|
A few themes...
- Growth: Grid computing is partially buzzwords
and vaporware, but it also addresses real needs for some application
areas and user communities. The security infrastructure is
particularly appealing for organizations that might otherwise
look to distributed computing or Web services.
- Standardization: GGF, OASIS etc. are working on
standards (essentially, a top-down process). Globus, NPACI and others
are developing and distributing free software on which to build grid
apps (essentially, a bottom-up process). This will be a rocky road of
problems and exploits, but in the end we predict a small number of
better packages, which are auditable and more understandable.
(Perhaps similarly to the shakedown in Web servers, with Apache
emerging as a standard.) Eventually, this should result in better
security.
- Commodification: Companies including IBM,
Oracle, Platform and many others are staking a portion of their future
on making the grid work. It's too soon to tell the extent to which
different grid implementations will inter-operate, or have a common
code base or heritage. Probably, there will always be more than one
grid, and the corporate world will play a role in shaping
expectations. For security, this insures plenty of the good,
the bad and the ugly.
- Diversification: Grid commputing is all
about heterogeneity. Different architectures, different OS versions,
and systems of all sizes and capabilities can participate. This
helps security, because binary-level exploits might not be
effective.
- Fragility: There is at least another year of
rapid change in store for Globus, probably much longer. This means
that people will continue to avoid or botch upgrades, continue to
deploy certificate servers insecurely, and be constantly under-informed
about the latest techniques for avoiding security problems in
applications.
|