Closing the Security Gaps at the Edge
More than 18 months into the COVID-19 pandemic and the new normal of the workplace, organizations continue to figure out how to best approach cybersecurity. And they are struggling. A new study from Lynx Software Technologies found most American executives believe their company has serious security gaps, and that remote work made the situation worse.
“Now more than ever, it is incredibly important that employees feel like they can trust the security of their corporate networks,” Arun Subbarao, vice president of engineering and technology at Lynx Software Technologies, said in a formal statement. “Remote and hybrid work models are here to stay, and organizations need to ensure not only that their corporate network infrastructure is secure, but also verify that every endpoint—from printers at HQ, to laptops and tablets in each employee’s home—are protected, as well.”
A little more than half of the survey’s respondents think that edge computing would improve security in their organizations. But no cybersecurity system is 100% incident-proof, and anyone who is turning to edge computing for better security has to remember that there are security gaps on the edge, too.
New Edge Security Concerns Open New Gaps
As technology has evolved, so have the risks that need to be addressed. Back in the days when systems were connected inside an organization and there were no outside connections to worry about, threats literally came from inside the building. More often than not, disgruntled employees presented the biggest risk to the company, and the security gap was identifying the employee before damage could be done. “With a network connection from that enterprise to external services (public clouds), there is a potential access point for anyone on the planet to attack that system,” said Ian Ferguson, VP of marketing, Lynx Software Technologies, in an interview.
IoT devices are a prime target for edge security threats. Gaps are most likely to be found in data protection since there are no physical or centralized security systems around data on the edge. Also, devices designed for edge computing aren’t built with a security-first (or second, or third) mindset. Authentication methods are lax—many users never change the default passwords from the setup process—operating systems are often out-of-date and applying patches and updates to firmware often is ignored because there is no simple way to alert users that it needs to be done. In the new normal of the hybrid workplace, there are more unknown devices than ever connecting to the network. Finally, when a threat hits an edge device, time is of the essence even more than in more traditional network systems.
“At the edge, seconds matter, meaning that cybersecurity tools must be automated to deal with threats in real-time to prevent serious damage,” Matt Hathaway, vice president, product marketing at Imperva, told Security Boulevard earlier this year. “You have milliseconds to handle data traffic in order to mitigate the threat.”
Any organization without a plan to handle threats on edge computing devices has huge gaps in their overall security system and in, therefore, at a greater risk for being hacked.
Eliminating the Gap
When it comes to security, it’s important to remember that a system’s strength can also be a weakness.
“If a system’s functionality is fixed and can be controlled from the cloud, it is more limited, but if the endpoint is compromised, the functionality cannot be altered. This is also similar to a networking box,” said Ferguson. “If it is accessed, maybe some errant data can be inserted, but I would argue that the system’s functionality couldn’t be altered. And it is still very challenging to insert new data if the network traffic is encrypted.”
Moving intelligence to the edge delivers benefits of increased system flexibility and modifying functionality, but that benefit can be exploited. To decrease exposure to risk, Ferguson suggested the following tips to close gaps in edge security:
• Minimize what an external hacker can accomplish if they access the system via this network connection; for example, ensuring all valuable assets are inaccessible via an unsecured internet session.
• Early warning capabilities if the system is compromised and strategies in place to revert the system to a known good state.
• A strategy to continually raise the security posture of deployed systems against attacks. As a reflection point, consider how often the software embedded in your home gateway is being upgraded to block potential attacks.
• In addition to the external internet connection, the enterprise’s network must be inaccessible without strong username/password security and configured to send encrypted information.
“Moving forward, to eliminate—or at least mitigate—the risks represented by these gaps, we need architectures for devices that support secure, protected sessions for sensitive workloads as well as unprotected sessions for personal activities,” Ferguson added. “These architectures would sequester machine resources, such as memory, which results in a level of protection that is layered depending upon the sensitivity of the data being transferred and processed.”