by Jon Brodkin – April 2, 2014
This article originally appeared in Ars Technica.
When Boeing decided to move some of its most important applications to the “cloud,” it ran into the usual roadblock faced by multinational corporations that handle lots of sensitive data: security.
Instead of keeping everything in-house, Boeing started rewriting applications to outsource the heaviest processing needs to Amazon Web Services and Microsoft Azure. In at least one case, the company did put some of its more sensitive data into Azure, but it did so with safeguards that would make the data useless to competitors even if the cloud service was hacked.
David Nelson, a 30-year veteran of Boeing who is chief strategist for cloud computing, described the project today in a session at the Interop conference in Las Vegas and in an interview with Ars afterward.
Boeing, which has more than 170,000 employees and $86 billion in annual revenue, moved about a dozen applications to the cloud last year and expects to triple that number this year. In most cases they’re making wholesale switches from on-premises applications to the cloud, for example using software-as-a-service for human resources and travel services. But for a few applications that had more stringent security requirements Boeing adopted the hybrid cloud model.
Nelson offered two examples, one of which is a market analysis tool that analyzes all flights around the world, estimating how many passengers choose each available flight in a market. Boeing uses this data to convince its airline customers to buy new planes.
Public flight data isn’t sensitive, of course, but the airlines also share their confidential plans, which Boeing has to protect. Boeing has its own algorithms to analyze this data, and the company wanted to take advantage of Microsoft Azure’s cloud-based processing power that can be scaled up and down as needed. But, Boeing wanted to do all this without putting its data at risk.
To do this securely, Boeing used what Nelson called the “shred and scatter” method, which splits the calculations up into many parts which could not be pieced back together in any comprehensible way.
With the data “running inside our SQL Server databases, we would shred it and scatter it and send it out to all these Azure nodes, and they would do the individual processing,” he said. Nelson likened this to a puzzle where all the pieces are scattered and flipped over to reveal only the gray side. If a hacker got into Boeing’s Azure instances, they would only see the back side of a puzzle piece.
“If you pick up one piece of that puzzle, how much of the picture can you put back together? That’s kind of the technology and the idea around shred and scatter, and you have encryption all along the path,” he said.
“Data is distributed so wide that even if 100 streams were intercepted it would be useless,” according to Nelson’s presentation. After processing, the data is brought back in-house and the “puzzle” is pieced back together.
The algorithms use Monte Carlo simulations and are “massively parallel,” Nelson told Ars. “You’re able to run these little short legs over and over and over again, put the whole picture together and come up with a solution.” If run in-house, it would take a “boatload of processing power,” he said. “We want to push that out into a very large set of compute resources so the cloud is a perfect spot for that.”
The application is about 10-years-old, developed with Visual Basic and the .NET Framework. When rewriting the application for the cloud, Boeing chose Azure because it was already using Microsoft technology. The rewritten version takes advantage of the GreenButton cloud management platform, which handles job scheduling and orchestration between Boeing’s on-premises and cloud resources. The .NET portions of the application run internally at Boeing on Apprenda’s platform-as-a-service technology.
Boeing isn’t tied to Azure for all of its cloud-based applications. The company used Amazon to create a similar hybrid model for another application that draws from a mix of Boeing and non-Boeing data to give airlines maintenance and operations information. In that case, the application used an Oracle database and the Apache Tomcat Web server, and it was “fairly easy” to rebuild in the Amazon cloud, Nelson said.