Edge computing security issues: mitigating local IT threats

Getting your Trinity Audio player ready...

Cloud computing has become so popular – enabling users to deploy IT resources affordably at the click of a button – that the idea of building out those services locally may feel like an odd choice. But there are still good reasons for bringing hardware closer to home, such as eliminating latency effects, reducing bandwidth constraints, and having full control over your data. And IT security teams will need to modify their defense strategies depending on whether information is held locally or hosted in the cloud, and that includes keeping on top of edge computing security issues.

The fog between the edge and the cloud

One of the biggest contributors to the rise of edge computing, where a significant portion of data processing is carried out locally rather than in the cloud, is the now mature internet-of-things (IoT) sector. It’s estimated that there are billions of IoT devices in use globally, and while – by definition – these nodes are networked over the web, they still carry onboard electronics to gather information locally and make decisions based on that data.

Also, processing outcomes can be the result of local inputs and analytics performed in the cloud. And this fusion – sometimes dubbed fog computing – couples the speed of having devices locally on the edge of the network with the advantages of being able to lean on large amounts of processing power and data insights available centrally.

From an edge computing security perspective, decentralized fog architectures can have benefits that go beyond pure data processing and decision-making performance. Unlike a pure-play cloud application where everything is processed centrally with large amounts of web traffic, fog computing designs can be constructed to minimize exposure over the internet. More sensitive information can be retained on the local network, raising defenses against remote attackers.

Also, fog nodes can carry out pre-processing and buffering to make cloud execution of tasks more efficient. Rather than send everything out to the web, increasingly – for a variety of reasons, including speed and privacy – edge computing devices tap into the internet only when necessary.

Addressing physical security issues of edge computing

So far, so good, in terms of reducing the target size of valuable information that could be exposed over the web. But that data privacy gain has shifted security issues to the edge computing setup. Thankfully, it’s not straightforward for an attacker to walk into a cloud services provider’s facility and start tampering with devices. But edge computing architecture could be located on the roadside – in the case of smart cities and connected and autonomous vehicle applications – where physical security issues could be more pressing.

In many cases, putting edge computing equipment up high on the roof of a nearby building will address many of those physical security issues. And the equipment can benefit from the access controls provided by the facility’s front desk, camera surveillance, and security guard patrols. But what if there aren’t buildings nearby? Or if facilities owners are unwilling to share their space?

To avoid security issues, operators of edge computing equipment need to think much more carefully about device basics such as operating systems and boot sequences. Bad actors – with the advantage of physical access – will look to exploit known hardware vulnerabilities and have more metaphorical levers to pull compared with targeting cloud infrastructure.

Edge computing operators can use device attestation mechanisms to warn of equipment tampering or to check that a device requesting to join the network is legitimate. Device attestation can check not just hardware integrity, but also perform software validation and confirm that everything has been configured as expected. And it’s become a popular security tool for edge computing operators.

In terms of blueprints that developers can follow to raise defenses around their edge computing infrastructure, the evolution of mobile phone security provides a useful playbook for IT teams. And, in fact, by using those chipsets and associated security solutions, edge hardware developers can readily leverage that experience to bolster the defenses of their designs.

Threat scenarios to consider include thieves walking off with the equipment. And for that reason, it’s important that all data is encrypted not just in transit, but also at rest – at a bare minimum. Considering other protective steps, many IoT-focused operating systems now give developers fine-grained control over what processes are allowed to run, locking systems down to a much higher degree compared with fully-featured installations.

Benefits of a growing edge computing ecosystem

Also, as edge computing infrastructure proliferates through the continued adoption of IoT, which includes a wide range of applications in agriculture, manufacturing, healthcare, smart cities, and many other use cases, so does the understanding on how to keep systems safe.

Looking ahead, computing infrastructure is becoming more mobile. The complexity and capability of smartphones increases with every model update, augmented by companion devices. There’s also robotics to consider. Cobots – collaborative robots – are anticipated to become much more popular outside of their typical industrial settings. And activity is ramping up on the use of automated drones capable of flying unaided – with air corridors being proposed to support supply chain innovation and overcome bottlenecks on the ground.

“It’s important that we acknowledge that the edge computing world is growing,” said Rob High – VP & CTO of Edge Computing at IBM. “It will have as much impact in the world of enterprise computing as mobile phones did in the world of consumer computing.”