Edge computing security risks and how to overcome them

IT administrators must incorporate the right strategies and tools to anticipate, prevent and overcome common edge computing security risks and realize the value of edge technology.

At this point, everyone knows that computing and networking pose security risks, and, clearly, new risks come with new types of computing. That's true of edge computing and, because it represents a fairly dramatic shift in the IT paradigm for most businesses, edge security risks can be particularly serious. Understanding them and their remedies is then critical to ensuring smooth business operations.

Edge computing security considerations

Edge computing is the deployment of computing resources outside the data center, close to the point of activity that the computing supports, where a series of connected devices link the edge device to users or processes, such as IoT elements. Deployment of an edge device, therefore, loses the physical security of the data center and the access, network and data security measures that are applied by the software or hardware that reside there.

The security challenge of edge computing is providing whatever additional security is required to bring edge security up to data center standards for security and compliance. In many cases, that means providing secure access to edge devices, both physically and through a user interface, replacing and equivalent to data center security practices.

How edge computing can benefit network security

Edge computing doesn't always add risk; it can improve network security by providing local encryption and other security features. Inexpensive sensors and controllers used in IoT lack strong security features, and edge computing can secure this local traffic at a low cost.

Even where laptops, desktops or mobile devices are powerful enough to have strong security features, getting their traffic onto a single connection to a company VPN or data center will improve monitoring and control of security. The edge computing facility can also help isolate local devices from denial-of-service attacks by effectively removing them from direct connection to the VPN or internet.

Edge security strategies
There are inherent security risks in edge computing. Using access controls and establishing audit procedures are just a couple of steps that help secure the edge.

Common edge computing security risks

Edge computing is, in most ways, a kind of minimized data center, and minimization can often mean that protection features are stripped out or reduced to lower the cost of the edge facility. This is the biggest single source of incremental security risk in edge computing, but it's not the only source. To understand more, we'll need to look at specific risk factors and their sources.

Data storage, backup and protection risks

Data stored at the edge, as already noted, lacks the physical security protections usually found in data centers. In fact, it might be possible to steal an entire database simply by removing the disk from the edge computing resource or inserting a memory stick. Because edge computing facilities are limited in local resources, it might also be difficult or impossible to back up critical files, which means that if there is an incident, there might not be a backup copy to restore the database.

Password and authentication risks

Edge computing resources are rarely supported by local IT operations professionals who are security conscious. In many cases, maintaining the edge systems might be a part-time job assigned to several people, and this situation encourages lax password discipline. In some cases, that might take the form of simple passwords easily remembered; in others, posting notes with passwords for critical applications; and in nearly all cases, failure to change passwords often. Edge systems might not employ strong authentication measures such as multifactor or two-stage authentication, again, for the convenience of users/administrators.

Perimeter defense risks

Because edge computing expands the IT perimeter, it complicates perimeter defense overall. Edge systems themselves might have to authenticate their applications with partner applications in the data center, and the credentials for this are often stored at the edge. That means a breach of edge security might expose access credentials to data center assets, increasing the scope of the security breach considerably.

Cloud adoption risks

Cloud computing remains the hottest topic in IT, overall, and so the risks associated with edge computing in combination with cloud computing are particularly important. What those risks could be will depend on the specific relationship between edge and cloud -- something that's easy to lose track of, because different cloud software platforms and services treat edge elements in different ways. If the edge devices are simple controllers, as is often the case, it can be difficult to give them secure access to cloud resources and applications.

Best practices for edge computing security

There are six basic rules for edge computing security. First, use access control and surveillance to enhance the physical security at the edge. Second, control edge configuration and operation from central IT operations. Third, establish audit procedures to control data and application hosting changes at the edge. Forth, apply the highest level of network security possible between devices/users and edge facilities. Fifth, treat the edge as a part of the public cloud portion of your IT operation. Finally, monitor and log all edge activity, particularly activity relating to operations and configuration.

Access to edge facilities must be secured because the facility, overall, is not. Having the systems in a cage with video surveillance on entry and exit is a good strategy, providing that access to the cage is controlled and that that video can identify access attempts. Opening the secure cage should trigger an alarm in the company's IT operations or security center. The tools for this are the same as those used for facility security: sensors and alarms.

Speaking of company IT operations, the organization, rather than local personnel, should oversee all edge configuration and operations. Having local people perform critical systems functions lends itself to careless password control and operating errors.

Edge application and data hosting should also be centrally controlled and subject to compliance audit. This can reduce or prevent incidents where critical application components or data elements are migrated to edge facilities that haven't been certified as secure to host them.

Because the network connection to the edge is the conduit for all edge information and all operations practices and messages, it's critical that the network connection be fully secure. That means high-quality encryption, using a technique that avoids storing keys on the edge system, because that system is less secure. Multifactor authentication should be applied to all network, applications and operations access.

All of this must be monitored, and every event associated with edge computing operations, including all deployments, configuration changes and accesses to any supervisory modes from either a local keyboard/screen or remotely, must be logged and audited. Ideally, operations personnel in both the IT operations and security areas should be advised before making changes, and an escalation procedure should be created to notify management if anything unexpected is reported.

Key edge security vendors and products

Firewalls, tunneling and secure communications vendors and products include all the software-defined WAN vendors, because that technology can support secure communications from any edge, including a facility that has local computing. In addition, security/firewall products from the major vendors -- Cisco, Juniper, Palo Alto Networks -- can help protect the edge from attack.

Application control and security at the edge should be a function of IT operations tools, including DevOps -- Chef, Puppet, Ansible -- and container orchestration tools such as Kubernetes. These products are available from a wide variety of sources, including HPE, IBM Red Hat and VMware.

Threat detection at the edge can be considered either a function of network and systems monitoring or it can be supported by a specific application set. Popular monitoring tools include Argus, Nagios and Splunk. Specific support for intrusion detection and prevention is available from tools such as SolarWinds Security Event Manager, OSSEC, Snort and Suricata.

A good problem-tracking and management system is essential for edge computing, particularly if there are many these facilities and/or they're widely distributed geographically. Popular systems include OSSEC, Tripwire and Wazuh.

Dig Deeper on Internet of Things (IoT) Security Strategy