Research Roundup: Virtualized DNS, code traceability needed for edge computing

The research conducted by Heavy Reading looked into roadblocks encountered by Communication Service Providers (CSPs) when moving to distributed cloud models. The report, titled “DNS and the Edge: The Evolution will be distributed,” also introduces use cases for Multi-access edge computing (MEC), 5G New Radio (NR) and 5G Next Generation Core (NGC) networks which drive the need for flexible, automated DNS. Although they are aware of the importance of DNS, only a small number of companies trust their existing DNS can support MEC or 5G NEC.

Some 71% of CSPs in the survey believe DNS is a vital component when implementing advanced network technologies such as 5G, cloud-based managed security services (66%) and MEC (63%). When asked about implementation plans within the next 12 to 18 months, 36% are looking into MEC, 35% into 5G and 35% into NGC. All told, some 60% of respondents would in theory be offering MEC services by 2022. However, the biggest overall deployment challenge is the absence of mature vendor solutions.

“Distributed cloud models such as 5G and multi-access edge computing networks have the potential to drastically change the CSP industry, delivering high-bandwidth, low latency services to network customers,” said Dilip Pillaipakam, vice president and GM of Service Provider Business at Infoblox, in a prepared statement. “Yet to fully take advantage of the benefits of these new technologies, DNS will have to evolve to address the challenges that come from delivering these high-value services at the network edge.”

Accurics insists on adding security at the beginning of the DevSecOps cycle

Security company Accurics has published its latest “State of DevSecOps Report,” which points out the importance of adding security early in the DevOps lifecycle, as the industry continues to struggle with cloud security and a lack of technologies that deliver total infrastructure protection, the company announced.

“Our report clearly describes how current security practices are grossly inadequate for protecting transient cloud infrastructures and why more than 30 billion records have been exposed through cloud breaches in just the past two years,” said Accurics Co-founder & CEO Sachin Aggarwal, in a prepared statement.

“As cloud stacks become increasingly complex, with new technologies regularly added to the mix, what’s needed is a holistic approach with consistent protection across the full cloud stack, as well as the ability to identify risks from configuration changes to deployed cloud infrastructure from a baseline established during development. The shift to infrastructure as code enables this; organizations now have an opportunity to redesign their cloud security strategy and move away from a point solution approach,” he said.

According to the report, misconfigurations of cloud-native technologies can be manipulated by criminals, automatically widening the attack surface. The shift toward provisioning and managing cloud infrastructure through code for agility and reliability opens the door for companies to implant security from the beginning of the DevOps lifecycle. These include Terraform, Kubernetes, Docker, and OpenFaaS. On a positive note, 24% of configuration changes are made via code.

Accurics warns that infrastructure as code lacks the proper security measures due to a lack of comprehensive protection tools and that only 4% of production errors flagged are attended to. As this happens in a later stage, investigation and resolution can eat up many resources, including money and developer time.

Since organizations are not really focusing on basic security and compliance, they risk having open security groups, overly permissive IAM roles, and exposed cloud storage services, all possible causes for cloud breaches. Another major problem identified is that 90% of organizations have users with privilege access to make configuration changes to cloud infrastructures post deployment.

Accurics provides a few guidelines to reduce the attack surface such as securing the full cloud-native stack, adding security from the very beginning of the development cycle and preventing cloud posture drift.

Last month, Accurics released a platform to secure the full cloud-native stack in the DevOps lifecycle in hybrid and multi-cloud environments.

Analyst Perspective: Why you should look at these reports

The aforementioned research reports aren’t explicitly focused on edge computing, but practitioners should take note of a few points.

Regarding the Heavy Reading report, we can see CSPs are (mostly) still at least 12-18 months away from implementing MEC services. We also note that MEC ranks below 5G NGC and NR components, with 44% of respondents indicating that MEC is important and 26% saying it is somewhat important. To our ears that support sounds a bit soft.

DNS notwithstanding, there are also plenty of possible areas for delays in rollouts. The survey provides further insights into the use cases that CSPs expect to see deployed, helping offer some prioritization for developers and vendors alike.

The Accurics report highlights an issue for those who are eyeing the edge cloud opportunity (public or private). Managing cloud infrastructure is already a challenge and having a wider array of resources to manage at the edge could greatly expand the chances for security issues.

What applies to application development now will apply to edge applications as well: basic mistakes in service misconfiguration and lack of management of the code base will be an issue without baking security controls into the development process.

Vendors of edge cloud services would do well to help educate customers about DevSecOps practices before they deploy janky code on your platform.

Jim Davis, Principal Analyst, Edge Research Group

Article Topics

Accurics  |  DevSecOps  |  dns  |  edge applications  |  edge cloud  |  Infoblox  |  security