Click to learn more about author Patrick Hubbard.
Edge computing is on the rise; new research expects the market to reach US$28.84B by 2025. While data center boundaries, from compute to networks and storage, are being pushed even further to meet the needs of IoT’s demanding applications, we also have billions of devices creating massive amounts of data better processed closer to the end user.
The nature of edge computing, however, means all the magic happens on the outer perimeter of your environment. If you’re not careful, it can introduce greater complexity and security vulnerabilities to your IT environment.
What follows is a recap of the basic, but critically important, dos and don’ts of achieving a secure and successful edge deployment.
DO: Create a thoughtful security posture with minimal exceptions
Two components of edge computing specifically influence the overall security of deployments—attack surface and physical location. With edge, we’re connecting additional infrastructure to our core network to facilitate data processing and reduce latency, but at the same time, we’re creating one more opportunity for data to be stolen. Without careful controls, the larger the attack surface, the greater the overall security vulnerability becomes.
Meanwhile, edge computing is also inherently distributed. We’re much more likely to forget about hardware pieces residing outside our centralized environment—whether in the cloud or in our on-premises data center. And without the benefit of consolidated security controls, things as basic as patching software are easily overlooked when a server is sitting in a remote location. That device could be compromised any number of ways before you even realize there’s a problem.
Consider this: The further you decentralize the deployment of a technology, the more homogenous your security policy should become. In one scenario, you could have a GDPR issue; an employee could be traveling, happens to pop up on your network, and you collect data on them out at the edge. Is that an issue? IoT is an even more extreme example. The “dumber” the device connected to the network, the stricter your security policy should be.
DON’T: Forget about the hardware
This is especially true with new edge deployments. Unlike the flexibility offered by centralized cloud infrastructure (where services can be spun down if needed) or virtualized environments (where we can abstract the necessary services from the hardware it sits on), edge deployments actually take a step backward; the performance of a specific piece of hardware or an individual capability more directly impacts the application or workload it’s running.
If your current deployment is configured to support an application primarily doing sensor data collection and basic pre-processing today, for example, don’t expect the same infrastructure to support AI, a machine learning-based model generation, or full data processing tomorrow. Maybe that device needs a GPU. You shouldn’t assume edge deployments are nearly as flexible in terms of appropriateness for any task (or a blanket set of tasks) as the server infrastructure you’re currently using in your larger, centralized environment.
The dream is your edge systems are going to deliver new opportunities for the business, but outgrowing gear already deployed is an expensive issue to remediate, and it’s in the best interest of any tech professional tasked with an edge deployment to think critically about hardware needs in advance.
DO: Think about physical security
In today’s security climate, this tip may seem like it needs to go unsaid. But some of the most effective cyberattacks actually start with a physical breach—like malware delivered through a USB. Think about who can enter and physically access your edge deployment—including building, room, and even rack-level access—and consider basic video monitoring. When you’ve got a piece of infrastructure connected to a network that’s collecting and processing data somewhere outside your centralized environment, you should stop and consider whether your devices are physically secure.
DON’T: Default to hardware-vendor-provided monitoring and management
Remember, many edge networks interface with not only a larger number of device types but also hardware from other vendors. It’s like monitoring and troubleshooting a hybrid environment but perhaps even more extreme; you’re monitoring cloud and on-premises infrastructure and processes, plus this new, third “thing.” It essentially creates a tricky gray area where you can’t directly observe the technology the way you can in your data center or the cloud.
To create the level of visibility needed for not only a hybrid but distributed environment, you need a solution delivering truly holistic, comprehensive management across providers—everything should roll up into a single pane of glass view.
This is especially true if you’re executing an edge deployment through a partner or MSP. Are you putting your own governance in place? Are you getting regular reports from the company managing your technology? Is there indemnification? Driving standards across all vendors, from configuration governance and homogeneity assurance to comparative performance analysis, is something you need to own to ensure you’re receiving the same quality of service.
DO: Prepare for the unknown
Despite the near-constant chatter about edge computing, many real deployments stubbornly remain incredibly bespoke and thus outside the realm of easily applied, standardized security measures. Essentially if you have a custom edge deployment, you’ll need a custom security policy. Security Information and Event Management (SIEM) tools can be incredibly useful when it comes to securing edge deployments. You should also consider implementing the core tenets of basic cyber hygiene (including completing routine security updates like managing and patching machines, ensuring a backup is in place, etc.). At the end of the day, it boils down to determining what processes need to be in place for you to be able to sleep peacefully at night.
It’s important to remember even the basics of edge management can be substantially different than on-premises or even cloud. From unexpected hardware considerations to new security vulnerabilities, the distributed nature of edge computing introduces a new set of complexities tech pros must evaluate to help ensure success.
By starting with the simple dos and don’ts outlined here, technology professionals can get a jumpstart on helping ensure their edge deployments are meeting the needs of the organization and are protected against key security threats.