Credit: Dreamstime
The COVID-19 pandemic and the disruption to workplace and operational environments that it triggered have accentuated and, in some cases, exacerbated some of the security concerns around edge computing.
Edge computing is a model where organisations, instead of relying solely on centralised data centres, distribute processing and storage capacities closer to where the data is generated -- Internet of Things (IoT) devices for instance -- and to the users and applications consuming the data.
In a research note last year, Gartner described edge computing as entering the mainstream among organisations seeking to take advantage of IoT and transformative, next-generation cloud-native business applications.
The analyst firm advocates that infrastructure and operations leaders take steps to incorporate edge computing into their cloud plans over the next few years. Forrester Research has predicted that organisations with highly distributed operations will increasingly begin looking for small and more local data centres and cloud services as edge processing services for their computing needs.
Tech spotlight
The trend toward edge computing has surfaced several security issues for organisations. For instance, the explosion of devices at the network edge has significantly expanded the attack surface at many companies and given threat actors a lot more opportunities to use these systems to break into the larger corporate network.
Many of the servers and storage systems that organisations are using for edge processing are rich targets themselves because of the data they contain and the fact that they are often less well protected than servers hosted in enterprise locations and centralised cloud data centres and co-location facilities.
Another issue: ISPs, device manufacturers, systems integrators and other stakeholders have begun delivering or integrating edge computing capabilities of their own for their customers and partners -- a trend that has further complicated questions over ownership and responsibility for edge security in heterogenous vendor environments.
Experts have identified the following four areas where edge computing will have the most significant effect on enterprise threat models.
An accelerated shift to SASE
The shift to a more distributed edge-oriented computing model has focused greater attention on secure access service edge (SASE), a computing approach that combines network security functions such as secure web gateways and cloud access security brokers with secure wide area networking (WAN) capabilities.
A survey that Versa Networks commissioned earlier this year showed that SASE adoption surged over the past year, with 34 per cent saying they were in the process of implementing it and 30 per cent planning to do so.
Reasons for the surging interest included problems that users had connecting to the enterprise network from remote locations, dropped connections, and performance issues when using bandwidth hungry apps such as videoconferencing. Challenges enforcing security policies and spotting new threats were other issues.
"One technology changing security and the edge is SASE," says Ernest Sampera, co-founder of vXchnge. SASE is built around the idea that as users, applications and data move out of the enterprise data centre to the cloud and network edge, it is also necessary to move security and WAN to the edge to minimise latency and performance issues.
"SASE combines SD-WAN with a stack of solutions that protects the network portions involved in edge computing. Edge use cases grew considerably during the pandemic and not surprisingly, so did SASE adoption," Sampera says.
Increased focus on attack surface visibility
The shift to work from home and hybrid work environments has primarily impacted the endpoints that people have been using to access enterprise networks, says Fernando Montenegro, principal analyst, information security at 451 Research.
"In that sense, the last 18 months have resulted in lots of people trying to do their best connecting remotely to corporate systems." The trend highlighted both how people connect remotely -- via VPNs for example -- and how people are supported in their remote work. It also led to a sharp increase in exploit activity against older VPN devices and other technologies used for remote access.
"The increased adoption of edge computing means that technology is now being used to address ever more specific use cases in many areas of the enterprise, meaning that there needs to be strong alignment between security and the business unit or team deploying edge computing," Montenegro says. "If not addressed properly, a disconnect between security and business can result in unmet security needs."
Chris Morales, CISO at Netenrich, says one fallout of the shift to a more distributed work environment has been an over-emphasis on endpoint security and not so much on other aspects of edge computing.
As one example he points to the focus on preventing endpoint threats even as account takeover attacks targeting Office 365 environments has become a bigger attack surface. "In general, security budgets have shifted to threat detection as priority but have spent little time on attack surface visibility and risk quantification," Morales says.
He advocates that organisations seeking to secure their edge environments try enabling greater visibility over their entire attack surface and not just user endpoint devices. "For every organisation, the only way to understand the right strategy is to have visibility of the entire attack surface and to operationalise risk management using techniques like threat modelling and adversary emulation," Morales says.
Identifying device risks
Risks from device variety at the edge have increased says Sampera from vXchnge. Much of the security concerns around remote work stem from users logging in from remote locations that may not offer strict security controls, he says. As organisations have attempted to mitigate that threat with controls like VPN and multi-factor authentication, attacks on those tools have increased.
"Another trend that has accelerated because of the pandemic is the physical security of the edge infrastructure that’s deployed in either in-house data centres in commercial buildings or remote in-house data centres with poor physical security and monitoring," Sampera notes.
Systems in these settings are susceptible to physical tampering, swapping out, or having malware planted on them that allow for data theft, privilege escalation, snooping, and other malicious activities.
The threat requires organisations to pay more attention to cataloguing devices based on device type, operating system, security features, age, and any other features. The goal is to assess devices for potential vulnerabilities, to identify existing risks, restrict access when a security breach occurs, and establish a foundation for endpoint security, Sampera says.
Also important, according to security researchers, are controls like hardware root of trust, tamper evident and tamper proof features, encryption, and crypto-based ID controls.
Greater focus on supply chain security
The edge computing phenomenon has focused increased attention on threats via the supply chain -- and not just because of pandemic related disruptions. With organisations increasingly relying on computing and storage systems that are not under their direct control, questions about the security of the devices and device components have become more important.
"With updating edge devices being a more involved and expensive process than general purpose computers, it makes sense to aim for a better understanding of how devices are affected by security issues in their components," Montenegro says.
Heightening the urgency for such scrutiny is the fact that open-source technologies have become the fundamental mechanisms for edge computing technologies. So, paying diligence to code provenance, code scanning, vulnerability hunting, and automated patching have all become critical, researchers say.
