Cyber Security
24 Jun 2019

Secure Edge Computing – Hardening the New Cybersecurity Frontline

Secure edge computing is vital in dispersed networking environments. With 5G networks set to revolutionize and accelerate the deployment of IoT solutions, the adoption of edge computing is set to increase over the next few years. This technology paradigm shift, where some processing will move from a centralized computing architecture to a decentralized model, requires organizations to rethink their security strategy. Unlike cloud computing, where enterprises can focus their efforts on securing a centralized service, the edge poses several challenges due to the dispersed nature of this architecture model. With security and privacy taking center stage in today’s online digitally-driven world, secure edge computing must form part of any solution that will leverage this rising technology wave.

The Edge Can Be a Weak Point

Due to its physical location, the network edge poses a risk to enterprise networks. As this model typically involves the placement of devices beyond the traditional firewall perimeter, it lacks the physical security of computing solutions that reside in a data center. In addition to these physical risks, edge devices can also introduce other vulnerabilities into enterprise networks. Poor password management, as well as misconfigured settings, are typical risks that have already been exploited by malicious hackers. For example, the famous Mirai botnet leveraged these vulnerabilities in poorly configured IoT devices. By scanning for open ports and compromising devices with default login credentials, hackers were able to execute significant Distributed Denial of Service (DDoS) attacks. Mitigating this risk, as well as others that are relevant to edge computing architectures, requires organizations to establish standards for secure edge computing.

The fact is that the edge is the new cybersecurity front line. As cloud services and mobility continue their exponential expansion across the digital workspace, IT no longer controls access to data through a single perimeter. Instead, the edge is the new frontier, and enterprises need to harden and secure every device by implementing a secure edge computing architecture.

Edge Computing is a Target

Due to the known vulnerabilities in edge devices that hackers have exploited in the past, edge devices are frequent targets. In addition to the devices themselves, the edge network user, the data that these platforms store and transmit, and the network itself are all at risk. As IoT endpoints implicitly trust all other devices and do not verify the authenticity of their connections, they pose a significant risk in an enterprise environment. Should a hacker compromise a single device, they can gain a persistent foothold on the network. In addition to this risk, manufacturers often release IoT devices early so that they can be first to market. Often this rush to get the products into the hands of businesses and consumers results in inadequate security measures. However, it is the distributed nature of the modern edge that creates the most significant risk.

Due to these inherent security risks, the IEEE recommends that organizations leveraging edge computing take the necessary security measures to protect these devices, the network, and their enterprise environment. As with all other security measures, organizations need to ensure the confidentiality, integrity, and availability of their edge environments as well as the data that they store and transmit. Enterprises should, therefore, consider implementing security mechanisms such as encryption, integrity audits, and robust authentication and access control as part of their secure edge computing model.  

Hardening the Edge

If we consider the distributed nature of the edge computing architectural model, a Zero Trust approach is an appropriate strategy for secure edge computing. The fundamental tenet of Forrester’s Zero Trust framework is that organizations should deem all data as untrusted. At its core, this model states that organizations must secure their data by ensuring that it is encrypted whether it is in transit or at rest. The Zero Trust Extended Ecosystem (ZTX) further states that at any point in time devices, people, workloads, and networks are interacting in an environment and accessing data. It recommends that organizations deem all these actors as untrusted and implement security measures to ensure the enterprise’s data is secure and that its systems protected from potential compromise. These measures include solutions such as network segmentation, robust access control, strong authentication everywhere, and continuous monitoring of the environment.

Various solutions can help organizations implement a Zero Trust architecture and implement a secure edge computing architecture. First and foremost, it is vital that enterprises deploy edge platforms with secure operating systems. They should also configure their edge with capabilities that include features such as strong authentication, encrypted authentication nodes, and the ability to use Named Data Networking (NDN) instead of traditional IP addresses.  

In addition to hardening the edge devices, enterprises also need to consider network security. As the underlying connection between the edge devices and the central processing environment is an attack target, measures need to be put in place to protect data in transit. Network segmentation is an option that takes a Zero Trust approach. Enterprises should implement this measure as it is not only good industry practice, but also a risk mitigation solution. However, encrypting data is also a vital Zero Trust requirement. Should the network not support encryption from the center to the node, a Virtual Private Network (VPN) needs to be used to ensure the confidentiality and integrity of data in transit.

Finally, organizations must implement strong user authentication and robust access control. Most of the significant edge related breaches have involved commissioned devices with default credentials and weak security. In addition to the technology that ensures only verified users and services can access edge devices, enterprises should also continuously monitor their environment. Contemporary Identity and Access Management (IAM) solutions provide the security needed to protect modern technology environments. However, auditing and oversight add a vital layer of needed protection.  A real-time log of which services and users access edge devices can help organizations prevent or mitigate potential attacks. As zero-day exploits exist across every platform, actively monitoring the environment protects the edge proactively.  

Secure Edge Computing with a Zero Trust Approach

As edge computing continues to grow exponentially, secure edge computing requires a Zero Trust approach. Taking the view that every person, device, workload, and the network is untrusted ensures that an organization can protect its technology environment and data proactively. By implementing measures such as strong authentication, granular access control, data encryption, and continuous monitoring, enterprises are ready to defend against attacks directed towards this new cybersecurity frontline.