Security and attitudes aren’t yet ready for commercial Grid computing over the Internet. At least that’s the view of most Grid computing insiders.
But those who offer the service and those who use it beg to differ. The security is there, they say, and attitudes are slowly coming around.
“At present, security is a perceived issue with distributed computing, but much less of a concern for most than when we first began addressing the market,” said Steve Armentrout, CEO of Parabon Computation, one of the few Grid companies offering an Internet solution. “We predict it will follow the course of credit card usage on the Internet. In time, security will be but a small consideration for users of Internet distributed computing. And those few firms with ultra-high security requirements will pay a premium to have their jobs routed to a fixed set of physically secured nodes.”
Parabon’s primary focus is enterprise Grid computing, but the company also offers an Internet service based on its Frontier platform. “By design, security is one of Frontier’s strengths,” Armentrout said. “All communication is encrypted, the codes are obfuscated, data is encrypted on the engine, and clients have complete anonymity. To boot, distributed problems are often fragmented by nature – one piece of a jigsaw puzzle does not a picture make. Security is about layers, and Frontier offers several security layers that, in combination, make attempts to steal IP both challenging and unrewarding.”
“We’ve learned that client preference for Frontier Enterprise versus Frontier Internet depends mostly on the size of the organization,” Armentrout said. “Large organizations with thousands of computers naturally gravitate toward an enterprise solution; smaller firms in need of burst computing power, but that own few computers, are thrilled at the prospect of buying computation by the slice via Frontier.”
Icosystem Is A Believer
Paul Edwards, CEO of economic simulation company Icosystem, said his company uses Parabon’s Frontier service to run its models “massively parallel to explore a search space, design an intervention using evolutionary computing or to conduct a robustness analysis of a particular solution.”
The company’s work typically has four parts: the data inputs, the model code, the manipulation code (how the company designs the experiments that it is using the models to fulfill), and the output results. Of these, the manipulation code presents the least security issues: it is likely to be either open-source or covered by one of the company’s own patents – in either case, it is in the public domain, so security is not a concern.
The other three elements may each contain sensitive information, “so security is an important consideration,” Edwards said. However, the sensitive information is usually “highly contextual” – understanding the relevance of a particular value or sequence of code depends on being able to grasp the full context of the variable or process. The pre-Frontier Java compilation process “anonymizes” the variables, and Icosystem uses its own internal procedures to do the same for class names when appropriate.
“The way that we work – and the inherent efficiency of Frontier – means that we are normally able to conceal the ‘real’ values of variables within ranges, and so it would be very unusual for a sensitive specific combination of information to be explicitly available on the system, even if anyone who was aware of the context of the work were to reverse-engineer the code,” Edwards said.
“In every case that we have faced so far, the risk has been identifiable and manageable,” Edwards said. “However, our clients call the shots. We always discuss the use of Frontier with them prior to starting, explain the advantages and risks, and if they are not comfortable, we find another solution.”
United Devices Says Enterprise Grids May Boost Internet Acceptance
David McNett of United Devices, which also offers an Internet Grid solution, said that enterprise Grid solutions indirectly help attitudes toward Internet Grid usage. “We think that it’s this familiarity and opportunity for direct evaluation of the security available that will turn out to be the necessary first step towards acceptance of commercial distributed computing on the public network,” he said.
United Devices is in some ways uniquely qualified to pursue the public exchange model. Many of the company’s employees came from and maintain relationships with the distributed.net and SETI@home projects.
“The measures necessary to protect the data involved and to ensure the integrity of results received are based on a firm foundation of decades of cryptography research and at least five years of practical application in the hands of organizations like distributed.net, SETI@home and GIMPS,” McNett said. “These public-interest projects are no less concerned about the security of their projects. They were just compelled to be the earliest adopters of distributed computing for lack of any alternative methods of acquiring their needed computing resources.”
“I get the impression that the people who are not doing any type of Internet initiative want to but need to get over the psychological fears of doing so,” he said. “In the long term, the Internet will probably play a significant role in distributed computing, but people still need to be comfortable using their own intranets before they take that big step.”
When they do take that step, proponents of the Internet model say, the security will be ready for them.
This story was first published on Grid Computing Planet, an internet.com site.