grid.
Formed one year ago by Oracle Corp., Hewlett-Packard Co., Sun Microsystems Inc., and Cisco Systems Inc., among other industry leaders, the EGA is a consortium focused on developing and promoting enterprise grids, which share computer power and data storage capacity.
Because multiple applications can access a single resource, grid computing can magnify security issues. Risks of potential denial-of-service and access control attacks should be weighed against advantages such as enhanced performance and scaling.
The document provides a basis for collaboration among organizations to help eliminate redundant standards development activities and more quickly eliminate barriers to adoption, said EGA. Future versions will describe how these requirements can be satisfied using new and existing technologies, processes and recommended practices.
A concept the EGA labeled "critical" is Grid Management Entity, which it says will aid organizations with security configurations, segregation of duties, and the provisioning of both identities and grid components.
The Grid Security Working Group will next focus on creating an issues and resolutions document that analyzes existing technology to satisfy security requirements and identify current gaps.