The Enterprise Grid Alliance, which includes several top vendors trying to accelerate the use of grid computing by big businesses, has published its first paper on the unique security requirements of grids.
The 37-page paper (click here to download) aims to help users, vendors and standards groups identify the risks associated with enterprise grid computing. The group plans to discuss technologies and practices for mitigating the risks in a later paper, it says.
The alliance was formed in 2004 by Oracle, EMC, HP and several other vendors. Membership is open to all, though IBM and Microsoft have not joined.
Some of the security requirements described in the paper also apply to traditional systems and become more prominent in grid setups. For example, a storage system might contain sensitive information that should be accessible only from one application, even though several applications link to that storage resource. Grid computing, by its nature, tends to increase the occurrences in which multiple applications access a single resource, making security issues more prominent.
Other security requirements are unique to grids, and most of these have to do with what the paper calls the "grid management entity," or GME, responsible for the grid's operation. The GME provisions and configures grid components, such as servers and storage arrays, manages workloads and "decommissions" components when their work is done.
"Grid resources [or simply pools of networked resources] alone are not unique to a grid environment. What is unique is the way in which they are aggregated and managed. By introducing the GME with the ability to provision, manage and decommission pools of grid resources, we get to the heart of the unique threats and security requirements in a grid environment," the paper says.
It goes on to describe various risks and how they can affect grid environments. They include access-control attacks, in which unauthorized users or components join a grid; denial-of-service attacks (against the grid management entity, for example); and object reuse, in which an unauthorized user accesses a grid component that has not been properly decommissioned or "sanitized."
The paper, coming from a group whose members sell products for building grids, strikes a mostly positive tone. It argues that grids can enhance security in some areas. It notes that grids still need security controls used in more traditional environments, in areas such as identification, authentication and confidentiality.
The alliance has limited its focus to enterprise applications within a single data center - far narrower than the definition used in academic and technical communities, which use grids to link computing centers that can be widely dispersed across organizations.
Grids that conform to that broader definition could pose considerable security challenges for a business. But a grid that operates within the boundaries of a single organization would not necessarily be difficult to secure, says Andy Kellett, a senior research analyst for security at Butler Group.
"If you've got a decent security system in place, and if the boundaries of your grid are the boundaries of your data center, then your existing authentication and access-control systems should take care of what's required," he says.
The paper is the second work published by the Enterprise Grid Alliance. In May, it published a "reference model" for grid computing, including a lexicon of terms, a model for classifying the management and life cycles of grid components, and a set of usage scenarios (click here to download).
The group has said it will build on top of current standards and research and not try to "reinvent the wheel." Other participants include Cisco, NEC, Novell and Sun.