Shadow HPC Moves to the Cloud

Providers such as Amazon, Google and Microsoft are luring college and university researchers to bypass IT for cloud-based high-performance computing resources.

Shadow IT is not a new phenomenon among college and university researchers, but the practice of using software and services not officially supported by a school's IT department is moving to the cloud. The instant access to elastic and virtually unlimited compute and storage resources — promoted by cloud providers such as Amazon, Google and Microsoft — is luring academic researchers and reigniting a long smoldering argument about how best to deal with these pockets of unsanctioned tech.

"It's true that shadow IT is not new, but it has morphed," said Erik Deumens, research computing director at the University of Florida, a large public research university in Gainesville. "We've always had the cluster in the closet, so to speak, and we still have some of those, but the cloud has really changed things. Today, anything you want to do, you can do in the cloud, and it offers a kind of instant gratification and nimbleness that is very good for research."

Another change: The cloud providers are marketing their offerings directly to academic researchers. Amazon's AWS Research Cloud Program promises to help them to "focus on science, not servers." Microsoft's Azure 4 Research program claims that its cloud platform "can help with almost any research computing task." Google sees itself as a supporter and participant in the academic research community, and promotes programs that provide funding for academic research enabled by the Google Cloud Platform.

These are effective pitches, and they're getting researchers' attention for obvious reasons: fast deployments and no university bureaucracy, said Patrick Mungovan, VP of Oracle's Higher Education, Research and Academic Medical Center Technology Sales group.

"If you look at what cloud does, it can be an incredible enabler for university researchers," he said. "The types of research we're seeing these days cross a variety of disciplines, and a lot of them utilize sensor data and the Internet of Things, which generate a staggering amount of data. The cloud is really the only thing that provides the bursting ability that allows researchers to take on massive amounts of information and stand it up or stand it down, depending on what they want to do with it."

The cloud vendors are also tapping into old organizational prejudices, albeit not necessarily deliberately.

"I think there is a presumption among researchers very often that the local IT organization is too expensive, too slow and might even be leveraging the grant to build out infrastructure," said Edward Chapel, senior VP at NJEDge.net, a nonprofit technology consortium of academic and research institutions in New Jersey. "The CIO looks at the researchers and thinks, 'They're doing an end run around me, creating inefficiencies and liabilities that will get dropped right into my lap.' There's what you might call a historical layer of distrust there."

It's also likely that the researchers who go directly to a cloud services provider are not exercising the due diligence a circumspect university CIO would pursue for what are essentially software-as-a-service agreements, Chapel said. "The researchers are not IT administrators," he explained. "They just want to get their work done, and the cloud helps them to avoid the often steep climb they face going through the local technology organization."

The ability to stand up a cloud environment in minutes without IT department oversight does come with risks. According to IT industry analysts at Gartner, by 2020 more than a third of successful attacks on organizations will be accomplished through their shadow IT resources. But it's important to keep in mind that Gartner's prediction isn't a knock against cloud computing, per se, but a reminder of the risks posed by IT assets that are essentially invisible to the IT department.

"The thing that people forget," Deumens said, "is that once you get a virtual machine from Amazon, you own it and you're responsible for its configuration and its system administration. That's okay if all you have are simple problems, but what happens when bigger problems arise, when security is not done properly, when patches aren't applied, or when there are new mandates on properly managing restricted data? Some of this stuff is really hard, and that's when shadow IT becomes a real risk for the university."

Gartner's prediction suggests that shadow IT will be with us for the foreseeable future, which makes old strategies for rooting out and eliminating unmanaged technologies seem like futile exercises. In fact, Gartner recommends establishing a culture of "acceptance and protection versus detection and punishment" to organizations looking for solutions to their shadow IT challenges.

"Don't think about limiting access, but filtering access and establishing a base-level control gate," Mungovan suggested.

The University of Florida is going even further with an emphasis on dramatically increased access for its researchers through a model Deumens calls "Research-as-a-Service." He said the school has come a long way in the management and orchestration of its shadow IT by drawing researchers back behind the firewall, where they find faster deployments and computing resources enhanced by public cloud capabilities.

"It's definitely more carrot than stick," he noted. "We created an environment that is dedicated to research computing that exists for the most part on our own infrastructure. People get an allocation in the form of the number of cores and number of terabytes of storage, which gets allocated to them within one to two business days. We tried to make it a deal they couldn't refuse, and it really seems to be working."

Although the bulk of the university's Research-as-a-Service offering is provided locally, the school also employs the cloud to add elasticity to the service, Deumens said. It's one of the secrets of the strategy's success, for both the university and the researchers.

"We first make sure that everyone is using our resource," he said, "then we know exactly what the workloads are and how we can support them with our small staff. Once we have them all supported on our local, private cloud infrastructure, then we can judge whether we should buy more cores and expand the hardware of our local infrastructure, or burst out this workload into the cloud and make sure that it's cost effective."

Elias Eldayrie, the university's CIO, is the driving force behind Florida's Research-as-a-Service strategy, Deumens said. "To make this work, Elias had the entire upper administration aligned around the idea. He created a partnership with the provost and VP for research to establish this centralized infrastructure and to get people to buy into and use it."

That kind of interdepartmental communication is essential to the success of any strategy for coping with shadow IT, Deumens insisted.

"The main thing that we hear when we talk to other colleges and universities about their shadow IT issues is that there's a lack of good, high-level conversations among the leadership," he added. "The CIOs in many places don't talk with the VPs for research, or the VPs for research don't talk with the provosts. And you really need that kind of communication, because you're trying to control the behavior of faculty, who are not like employees in a business. They are more like independent entrepreneurs in a city. To align with the faculty, you need buy-in from the provost, who is their head, and the faculty senate. And then the VP for research really needs to be engaged with the CIO, so that you can come up with a coherent strategy. All three of them at our university have done this work together. And that is how we're making this thing work."

Featured

  • person signing a bill at a desk with a faint glow around the document. A tablet and laptop are subtly visible in the background, with soft colors and minimal digital elements

    California Governor Signs AI Content Safeguards into Law

    California Governor Gavin Newsom has officially signed off on a series of landmark artificial intelligence bills, signaling the state’s latest efforts to regulate the burgeoning technology, particularly in response to the misuse of sexually explicit deepfakes. The legislation is aimed at mitigating the risks posed by AI-generated content, as concerns grow over the technology's potential to manipulate images, videos, and voices in ways that could cause significant harm.

  • close-up illustration of a hand signing a legislative document

    California Passes AI Safety Legislation, Awaits Governor's Signature

    California lawmakers have overwhelmingly approved a bill that would impose new restrictions on AI technologies, potentially setting a national precedent for regulating the rapidly evolving field. The legislation, known as S.B. 1047, now heads to Governor Gavin Newsom's desk. He has until the end of September to decide whether to sign it into law.

  • illustration of a VPN network with interconnected nodes and lines forming a minimalist network structure

    Report: Increasing Number of Vulnerabilities in OpenVPN

    OpenVPN, a popular open source virtual private network (VPN) system integrated into millions of routers, firmware, PCs, mobile devices and other smart devices, is leaving users open to a growing list of threats, according to a new report from Microsoft.

  • interconnected cubes and circles arranged in a grid-like structure

    Hugging Face Gradio 5 Offers AI-Powered App Creation and Enhanced Security

    Hugging Face has released version 5 of its Gradio open source platform for building machine learning (ML) applications. The update introduces a suite of features focused on expanding access to AI, including a novel AI-powered app creation tool, enhanced web development capabilities, and bolstered security measures.