Organizational and Security Aspects
of Grid Computing"> Another issue to watch out for is the social engineering aspects of grid. Gentzsch said hes witnessed situations where theres no real preliminary agreement on how to share the resources that get strung together in the grid.One day youve got your own resources that you can touch and control, and then the next day youve got to share them with heathens from other departments. Or worse, they move away to a place where you cant see or touch them anymore.How do you handle that? Get policies up front that everybody can agree on, he said. For example, when he was working with a grid that combined resources from the Army, Air Force and Navy research labs, department chiefs met every Monday afternoon and agreed on how to use resources over the coming week. Then of course theres always security. As Gentzsch said, weve got more and better encryption and other types of security than ever, but theres still a concern from users that resources, data and applications arent secure enough. Especially in a regulated environment, when youre talking about patient data and patient records and about combining that with life science data or genome research, thats a highly sensitive area. Beyond HIPAA (Health Insurance Portability and Accountability Act) issues, legal issues arise in countries such as Poland and France, where companies arent allowed to share financial data with anyone from outside the country. What are the implications for grid in such a situation? Nobody at the panel even knew. Bremmer, for his part, is looking at different types of grids to address the security and privacy issues. The institute has its own firewall, as does the hospital with which its associated, and work is ongoing to figure out how to bridge the two. That doesnt have to do with technology, however, as much as it does with figuring out who can access what. "Thats a real issue, and its why, when youre [breaking down information silos], start with small types of projects," he said. "Its important when you have the backing of IT that they can look at it, they can see how its operating in this environment, and they can see that its not causing security leaks. Theyre more comfortable, and theyll help you fight these battles." Another thing to keep in mind is that theres flexibility in how grid is architected. You can put information in areas that you would have secured anyway, even without grid. If data is sensitive, you keep it behind firewalls, and you identify which machines have access to it. If its that type of application, it might stay inside a firewall, or it may stay on a prescribed set of machines. Beyond that, as Gentzsch pointed out, there are different applications that fit different grids. "Grid can exist on peoples laptops for very specific types of things," he said. "Dont use proprietary or private data for only pre-research data. For more stuff that needs privacy, you build a very secure node in your grid for which special people are authenticated and authorized. "There are these nodes today. Theres a very secure operating systems, like Trusted Solaris, where you can define different levels of security with different access keys for specific people. You put your data into one of those containers, and the whole thing is very safe." Of course, it always boils down to this: Start small. Define business performance issues and workload issues. Figure out which problem area to target. Profile workload patterns to establish cause and effect of pain points. Then, set up a prototype, and figure out how youll measure success. Is it a lot of work? Oh, yes. The dogs bark, but the caravan moves on. Check out eWEEK.coms for the latest database news, reviews and analysis.