How Edge Computing Will Drive New Demands for Data Security, Infrastructure Integrity and New IT Policies
By: Damla Cessur
Innovation and the adoption of increasingly pervasive digital service has driven investments in products and services made possible by edge computing, which enables storing and processing data at the edge of the network.
The unique features of edge computing, including applications like facial recognition, biometric solutions, real-time computing, factory automation, parallel processing, and most recently driverless vehicles introduces new challenges in the field of data security and privacy protection which until now have been applied to traditional computing paradigms (cloud computing, mobile cloud computing, and fog computing to date).
Despite the potential of edge-driven services, and the opportunity to create value with real-time applications, advances in data security for edge computing have been relatively slow to mature.
It is high time to now address data security and privacy threats, protection technologies, and countermeasures designed for edge computing, even as we are seeing networking capabilities, including 5G, which supports multi-edge computing.
In order to make new services and products successful, managing security cannot be an afterthought, including cryptography-based technologies that lead to state-of-the-art data security and privacy solutions purpose-built for edge-related paradigms. Industry standards and open source communities will also be essential to ensure harmonization across the edge ecosystem, avoiding the complexity of providing security in historic transformational movements in the telecom and other industries.
The Opportunities Driving Edge Innovations
The proliferation of the IoT, and the Internet of Everything (IoE) and the promise of access to 5G networking at scale by 2025 is inspiring new service models across products (like connected cars) and mass implementations (like smart cities and manufacturing plants), and applications that take advantage of augmented reality (AR), artificial intelligence (AI) and location-based services (LBS).
Even today, in our hyperconnected world, we are seeing the explosive growth of data in motion and data at rest, given so many sensing devices, such as smart-phones, health wearables, and thousands more, all which generate data that can be mined for value. And valuable this data is – no longer is the attack surface contained to a few consumer devices, for example; private information can now be stolen from fixed and mobile-connected devices.
According to the Cisco Global Cloud Index (GCI), the data produced by IoT devices, people, and machines will exceed 500 Zettabytes (ZB) by 2020. The same report predicts that bandwidth limitation and the cost of transporting data through networks to applications in the cloud (in centralized data centers) will only touch 15 ZB. This constraint is another driver of edge computing development, and while many companies are aiming for the actual compute at the edge and sharing of data with local applications (including automation solutions), securing that data in a local paradigm requires new ways to manage access to avoid direct attacks and pivot attacks, when there are vulnerabilities present.
While we may have once believed the cloud was the answer to “limitless scale,” we’ve learned the opposite is true. Linear growth computing capabilities of cloud computing cannot meet the multi-source data processing requirements of massive data at the edge of network, and transmitting massive data creates bottlenecks in the network that can slow down or even bring down other applications.
The edge of the network is the increasingly important counterpart of the network core, where connected entities produce data and manage it over a much smaller “infrastructure” footprint.
Edge computing substantially offloads the computation and communication burden from the network core, while also improving Quality of Service (QoS) and – with the right security software in place – can improve user privacy and data security.
Given the differences, benefits, and functions associated with edge computing, including designs for heterogeneous, distributed architectures, massive data processing, parallel computation, location-awareness and the increasing requirement for mobile access, the traditional data security and privacy-preserving mechanisms aren’t enough to protect massive data security in edge computing.
Why? Because edge computing is a distributed interactive computing system with multiple trust domains where given the coexistence of multiple entitles requires the identity validating for each entity in one trust domain, while all entitles are equipped to mutually authenticate each other among multiple trust domains.
Security for the edge is different, and the only way to solve this comprehensively is to build now for solutions which are fine grained, with affordable, lightweight data encryption based on multiple authorized parties and network, device and application access control that works in distributed computing approaches.
Security between the edge of the network and the core and data centers (shipping information to the cloud for certain analytic processing, etc.) also needs to be carefully thought through so that access to a device doesn’t accidentally turn into access into an entire network or cloud.
What Should IT and OT Teams Consider When Developing Security Plans to Support the Edge?
Here are a few suggestions as service providers and enterprises embark on IoT and IoE programs.
- Study the definition of edge computing, edge devices, and edge architectures and think critically about how the edge will interact with cloud applications.
- Redefine security and privacy metrics: confidentiality, availability, integrity, authentication, access control, privacy regulations and more; this is a brave new world.
- Research and consider cryptography-based technologies available, including identity-based encryption, attribute-based encryption, proxy re-encryption, searchable encryption and more. Look closely at state-of-the-art software that will not only do the job but scale and scale in a cost-efficient way so there are no surprises as edge-devices in place become more popular.
- Think ahead and read up on academic research being done in the areas of lightweight and distributed data encryption, cross-domain and cross-platform authentication (including API-based systems), multi-authority access control and dynamic data processing. Protect what you connect and will connect in the future!
- Do all of this in the context of where you are today with cloud computing and your onsite and remote data centers. Data security and privacy-preservation are getting harder to do given the “long-distance transmission”, particularly for mission-critical, real-time applications.
- Edge computing will continue to replace cloud computing in the years and decades ahead for the appropriate, local applications. The time has come to rethink everything we thought we knew as we evolved from premise to cloud computing, and to look at the edge differently but with the same rigor and requirements for identity access management, privileged access management, multi-factor authentication, and overall data integrity management.
Ironsphere has been a leader in this field for years, and we continue to work closely with our customers and partners to ensure they can protect what they connect, well into the future.
We have all found ourselves in a different world of work given the events that have defined 2020, and few professionals are feeling the pressure more than IT and OT teams.
Just as cyber risks evolve, the evolution of risk appetite frameworks is more active than ever. With more sophisticated adversaries, more digital transformation initiatives, more mobile works, ecosystem partnerships and connectivity to multiple clouds and services, enlightened management teams and their boards are updating their levels of “risk tolerance.”
Two-factor authentication has been around for decades – requiring an additional step between entering a username and password, for example, then entering a one-time security code sent to a mobile device – to access applications, systems and data.