Myth #5: Cloud is Not Secure Enough For HPC
Editor’s note: This is the 5th blog post of the ebook Dispelling the Myths of Cloud HPC. Read the full piece here.
The last HPC myth in the cloud that needs to be dispelled pertains to security and compliance. It has been long assumed organizations cannot run sensitive workloads on public cloud infrastructure because of compliance and security standards. Today cloud service providers routinely achieve compliance with a wide range of standards and requirements, including:
- FedRAMP: The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP empowers agencies to use modern cloud technologies, with emphasis on security and protection of federal information as part of an effort to accelerate the adoption of secure cloud platforms.
- ITAR: The International Traffic in Arms Regulations (ITAR) are a set of U.S. government regulations administered by the U.S. Department of State’s Directorate of Defense Trade Controls (DDTC). These regulations control the export of defense articles and defense services, including the placing of restrictions on the handling of software and technical data controlled on the United States Munitions List (USML).
- SOC-2: A System and Organization Controls audit conducted by a third party assesses the information security and privacy compliance with standards established by the American Institute of Certified Public Accountants (AICPA). These reports verify that an organization has effective security, processing integrity, privacy, and availability of information.
- ISO 27001: ISO/IEC 27001:2013 (ISO 27001) is an international standard that helps organizations manage the security of their information assets. It provides a management framework for implementing an information security management system to ensure confidentiality, integrity, and availability.
Many protected and sensitive workloads are already running in the cloud. In fact, it may be more likely to experience a breach in an on-premises IT environment than a cloud platform with leading security and compliance protocols. The number of government agencies around the world that make use of cloud platforms to process and secure data using private cloud instances running on shared infrastructure has dramatically increased in the last three years. It is important to evaluate that both the hpc infrastructure and the services utilized and built on top also have the necessary security from end-to-end.
It’s Time to Modernize HPC With the Best in Cloud
It is always constantly evolving. Where to run HPC applications is not the only IT decision that organizations have revisited as cloud computing environments mature. The first cloud HPC deployments essentially amounted to little more than deploying the same type of enterprise applications IT teams ran in an on-premises IT environment in the cloud. The new and current era of cloud computing enables new use cases on top of making it more efficient to build, deploy, share, update, and manage applications more efficiently than ever.
HPC in the cloud benefits organizations by eliminating on-premises infrastructure constraints in a way that makes it easier to pay only for the capacity used no matter how much is required. They enable organizations to innovate without constraint, improve flexibility and deliver faster results.
Naturally, there may still be a handful of HPC applications that don’t lend themselves to the cloud but as time marches on, the number of those applications continues to grow smaller with each passing day