Deploying a grid infrastructure can help companies dramatically improve hardware utilization rates and boost computing power. But the massive resource aggregation and wider end-user access enabled by grids also have the potential to magnify security risks, implementers say.
As a result, companies that are implementing grid technologies need to pay special attention to issues such as user authentication, authorization and access control, as well as auditing and data integrity — both when data is in storage and while it’s in transit.
Ensuring that adequate measures are in place for responding to the effects of worms and viruses, which can be amplified in a grid setup, is also crucial in grid computing, IT managers say.
Most of the problems that IT staffs have to deal with in a grid environment are similar to the ones they face in non-grid environments, says John Hurley, senior manager for distributed software and systems integration at The Boeing Co.’s mathematics and computing technology group in Seattle. “But (they) take on much greater significance in a grid environment because of the fundamental premise of grids — access, sharing and collaborative computing,” he notes.
Grid computing creates the “potential for gateways into an environment” where none existed before, says Hurley.
More power, more risk
A grid installation harnesses the combined power of numerous servers and PCs to run applications and services as one large system. Grids have been used for years to run compute-intensive applications in academic and research organizations. The improved resource utilization and power delivered by grids have also begun to attract the attention of corporate America. A survey of 550 database professionals, released in January by Santa Cruz, Calif.-based Evans Data Corp., showed that one in five companies is planning to deploy grids during the next two years.
The potential severity of grid-related security problems depends largely on the context in which grids are being used, says Dane Skow, deputy computer security executive at the Fermi National Accelerator Laboratory in Batavia, Ill. “When you talk to people about grids, they have different scenarios in mind — everything from clusters in the same room run by the same infrastructure team to global power-grid-like infrastructures,” says Skow.
Research grids, for instance, typically provide access to users from multiple organizations and security domains. Fermi operates a grid for high-energy physics applications that’s accessed by more than 5,000 users in some 80 organizations — several of which are in Europe.
User access, authentication and authorization in such an environment can be a big challenge, given the fact that there’s no single identity authority, says Skow, who is also part of the security group at the Global Grid Forum, a Lemont, Ill.-based organization with members from more than 400 vendors and user companies.
In contrast, a grid being run by a private-sector company typically uses internal resources and is accessed by users whose identities are already stored in an internal directory. As a result, it’s easier to get a grip on identity management in a company grid than it is with grids in a research setting, Skow says.
Central management needed
Regardless of the manner in which grids are being used, there is “more of a requirement for a centrally managed ID infrastructure, whether it is PKI-based or Kerberos-based,” says Clifford Neuman, associate director at the University of Southern California’s Information Sciences Institute in Marina del Rey, Calif.
What’s also required is a way to authenticate the clients and servers that are attached in a grid configuration, he notes. Because of the wider access enabled in a grid environment, it becomes crucial to ensure that data flowing through the network comes from a trusted source and not an imposter.
There are several methods currently available to do this, Neuman says. In a public-key infrastructure environment, for instance, servers and clients could mutually authenticate each other using digital certificates issued by a trusted authority. In a Kerberos setup, the same thing could be accomplished via encrypted keys stored in advance on a Kerberos authentication server, he suggests. Other methods include the use of Secure Sockets Layer technology to authenticate servers by clients before starting an encrypted session.
Companies that are deploying grids also must protect data during transmission on the network via encryption, says Jikku Venkat, chief technology officer at United Devices Inc., an Austin-based vendor of technologies for aggregating computing resources into clusters and grids. In addition, companies must put mechanisms in place to guarantee that the data isn’t tampered with in any manner while it traverses the grid, according to Venkat.
Both measures are needed because anyone connected to the grid could access, modify or delete data flowing through it, either accidentally or maliciously, Venkat says.
United Devices attaches checksums to data before it’s encrypted and then verifies that the checksum is the same when the message is being decrypted to ensure that nothing has been tampered with, Venkat explains. “We also recommend that only digitally signed code modules are permitted on a grid. If it is not signed, don’t run it on a grid,” he says.
There are also certain security concerns that get “amplified” in grid architectures, says Lee Cooper, chairman of the Enterprise Grid Alliance, a San Ramon, Calif.-based consortium of vendors and users.
One obvious example is the threat from worms and viruses. The same highly automated and efficient manner in which resources are allocated on a grid could be used by a malicious attacker to his advantage, Hurley warns. As a result, “keeping all grid resources fully patched and configured securely begs for some sort of centralized solution,” Cooper says.
Good incident-response mechanisms should help minimize the impact of such attacks in case one occurs, Hurley says.
Careful with policies
Another crucial area with security implications is policy reconciliation on a grid, according to Skow.
Because grids can run different applications at different times, companies should have a clear understanding of the various policies — such as user access restrictions or the authentication requirements — that are attached to each application, Skow says.
“There needs to be some consistent and congruent way to mediate those rules. And it has to be done in a very significant way” before companies can take full advantage of grids, Hurley says.
Addressing grid security may not involve new technologies, but because of the increased potential vulnerability, protective measures become more urgent.
Grid architectures in the enterprise face the same security issues that one sees in a non-grid environment, so “clearly, these need to be addressed,” Cooper points out.
But, he adds, “the same tools and technologies that are used today to secure storage, computing and network resources all apply in a grid architecture.”