High Performance Computing

Survey Questions to be Reviewed

  • 1.  Survey Questions to be Reviewed

    Posted Apr 14, 2020 10:14:00 AM
    Dear team,

    As previously discussed, the Co-Chairs have helped to develop a list of survey questions (link here) for our deliverable on understanding the security landscape of HPC and HPC Cloud, "State of Security Practices in HPC & HPC Cloud".

    For your convenience, below is the list of questions extracted from Google docs. You may access the full document in earlier link. Given your expertise, please provide suggestions to fine tune this survey. Our goal is to understand the state of security across various HPC infrastructures such as CSPs with HPC offerings, supercomputing facilities, academics, government and research institutes and solution providers. Kindly provide your feedback by 8 November 2019.

    After the questions are finalized, as members of the WG, you will get to represent your organization to answer these questions. Rest assured that responses are kept anonymous (as you can see in the questions) and will not be circulated.

    Acknowledgements

    Initiative Lead
    Andrew Howard
    Ong Guan Sin
    Key Contributors
    Chris Shull
    Jeffery Tay
    Putchong Uthayopas
    Yeo Eng Hee

    Survey Questions and Results

    1. Demographics question(s) to understand the type of respondent taking the survey. For eg. 
      1. Type of organization
        1. Public cloud service provider with HPC offering
        2. Standalone HPC centre 
        3. Research institute with HPC offerings
        4. Other (please specify)
      2. What role do you have in your organization? 
        1. CEO or President
        2. CISO, CIO, CSO
        3. HPC Director
        4. Director
        5. Manager
        6. Other (please specify)
      3. Size of organization (number of employees)
        1. 0 - 50
        2. 50 - 200
        3. 200 - 500
        4. > 500
      4. Organization annual revenue
        1. <$1 million
        2. $1 million to $20 million
        3. $20 million to $100 million
        4. $100 million to $1 billion
        5. > $1 billion
      5. What region of the world do you reside in? 
        1. North America
        2. Europe
        3. Asia Pacific
        4. Latin America
        5. Middle East 
        6. Africa

    2. Does your current HPC infrastructure include cloud-based resources? 
      1. If yes, 
        1. What were the drivers behind the shift to cloud? 
          1. Cost
          2. Features offered
          3. Ageing of on-premises hardware
          4. Other (please specify)
        2. What service type(s) does your organization provide? Please select all that apply.
          1. IaaS
          2. PaaS
          3. SaaS
        3. What are the types of deployment? 
          1. Private cloud
          2. Public cloud
          3. Hybrid cloud
      2. If no, 
        1. Does your organization plan to cloud-enable it in the near future? 
          *Cloud enablement is the process of building, deploying and operating an organization's IT infrastructure, software and resources through the cloud. E.g. replacing on premise data center by a cloud solution to achieve resource pooling, rapid elasticity, on-demand self-service, broad network access and measured service, or allow bursting to the cloud in capacity spikes. 
          1. 6 months
          2. 12 months
          3. 2 years
          4. > 2 years
          5. No plan
      3. What are the barriers preventing cloud adoption for HPC? Please select all that apply.
        1. Performance requirements not met
        2. Reliability requirements not met
        3. Security requirements not met
        4. Lack of low latency interconnects
        5. Third party handling of large data
    3. How concerned are you that your HPC infrastructure and/or workloads are at risk to the rapidly evolving cyber threat landscape?
      1. Very concerned
      2. Somewhat concerned
      3. Not at all

    4. Based on your current internal requirements, is it necessary to secure HPC infrastructure and workloads in the cloud?
      1. Very necessary
      2. Somewhat necessary
      3. Not sure
      4. Somewhat unnecessary
      5. Very unnecessary
    5. In your opinion, how secure are your HPC infrastructure and workloads?
      1. Very secure
      2. Relatively secure
      3. Not sure
      4. Relatively insecure
      5. Very insecure
    6. Importance of performance vs security e.g.
      What percentage of performance impact is acceptable when improving the security of your HPC infrastructure and workloads?
      1. 0%
      2. 0% - 1%
      3. 1% - 5%
      4. > 5%
    7. Do you think HPC performance will generally suffer with the implementation of security practices?
      1. Yes
      2. No
    8. What are the barriers to adopting better security practices in your organization? Please select all that apply.
      1. Concerns about performance compromise if more security is put in place
      2. Lack of awareness
      3. Budgetary constraints
      4. Existing technologies
      5. Political pressure / resistance
      6. Governance & architectural approval
      7. Organization averse to adopting new technology
      8. Lack of training
      9. Others
    9. Question(s) to find out what the respondent is currently doing to secure their HPC infrastructure and workloads. For example: What types of security products / services / practices is your organization using? Please select all that apply.
      1. Antivirus
      2. Virtual private cloud
      3. Load-balancing
      4. Firewall
      5. Encryption in transit
      6. Encryption at rest
      7. Multi-factor authentication
      8. Certificate-based authentication
      9. Intrusion detection system
      10. Network flow analysis
      11. Infrastructure scanning
      12. Others _______
    10. Does your organization have plans to improve the security of your HPC infrastructure and workloads? 
      1. Yes
        1. If yes, in your opinion, will the level of security be sufficient then?
      2. No
    11. Rank the reasons why your organization would delay or hesitate to implement (or improve) security practices.
      1. Slow down in performance 
      2. Cost
      3. Existing security practices are sufficient
      4. Risk of misconfiguration
      5. Lack of training
      6. Lack of manpower
      7. Other (please specify)
    12. Rank the following considerations by importance for your decision to adopt the cloud for HPC workloads.
      1. Industry guidelines for HPC cloud
      2. Cybersecurity standards applicable to HPC workload in the cloud
      3. Cloud service providers' specific security measures for HPC workload
      4. Availability of more budget
      5. Technical expertise to deploy into the cloud
      6. Other (please specify)
    13. In question 12 above, if you rank (a) or (b) as the most important, are you currently using any industry guidelines/cybersecurity standards? If yes, please specify.


    ------------------------------
    Jane Chow
    Nov 2, 2019 · Notified 38 people
    ------------------------------