By adopting edge computing, companies move some processing to the periphery, closer to where the work is needed most to improve performance, decrease network traffic, and reduce latency. This introduces a scale of cybersecurity challenges regular data center operators may not be used to dealing with.
Packet, for example, spends a great deal of effort on cybersecurity for its edge computing deployments, Zac Smith, the company’s CEO, said. The New York-based bare-metal cloud provider is in the middle of several trial edge-computing deployments in modular data centers and in large commercial buildings or shared spaces, such as malls, he said.
With 5G expected to bring exponential growth in the number of devices and in traffic, those cybersecurity concerns are going to grow.
"The key to security is a mindset that assumes devices are compromised until proven otherwise," Smith said.
You Really Have to End Default Passwords
Unfortunately, companies are often less security conscious when it comes to their edge devices, not more. For example, passwords used to access the devices are often simple or default passwords.
Enterprises should require strong passwords or two-factor authentication, especially for administrator and root-access accounts, said Herb Hogue, senior VP of cloud, security, hybrid data center, and collaboration at PCM, Inc., an El Segundo, California-based IT solutions provider.
"We are still seeing a lot of brute-force happening, and unfortunately that brute force is often successful," he said. When those credentials are compromised, the attackers may be able to leverage them to get higher privileges and penetrate the rest of the environment. “We see that particular use case very frequently, and it’s usually not noticed for many months.”
Another area where companies often have lax perimeter security is WiFi. “The WiFi at the edge needs to be extremely locked down, not just completely open,” Hogue said. “That's just leaving the door open in many cases.”
Don't Put All Your Trust in Perimeter Defenses
Hogue advises that companies expand their use of network segmentation. Today, many segment the perimeter. They should also segment traffic types and have firewalls between the center and the branches.
In some cases, the edge computing devices might not need to be connected to the enterprise network at all. For example, in cases where an edge site is being used to operate a farm or an automated factory, where access to customer data is not needed, said Steven Carlini, VP of innovation and data center at Schneider Electric. That might not be possible for a bank branch or a retail store, however.
He recommends that companies use encrypted devices, firewalls, and intrusion detection and prevention systems. In addition, micro-data centers at the edge should be in clusters with redundant levels of protections, he said, and IoT devices should have physical connections via cables whenever possible.
Another possible attack vector for edge devices is the data they collect. For example, if a smart thermostat is tricked into thinking that the temperature is much lower than it is, it might trigger the heating system to heat when it shouldn't. If hackers interfere with manufacturing sensors, they can do significant harm to a production line.
When edge computing includes the ability to make critical decisions, extra attention needs to be paid to the data or commands it receives, said Andrew Howard, CTO at Kudelski Security, a Phoenix-based security vendor.
"This includes checking for traditional cybersecurity threats, such as malformed inputs, but must also include sanity checks for valid data," he said. “There are attacks that take advantage of the standard averaging techniques used by central processors of edge data.”
Is the Cloud Really Necessary?
The typical IoT device is, as the name implies, internet-enabled. But edge computing doesn't actually require constant internet connectivity, said Sastry Malladi, CTO at FogHorn Systems, a Sunnyvale, California-based edge computing technology company.
"By definition, the edge computing nodes function in a disconnected mode and often do not require persistent connectivity to the cloud," he said. That can reduce security risks. "However, even if the device is connected to the cloud for a very small fraction of the time, there is still a risk of bringing down the devices if proper security measures are not taken."
Companies can reduce those risks further by not allowing direct connections from the edge nodes to the cloud and requiring the edge devices to initiate those connections that are necessary, he said.
Edge Data Centers Can Be a Net Positive for Security
Done right, edge computing doesn't have to be another source of cybersecurity risk.
"That’s the main takeaway," Schneider’s Carlini said. “Edge data centers that are properly architected and protected, and can operate in a cluster that’s isolated from the core and sensitive data, can be used as a tool to improve cyber resilience.”