We’re hearing more and more about edge computing, and it will likely continue to be a focal point within IT as the Internet of Things (IoT) continues to gain momentum. A key question for organizations looking to the edge: What are the cyber security implications?
With edge computing, computation, storage, or data analytics are performed on distributed devices, as opposed to mainly taking place in a centralized cloud environment. “Smart” devices are located at the edge of enterprise networks, and resources such as advanced analytics and artificial intelligence are provided closer to the actual sources of data.
In addition to IoT, edge computing makes it more feasible to build smart cities and make ubiquitous computing a reality.
The focus on the edge is clearly gaining momentum. In a report released in November 2018, research firm Gartner Inc. forecast that by 2021, 65% of global infrastructure service providers will generate 55% of their revenue through edge-related services.
“An explosion of connected things and immersive human-machine interfaces is pushing more computing resources and services closer to the edge in support of digital touchpoints,” the firm said. “At the same time, an increasing number of organizations are focusing on the edge to engage more closely with customers at digital touchpoints.”
According to Gartner research, 27% of organizations are already planning to exploit edge computing as part of their infrastructure strategy. By the end of 2019, 70% expect edge computing to become relevant to their infrastructure plan.
By 2022, the firm estimates that half of large organizations will be integrating edge computing principles into their projects. This is partly because many will be investing heavily in IoT efforts.
The move to edge computing raises new questions about information security, however. As with any other shift in the way of delivering IT resources, the threats and vulnerabilities change. Organizations considering an edge computing strategy need to understand and address the security issues early on, or risk inviting data breaches and other attacks.
Organizations can take a number of steps to ensure robust security in an edge environment. CSO.com in a 2018 article noted there are six “essential elements of edge computing security.”
One is to effectively manage IT assets across the enterprise. This is especially important as more non-IT personnel deploy and manage
networks on the edge, creating an "island effect" in which a central security organization no longer has visibility into all devices and networks.
A possible solution is to use device detection software that detects any new devices that has been deployed, so IT and security management can keep track of assets. IT needs to know what's out there on the edge, prioritize the serious security risks, and identify tools and practices to apply to assets, the article said.
Another element is dealing with the “people factor.” Users such as managers on shop floors will be focused on production schedules rather than thinking about how a hacker might break into a machine. Passwords and proprietary information are shared.
One approach to this challenge, the article said, is to ensure that hardware and IoT devices are security-hardened, and that any data that they carry is encrypted. Another is the use of zero trust networks that verify IP addresses and authenticate users from both inside and outside the organization.
A third element is shadow IT, which now accounts for much of technology spending, according to industry research. Most of this technology is deployed at the edge, the article noted. One solution is for IT to review and recommend security tools and services that users can deploy on their own to help protect systems. Another is to build in edge computing security and identity management as part of every system.
Fourth on the list of factors is unpatched operating systems. Having many different types of devices with different operating systems deployed by end users is a risk. IoT will introduce all kinds of connected systems, many of which will be unfamiliar to IT and security managers.
In these cases, they need to identify new assets through a network that can detect the assets as they come online, and work with vendors of the devices to develop a procedure for executing regular software updates for any unusual operating systems.
The fifth element is risk management and disaster recover (DR). Security measures need to go beyond installing zero trust networks and equipping end users with security management tools and policies, the article noted.
What’s also needed is a process that incorporates edge computing into corporate risk management and DR plans. Critical systems, networks, and devices at the edge should be identified and planned for in the event that they’re compromised.
Finally, vendors need to be vetted. IT and security executives need to talk to vendors about security and see what they are including in their software and hardware that will bolster security.