Joseph Salazar, Technical Marketing Manager, and Vlado Vajdic, Solutions Engineer, both of Attivo Networks, explain how it is essential to take a multi-layered approach to security when adopting Edge Computing.
Edge Computing and the Internet of Things (IoT) are delivering significant business benefits to many organizations. However, they’re also creating substantial challenges when it comes to IT security.
Keen to take advantage of this new computing paradigm, organizations are deploying Edge Computing devices in record numbers. They are connecting everything from web cameras and motion detectors to monitors and sensors to corporate IT infrastructures and putting them to work in innovative ways.
In essence, Edge Computing involves shifting the processing power that traditionally occurred in a corporate data center out to a network’s perimeter. This shift means that computational processing can then happen close to the source producing the data.
As a result, there is a significant reduction in data volume sent to and from the data center, saving on bandwidth costs. It also improves efficiency, as analysis can begin shortly after data capture.
One example is how devices handle video. Traditionally, footage captured by a security camera needed to be sent back to the data center or cloud infrastructure for analysis, even though most of that footage was of little or no value.
By adding motion-sensing and processing capabilities to the camera, the device can determine which parts of the captured footage are valuable and send just those to the data center or cloud infrastructure for further analysis.
Another benefit of Edge Computing is reduced latency. Rather than sending requests from the Edge and then waiting for a reply, the devices can make decisions themselves.
This shift is particularly relevant when it comes to devices such as self-driving cars. The latency involved in waiting for a decision or direction from a data center could lead to an accident. Instead, the car has the computing resources in place, which allows for autonomous operation.
The myriad applications of Edge Computing will continue to cause its usage to increase. Indeed, according to research firm Gartner, by 2029, there will be more than 15 billion IoT devices connected to enterprise IT infrastructures around the world.
Securing the Edge
As organizations push more computing capacity out of the data center to the Edge of the corporate network, the challenge of maintaining adequate security grows. They must rethink the techniques and tools that have worked well in a centralized environment and often replace those that can’t address Edge Computing’s security needs.
One of the critical factors that organizations must recognize is that every deployed Edge device becomes an additional potential attack vector. Something as simple as a Wi-Fi-connected web camera, if compromised, can become an entry point into the entire corporate network.
One approach that organizations can take is to segment the corporate network. In this way, traffic from Edge devices remains separated from other traffic, limiting the chance that an attacker can move between systems.
Creating a separate network for Edge devices ensures that their performance is not detrimentally affected when user activity is high. This segmentation helps to maintain reliability and reduces the chances of bottlenecks.
The role of the decoy
Another technique growing in popularity is the deployment of decoy Edge Computing devices. These decoys mimic legitimate devices and their purpose is to attract the attention of cybercriminals attempting to break into the infrastructure.
As there is no reason for authorized users to access the decoys, any traffic to them should be deemed suspicious and treated as such. The organization can then divert the potential attacker from any functional Edge devices, reducing the adversary’s chance to access them for malicious purposes.
IoT devices and other sensors typically send data to the Edge of the network for analysis before sending it on to the data center or cloud. The Edge handles all the local processing. An organization can deploy decoy IoT devices or sensors that run the same protocols as the production devices but are not production systems. These decoys mimic the actual devices but don’t generate any data.
Additionally, the organization can create decoy analysis nodes at its Edge that run the same applications and connect to the decoy IoT devices or sensors, but again are not part of the production environment. These two use cases allow the organization to detect any activity that touches either the IoT devices and sensors (indicating malicious activity on the subnet) or interfaces with the analysis nodes (indicating an attack targeting the Edge Computing segment).
As the number of Edge devices in use climbs, it also makes sense to undertake regular checks and audits. Any security strategy will not be effective unless a clear picture exists of exactly what components are in place and how the organization is using them.
On-going monitoring of all Edge-related network traffic should complement the audits. If the monitoring capability detects any suspicious or unusual traffic, the organization must isolate the device before the attackers can do any damage.
A zero-trust approach
Another security strategy gaining traction within many organizations involves the concept of zero trust. By putting a zero-trust architecture in place, organizations can identify users and their devices before allowing them to connect to applications and databases. Furthermore, applying zero trust principles to application, data and network traffic (transport or session) further increases the security posture.
Extending this concept to the Edge can significantly strengthen security. If the organization must identify all Edge devices before allowing a connection to the infrastructure, it reduces the likelihood of rogue devices or cybercriminals gaining access to the environment.
An organization adopting a zero-trust architecture can prevent an attacker from accessing Edge devices or analysis nodes if they attempt to connect from an untrusted node, use an untrusted application or access data without clearing zero-trust requirements. Even if the attacker compromises a legitimate user account and uses a cleared device, the zero-trust controls will not allow the uncleared application access to the data or the network segment.
When adopting Edge Computing, it is essential to take a multi-layered approach to security. This approach involves a mix of decoys, network segmentation and zero trust techniques. By following this path, organizations can enjoy the benefits while maintaining effective security.Click below to share this article