More businesses today rely on edge computing to run their operations, and the benefits are numerous. Putting data and applications as close as possible to end users can lead to faster performance, lower latency, and ultimately reduced data storage cost.
But tapping into edge computing also presents significant security risks for enterprises across industries. Businesses that haven’t adequately secured their edge deployments are left vulnerable to cybersecurity breaches at a time when cybercrimes are still on the rise and cybercriminals have become more creative than ever.
What are the challenges of securing edge deployments, and what’s your advice for where to start? We posed that question to the CIO Experts Network, a community of IT professionals and technology industry influencers. Here are their answers.
“IoT and edge computing enable a powerful method of rapidly analyzing real-time data, creating new opportunities for faster and more insightful decision making,” says Neil Kole (LinkedIn: Neil Kole), Chief Information Officer at Boomi. “Since edge devices can vastly extend a network and enable remote management and data sharing, ensuring that the various integrations and connectors within the network are fully secured end-to-end is paramount.”
It’s critical for enterprises to efficiently identify suspicious activity, detect intrusions, and decisively act to secure their edge deployments. Standing in the way, however, are multiple challenges. By first understanding these major challenges, leaders can then strategize on how to act and effectively secure their edge deployments.
Understanding the issues
In the current environment, despite best intentions to improve productivity, many organizations are ill prepared to deploy edge devices. In an industrial setting, for example, they must first address both the physical and digital security implications of deployments in remote locations with machinery born before the digital age.
“The convergence of IT and OT enabled by edge deployments is outpacing the adoption of edge security best practices,” says Michael Bertha (LinkedIn: Michael Bertha), Vice President at Metis Strategy.
From Dipti Parmar’s perspective, it’s the remote nature of edge locations and the large number of devices that’s often the problem, and edge locations are inherently neglected. “They’re prone to running unpatched or vulnerable software for extended periods of time, poor physical security as well as rogue administrators,” says the Chief Strategist at Dipti Parmar Consulting and Co-Founder at 99stairs (@dipTparmar).
“The more edge devices a company deploys,” adds Kieran Gilmurray (@KieranGilmurray), CEO at Digital Automation and Robotics Limited, “the more attack vectors and vulnerabilities it creates for threat actors.”
Peter van Barneveld (Peter van Barneveld | LinkedIn), Innovation Manager at Dustin, says the decentralized placement of edge devices is the first problem that needs to be addressed. “If you don’t have visibility of the devices, you can’t protect them.”
At the same time, as businesses come to rely more on edge computing to run their operations, the risk of service gaps or downtime increases, which is a problem for enterprises. “This risk is concerning,” says Helen Yu (**@**YuHelenYu), Founder & CEO. Tigon Advisory Corp., “because different types of edge have different security requirements and workload demands.”
Other key challenges around securing edge deployments include complex infrastructure, remote management and operations, distributed IT teams, and integrated cloud services, according to Global Thought Leader and Tech Influencer Elitsa Krumova (@Eli_Krumova)
Getting stakeholders on board
Before taking concrete steps to secure edge deployments, it’s important to have a solid foundation that includes buy-in from major stakeholders as well as a supportive culture.
Companies should first identify the business objectives and challenges that edge can address, says Yu, along with the resources and the investments needed. “Effective communication with stakeholders and service providers about edge’s benefits and risks, as well as security is crucial,” she says.
Sawan Joshi (LinkedIn: Sawan Joshi), Director of Information Security at Cervest, says stakeholders may require some convincing to get on board. “A large part of this challenge is going to be to convince investors and stakeholders to try new partners to address a specialist objective in industries where they have grown comfort in using legacy known sector specific partners.”
Tom Allen (LinkedIn: Tom Allen), Founder_, The AI Journal_, says that creating a strong, security-minded culture is so important that it can mitigate most challenges. “Only when you don’t have the right culture for it or roadmap with action and execution plan will you face challenges,” he says.
Parmar believes it’s critical to define and implement separate data security, device security, and network security policies for the edge, while Yu agrees strategies aren’t one-size-fits-all. “Security strategies must be tailored to each specific type of edge computing to ensure data flows smoothly and securely,” Yu says.
Where influencers agree: start by formally integrating edge computing considerations into security strategy, assessing previous deployments to understand risk profile, and launching a campaign to close the knowledge gap between resources that deploy and secure edge solutions.
Establishing the right framework and strategies
A zero trust framework, or security solution that links Internet traffic to remote sites with zero trust access principles and through cloud-based security and networking services, is a preferred framework for securing edge deployments.
Parmar recommends enforcing a zero trust framework via a cloud control plane that automates monitoring, telemetry, configuration and patch management and orchestration. “While this might turn out to be a bit complex at the outset,” she says, “it will set the foundation for long-term organizational security on the edge.”
For Krumova, it’s important for CIOs and IT security experts to adhere to several practices when developing and implementing a Zero-Trust Edge (ZTE) security model for edge platforms. “First, a centralized, rigorous, and reliable configuration and patch management should be enforced in order to achieve a stable and constant cloud-controlled global management and centralized automation to the edge,” she says.
Isolated data protection and recovery management for both OS and application data should be deployed in addition to real-time centralized cloud-controlled software update management. Finally, says Krumova, a single-control point for centralized cloud-controlled secure administration should be implemented to enforce access control at the edge and secure permissions management.
Peter Nichol (@PeterBNichol), Chief Technology Officer at OROCA Innovations, agrees introducing a zero trust network model is the right first step. “This requires proving that a device is secure before access to sensitive resources is authorized,” he says.
Then, tune and secure remote access, Nichol adds. Audit virtual private networks (VPNs) for vulnerabilities and validate remote desktop protocols are current. Finally, implement intrusion detection systems to identify non-standard activity quickly.
Van Barneveld prefers a central management system to mitigate risks. With one “you can install updates, implement policies and access controls, and automate security tasks. This allows for consistent application of standards and efficient execution of security measures,” he says.
Nichol sees three key options around securing edge deployments. These include: 1) segregating networks based on function, which will limit an intruder’s depth of penetration; 2) implementing a file-signing scheme to validate the authenticity and integrity of data; and 3) utilizing out-of-band (OoB) communication paths so bad actors can’t monitor changes administrative security functions. When combined, “these limit the threat profile on the edge,” he says.
Still, the approach to securing edge deployments isn’t static. It will continue to evolve along with emerging threats. Companies therefore must also continue to be nimble, shift, and adapt.
As Nichol says, “device variation, multiple protocols, and operating system patching discrepancies continue to make securing edge deployments an ongoing process of monitoring and adaption to new threat profiles.”
Click here to learn more about Cisco’s solutions.