Guest post by Ernest Sampera, a co-founder at vXchnge.
Edge computing gives services and applications the ability to work more efficiently by keeping data on the periphery of the network, analyzing and processing it closer to the source. This enables a host of benefits, chief among them faster speeds and lower latency. Still, technical leaders must consider and address security concerns with the introduction of any change to network architecture.
New Risks with New Technology
In previous decades, IT teams managed network security within the confines of their facilities, using firewalls and later VPNs as their primary means of protecting a handful of access points. That all changed as the Internet of Things took hold and proceeded to grow exponentially.
Cisco says IoT will account for 50% of all network devices by 2023—and IoT and edge computing often go hand-in-hand. As innovations like connected vehicles and telehealth mature, the demand for edge benefits will naturally increase. The advantages of edge computing far outweigh its potential downsides, but the fact remains that like the use of IoT, it introduces new risks to network security.
Not only can cyberattacks come from anywhere at any time, but the distributed nature of today’s networks coupled with a general lack of employee understanding means there are both more ways in and less conscientious gatekeepers than ever before. Without the right tools in place, just one compromised device can have a domino effect, causing lost productivity, privacy breaches, regulatory fines, and damage to brand reputation.
For organizations that have or are considering investing in edge deployments, the time has come to implement policies for edge security. Here are five guiding principles to start from.
Suspect Until Proven Secure
Like any security initiative, it is most effective to establish precautionary measures that can help avoid an incident from ever occurring. At vXchnge, we have adopted a zero-trust security philosophy for our edge data centers across the United States.
Essentially, zero trust network access centers on the assumption that even if something or someone is allowed within the network perimeter, they are granted the least-privileged access they need to perform their role. Few, if any, individuals or devices are granted total, unrestricted access.
With this underlying assumption in place, IT teams can design an architecture that minimizes both the possibility and the impact of an attack, regardless of the number of devices associated with the network. It also makes it easier to function around a compromised device, without putting the entire organization at risk of operational delays.
Catalogue Network Devices
Next, organizations should be able to account for all devices operating within their networks. Cataloging devices will make it easier to identify existing risks, restrict access if and when a security breach occurs, and establish a foundation for endpoint security.
Ideally, the catalog will include a profile of each device that details how it interacts with other equipment, applications, and sensitive data as well as its age – and potentially its security features. Moving forward, all networks will need to accommodate a mix of older and newer devices with a wide range of security capabilities. Organizations that can distinguish between the two will have an easier job determining what access points are most vulnerable and be able to take additional precautions.
Fortify network protocols on edge devices
Device protocols are an important consideration in edge security, particularly in enterprise network environments. Knowing when and how devices are interacting with the network is a good start, but IT teams must be actively managing what devices can access the network – and under what conditions.
Even before adding edge computing to the mix, the misconfiguration of cloud services is surprisingly common and contributes to network blind spots. One solution is installing controls at the hardware level, so only corporately-owned devices can access an organization’s most sensitive applications and data. Options include hardware security modules or store cryptographic keys.
Every security plan should also involve educating (and reeducating) employees, but education only goes so far. Even well-meaning employees regularly and inadvertently introduce security risks. Encryption can add a layer of protection between the network and employees, especially those that use unsecured, personal devices to check in on work.
Leverage the Edge for Security
This one is a bit of an outlier: now that we’ve discussed how to keep the edge secure, it’s worth pointing out that edge computing can also offer a security advantage to network architecture.
Even if a portion of the network is compromised, the distributed nature of edge computing makes it possible to isolate an attack and for data processing to carry on. The most sophisticated solutions can divert critical operations to backup locations and store data locally until the network is fully operational.
Once an organization has a plan in place for maintaining edge security, it’s not inconceivable that edge deployments will become a component of its larger security strategy. In the future, some may even look to edge security primarily for its security benefits.
Adapt as Edge Computing Expands
Above all else, no aspect of IT security should be regulated to a one-time project or an annual event. Security is an ongoing process, one that must be a priority for every organization and a factor in every technology initiative.
We have just scratched the surface of the potential for edge computing, and competitive organizations should continue to embrace methods for enhancing network connectivity—safely. As edge computing evolves, so too should its security practices.
About the Author
Ernest Sampera is a co-founder at vXchnge, an award-winning, carrier-neutral colocation services provider with edge data centers across the United States.
DISCLAIMER: Guest posts are submitted content. The views expressed in this blog are that of the author, and don’t necessarily reflect the views of Edge Industry Review (EdgeIR.com).
edge data center | edge security | network monitoring | networking | vXchnge | Zero Trust