GRIDtoday editor Derrick Harris recently spoke with Glenn Brunette --
vice chair of the EGA Grid Security Working Group and a distinguished
engineer and chief security architect for the client solutions division
at Sun Microsystems -- about the Enterprise Grid Security Requirements
document released by the EGA last month, including the working group's
conclusion that enterprise Grids might actually be more secure than
standard computing environments.
After a year of relative silence, the EGA has really
been making some noise with the working group deliverables. To what do
you attribute this sudden increase in productivity? Was it assumed all
the long that it would take about a year to produce deliverables, or
were there setbacks that prolonged the releases of these documents?
When we launched the EGA in April 2004, we had a
very aggressive charter. Before we could even begin to tackle our
technical goals, it was important to build a solid foundation and
establish a firm presence in the community, which we are pleased to say
that we did. Over the past year, we have shown solid progress,
increasing our membership by 45 percent, founding two regional steering
committees in Europe and Japan and establishing five technical working
groups. Once the groundwork was laid, we turned our focus on our
technical deliverables, which include the Reference Model launched last
May and the Security Requirements document, which we are discussing
It is not uncommon to see a delay between the launch of a consortium
and the launch of its first deliverables. This is necessary to define
and communicate a clear and consistent charter and set of goals for
both the organization as a whole, and its working groups. With this
foundation firmly in place, the working groups set about their work.
Further, it is important for the working groups to be well aligned with
each other. With the Reference Model completed, it did not take long
for EGA to announce the completion and launch of the Grid Security
Working Group deliverables which built upon the foundation provided by
the Reference Model. We are clearly gaining momentum by building on our
What are some of the major risks companies face when
deploying Grids? How are they similar and/or different than risks
associated with other infrastructures?
Interestingly enough, and contrary to popular opinion,
our initial research indicates that enterprise Grids are actually more
likely to be secure than traditional computing environments,
particularly over their lifetimes.
Enterprise Grid architectures do face unique security challenges
ranging from access control attacks (risks associated with unauthorized
entities defeating the unified access control policy) to ensuring safe
object reuse (how sensitive data could be disclosed as resource sharing
becomes more common) to masquerading and hijacking attacks (where a
valid Grid component can be fooled into communicating with another
entity masquerading as a valid Grid component).
Fundamentally, however, enterprise Grid architectures inherit the
security risks of their ancestors. Individual products and services
must still be properly configured, patched, secured and maintained.
Similarly, platform, network, storage and application architectures
must still be constructed in ways that reinforce organizational
security, privacy and regulatory compliance goals. The main difference
with enterprise Grid architectures is in how these elements are
managed. Enterprise Grid deployments, through the use of a Grid
Management Entity, enable organizations to realize greater levels of
consistency, compliance, automation and optimization as compared to
more traditional infrastructures. Unique to enterprise Grid
architectures is the ability to safely and consistently automate the
secure provisioning, sharing, reuse, assessment and monitoring of IT
assets from physical devices (e.g., disk drives and processors) to
dynamically constructed application components (e.g., Web services).
How does the EGA Enterprise Grid Security Requirements
document address these concerns? What are the requirements to limit or
The Grid Security Requirements document provides a
detailed overview of enterprise Grid-specific threats, issues and
requirements. With this information, organizations are armed to make
better business and risk management decisions about how and where to
deploy enterprise Grids within their specific environments.
Once we identified the security risks inherent in enterprise Grid
computing, the Grid Security Working Group outlined ten security
requirements designed to help organizations and vendors mitigate
several of the threats and risks unique to enterprise Grid
environments. By sharing our initial findings with vendors, consortia
and end users alike, we have started a conversation that we hope will
lead to improvements that help safeguard actual enterprise Grid
deployments. As these initial requirements evolve and are refined, we
can begin to make better decisions about what protocols, products,
processes and services should be created or adjusted to help
organizations better understand and manage risk associated with their
enterprise Grid deployments.
