Insider Threats and Security at the Edge
Edge computing is a vital component of digital transformation, allowing data to be analyzed and used in real-time closer to the point where it is created and consumed. Securing the edge requires a shared security responsibility model, as research from AT&T pointed out, with cybersecurity responsibility spread across three entities: The cloud provider, carriers and enterprise.
“Enterprises are responsible for securing their devices and endpoints and the data within them,” the AT&T report stated.
They aren’t just responsible for securing devices and endpoints from outside threats, but also from insider risk.
Pandemic Impact on Insider Risk
Insider risk has increased significantly since the COVID-19 pandemic began. “Working from home, users may not be as vigilant in their home environments about protecting confidential information because they’re more relaxed and, again, there’s a lack of oversight,” said Latecia Lamkin, cybersecurity expert and SME at Triune Solutions, in a podcast.
Plus, Lamkin added, the stresses around the pandemic also impacted user behavior which often lead to insider risk. “Just the feeling of being constrained and locked down, it can cause people to be … motivated to partake in malicious activities for personal reasons and they could … be so distracted that they’re not protecting or safeguarding the way that they should.”
It’s not just the pandemic adding to the insider risk threat. The so-called Great Resignation brought new attention to risks caused when employees have been using their own devices for work and then quit their job. Nearly nine in 10 organizations relied on employees to use personal devices, but according to research from Code42, 71% of companies don’t know what sensitive data departing employees have on those devices.
So while edge computing improves the way we can use data, without real oversight over devices, insider risk becomes a greater threat.
Edge Security Challenges
Even without insiders, there are challenges with edge security. With an increasing number of devices storing data, the attack surface has gotten much bigger. Denial-of-service attacks and data breaches are now a greater threat.
And as the use of personal devices and millions of workers forced to work remotely has shown, a disparate workforce makes it much more difficult to properly monitor and protect devices. Add to that the fact that these devices are connected to other devices that the security team is not aware of, and the threat increases further.
Securing the Edge from Insider Risk
During the recent Insider Risk Summit, Katie Anderson, senior product marketing manager for insider risk management and Talhah Mir, principal PM manager for insider risk management, both with Microsoft, offered some general suggestions on how to protect data from insider threats. That included:
• Address Data from Multiple Lenses. It starts with knowing where your data is, what your data is and who has access to your data.
• Protect Data from Loss. Users should be able to access the data they need, but policies should be created and enforced to prevent data loss.
• Manage Internal Risks. The biggest risks to data are things like internal leakage and employees who have data access when they leave the job. Security teams need to be able to be empowered to address those issues.
However, Althebyan Qutaibah, associate professor and dean of the College of Engineering at Al Ain University, wrote that traditional defenses may not work when tracking insider behavior in edge computing. Instead, Qutaibah recommended building a knowledge base of insiders and “building a fog layer where a mitigation unit, residing on the edge, takes care of the insider threats in a place that is as close as possible to the place where insiders reside.”
