Security experts on Wednesday recommended that IT administrators clearly identify and understand the security risks associated with large-scale grid computing deployments.
During Ziff Davis Medias Enterprise Solutions Virtual Tradeshow, the pros and cons of grid computing and safe data storage took center stage, with panelists stressing the importance of using best practices to protect the confidentiality of information passed over corporate grid systems.
Lenny Mansell, senior security consultant at Triad Information Security Services LLC, warned that greater sharing of information and resources across traditional trust boundaries will result in increased risks that must be addressed as a matter of urgency.
Mansell recommends that businesses deploying grid systems identify critical assets and the threats to those assets.
More importantly, IT administrators must assess the impact that a security threat could have on the business and implement mitigation controls and policies.
To ensure the confidentiality, integrity and availability of crucial data on the grid systems, Mansell said administrators must implement proper classification to handle confidential data. “Access to confidential data needs to be restricted to those with a need to know and you have to set up audit trails,” Mansell said.
“Many of the concepts that apply to a well-managed information security practice apply to grid computing,” he said, warning that the reliance on authentication and authorization of users and groups makes it complicated for an administrator.
“Policies and processes must be created to address this expanded reliance on these extended models,” Mansell said, calling for boundaries of administrative control to be clearly defined.
Mark Teter, chief technical officer of Advanced Systems Group LLC, said the highly automated manner in which resources are allocated on a grid can be used by a malicious attacker to steal sensitive corporate data.
“It is crucial to safeguard the grid and the data being distributed. Your whole storage infrastructure can be compromised,” Teter said. He recommended that businesses use encryption technologies to mitigate the threat.
Grid computing is the concept of using computers in the way that utilities use power grids to tap the unused capacity of a vast array of linked systems. Users can then share computing power, databases and services online.
Several high-profile companies have invested heavily in grid computing, including IBM, Sun Microsystems Inc., Microsoft Corp. and Oracle Corp.