Several of the requirements identified in the Security Requirements
document are shared with traditional infrastructures such as
Identification, Authentication and Authorization. While there are
similarities to traditional deployments, these requirements take on new
scope and meaning when they are applied to securing enterprise Grid
architectures. Similarly, other requirements include the ability to
fail security or to ensure secure isolation. These types of
requirements are critical in cases such as ours where IT assets are
shared, linked together and repurposed more often than in traditional
environments. You can find a detailed description of each of the
requirements in the final Security Requirements document available on
the EGA Web site: www.gridalliance.org
You said earlier that "enterprise Grids are actually more
likely to be secure than traditional computing environments." How is
this possible, especially considering how often security concerns have
been singled out as obstacles to Grid adoption?
Security has often been a concern for enterprise Grid
adoption, specifically because the risks and threats were relatively
unknown. The Grid Security Working Group set out to identify these
unique threats so organizations will be better armed with information
to make appropriate risk management decisions as they adopt enterprise
Grids. Vendors can also leverage it to enhance their products and
technologies to make them more competitive and more readily able to
support their customers security needs.
Availability and centralized security management are two vital security
benefits that led us to the conclusion that enterprise Grid
environments are better positioned to be more secure. By moving away
from a silo-ed security management model, enterprise Grids enable
organizations to more easily manage, automate, audit and optimize their
security processes and configurations to more rapidly respond to
business opportunities and security events.
How did the security working group utilize knowledge gained
by any end-user participants (from their own Grid deployments) in
creating the document?
The Grid Security Working Group included organizations
and vendors from a variety of disciplines. This diversity enabled the
group to develop a broad picture of the potential uses for and
deployment scenarios of enterprise Grid-based solutions. The Grid
Security Working Group did not work in isolation. Meeting with the
other EGA working groups and discussing their points of view, in
particular, helped to give us the bigger picture for how enterprise
Grids will be used and consequently areas where they could be at risk.
To validate our initial findings, we then leveraged our individual
relationships with customers and end users to obtain additional data to
help refine the set of threats, risks and recommendations that were
developed. It is likely that this material will continue to evolve as
more use cases are defined and customer deployment scenarios are
considered, but we believe that our outreach work has significantly
contributed to the strength of our initial baseline.
How wide or narrow is the focus of the document? Does it
focus on Grids deployed within a single data center, or does it cover
multi-site Grid deployments, which would seem to have different and
greater associated risks?
Overall, the initial focus of all EGA working groups
is on commercial enterprise applications within a single data center,
as they are considered the lifeblood of most organizations. We expect
to extend the scope of these working groups into multi-data center
models, as well as technical enterprise applications in the future.
Specifically, in terms of the Grid Security Working Group, the scope
covers the unique security issues in an enterprise Grid environment
where components are centrally managed and may be shared or rapidly
repurposed. Version one of the Requirements document focuses on
enterprise Grid security requirements. Later versions will address how
these requirements can be satisfied using new and existing policy,
processes and technology. As the EGA working groups extend their scope
beyond the single data center use case, security topics such as
federation, cross-organizational trust models and cooperative
management, auditing and monitoring techniques will be addressed.
How did the working group address the role of Web services standards and security as they relate to Grid security?
The focus of the Security Requirements document was to
better understand the problem space, identify enterprise Grid specific
security challenges and to develop an initial set of security
attributes that should be made available to customers deploying
enterprise Grids within their environment. While the working group did
not focus on specific products, technologies, protocols or standards,
the working group did consider several typical enterprise Grid
deployment and use scenarios including those supporting Web services.
The Grid Security Working Group continues to elaborate on its initial
work by identifying new security gaps and requirements as appropriate,
documenting more detailed architectural, procedural and technical
solution strategies and recommendations, and cooperating with other
standards bodies and working groups to better understand how their work
can help support the deployment of secure enterprise Grids.
How will this document affect the work being done by various bodies (GGF, OASIS, etc.) to establish standards?
The EGA was not established to reinvent or relive
discussions related to non-Grid or traditional enterprise security
controls and best practices. The singular focus of the EGA's working
groups is to provide a basis for collaboration among organizations like
OASIS, SNIA and DMTF to help eliminate redundant standards development
activities to speed enterprise Grid adoption.