Challenges Securing the Edge
Cybersecurity is all about protecting data, but it’s clear organizations need to make a greater effort to protect that data where it is, not where they’d like it to be or think it could end up. As more organizations are making the transition to edge computing, that’s where security needs to focus. However, moving security to the edge can be complicated, leaving many organizations hesitant to make the switch.
“Reading any recent Cybersecurity and Infrastructure Security Agency (CISA) vulnerability alert illustrates the challenges of managing our traditional attack surface; adversaries are having a field day exploiting known unpatched vulnerabilities,” said Rick Holland, chief information security officer, vice president strategy at Digital Shadows, in an email interview.
“Attack surface management is even more difficult as we transition to edge computing,” Holland added. “To effectively manage this new attack surface, defenders must discover assets, understand the sensitivity of data on those assets and be able to conduct configuration and vulnerability management on those assets.”
Observability Makes Things More Complex
The first step for defenders is asset discovery, which could be the greatest challenge of all when securing the edge.
According to Benjamin Fabre, co-founder and CTO of DataDome, observability is more complicated in edge computing because there are thousands of applications on the edge that must be monitored.
“This makes visibility more complex because it isn’t just a few servers you have to monitor but all of the cloud providers who could be literally on any continent,” Fabre said. It is more difficult to detect a breach or other cybersecurity incident when the cloud and the data could be anywhere. It’s harder to collect all the metrics without a central location for visibility.
The Challenges of Remote Work
Remote work has added additional challenges. When the bulk of the workforce was in the same location, there was a single IP reaching the data center, taking away some of the complexity of monitoring the edge. But as soon as the pandemic scattered employees to remote locations, there were dozens of unique and unknown IPs to account for.
And employees weren’t just working from their home; many left their home, which may have been a known and trusted IP, to stay with family or get away from crowded urban areas.
Natural disasters like Hurricane Ida have many workers scrambling to find any internet connection as their homes remain without power or data service, so they are now connecting from unsecured locations like coffee shops and hotel lobbies. Add to that the number of personal devices used and family members sharing these devices, all of which compounds the challenges of effectively securing the edge.
5G and the Edge
When it comes to 5G, said Holland, you may want to remember the adage, “With great power comes great responsibility.”
As 5G brings high bandwidth and low-cost network and computing solutions that could revolutionize technology in the workplace, the security and privacy implications of pervasive connected devices are frightening.
“I fear that without government mandates that require minimum security requirements for 5G-enabled devices, we will be exponentially expanding the attack surface with vulnerable misconfigured devices,” said Holland. “Ubiquitous 5G could result in severe ‘Hold my beer’ security moments.”
Meeting the Challenges
Securing the edge definitely presents a number of challenges, but it is possible. First, recognize that some of your old defenses will still be necessary.
“Edge computing shouldn’t change the SOC; you’ll always need one,” said John Bambenek, principal threat hunter at Netenrich, via email. Where there will be problems is in using traditional defense technologies and controlling newer endpoints.
“Insofar as possible, at least networking monitoring should be in front of these devices that can detect problems and, if necessary, block problematic network traffic,” said Bambenek. “In many cases, using DNS resolvers can be effective in filtering malicious communications or command-and-control attempts.”
Fabre also suggested that cybersecurity teams shouldn’t shy away from tried-and-true security approaches, such as security awareness training, especially for the remote workforce, enforcement whenever security protocols are broken or ignored, and smooth communication systems so everyone is comfortable with reporting potential security issues.
Data is being democratized, with the most valuable assets of a company no longer sitting in a vault in a known location. To protect that data, security has to adapt to the changes as they are happening. “This is the world we are going to be living in,” said Bambenek, “so that’s the world we need to secure.”
