Home > Security News > Grid computing and security uncertainties
Security News:
EMAIL THIS LICENSING & REPRINTS

Grid computing and security uncertainties

By Edmund X. DeJesus, Contributor
30 Mar 2006 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Last week, Sun Microsystems Inc. announced the debut of its Sun Grid Compute Utility, available at www.network.com. The world's first grid available for public, commercial use, Sun Grid was created to serve customers big and small needing inexpensive, simple access to large-scale computing resources.

But within hours, Sun Grid was brought to its knees by a distributed denial-of-service (DDOS) attack, necessitating an emergency login procedure change. While grid computing may very well revolutionize enterprise computing, the incident underscores the security risks that could prove quite harrowing for enterprises that rely on grid computing.

On the grid

In a nutshell, a computing grid harnesses the power of thousands of interconnected processors -- and their associated storage -- as a single entity, without the mediation of a network. The resulting grid offers the processing power of a supercomputer for a fraction of the cost.

Grids are nothing new: IBM and Hewlett-Packard Co. already have enterprise-level off-site grids, and the Sun Grid has been available to existing clients since August.

"This provides a terrific way for an organization to test the benefits of grid computing before committing whole-heartedly to a grid approach," suggested Eric Ogren, security analyst with the Milford, Mass.-based Enterprise Strategy Group.

What is new is that vendors and customers alike must now consider grid security as a part of a company's overall security strategy. "With our [grid computing] clients, we spend the most time discussing security," reports David V. Gelardi, IBM's vice president of deep computing. Most grids use a large number of identical processors running identically-configured operating systems, and that uniformity helps grid managers to monitor security issues more easily.

Securing the grid

Naturally, grids are protected from external attacks with the same tools that enterprise networks use, including firewalls, authenticated access, public key cryptography and configuration management. In addition, Sun Grid users must apply for an account and satisfy government requirements.

However, Gelardi said because of the nature of the interaction between a customer and the grid, further security considerations are needed. He said IBM sets up a VPN -- usually hardware-based -- in such a way so that grid processors are moved into the VPN at the start of a session and out at its conclusion. Client-side access to the grid is limited to named users only.

The DDOS attack against Sun Grid "should be very troubling," Gelardi said, citing Sun's lack of experience. However, in Sun's view, the attack illustrated that the system worked just as it should.

Rohit Valia, group product manager for the Sun Grid, said the attack was levied against a sample text-to-speech application that was made available without a login requirement. "When the attack occurred, we took it in stride by moving the application inside where login is required."

Valia noted that applications on the Sun Grid cannot make calls to external machines. In effect, applications run in virtual containers, enforced by both monitoring devices and staff.

Ogren said to control access to sensitive data, grid systems must have authenticated access control, SSL communications, filtering and auditing of sensitive data, and erasure of data after use. Similarly, he said grid hosts must ensure that a previous user or intruder has not left something potentially nasty behind: all code must be wiped out.

Dealing with the grid

Some enterprise security pros may be uncomfortable with using shared resources, but Gelardi believes that psychological barrier can be overcome.

"Business gains absolutely outweigh the security risks," Gelardi said, adding that customers who run a proof-of-concept application often become more comfortable with it.

Ogren said grid computing can be an effective way to speed application time-to-market, affordably test a new computing architecture or reduce costs of an internal grid infrastructure.

"The security risks depend on the intellectual property put into the hosted environment, and those can be managed," he said, adding that ultimately, sophistication in grid security will grow, as will IT's tolerance for the way of the grid.

Edmund X. DeJesus is a freelance writer based in Norwood, Mass.

Sound Off! -   Be the first to post a message to Sound Off!


Tags: Web Application Security (Also see Web Access Control)Denial of Service PreventionWeb Services Security and SOA SecurityVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts