Securing any type of data center is challenging enough given the wide array of threats and risks that can impact data centers. But data center security is even more challenging when you're dealing with an edge data center, where you might not have access to the same security controls and tools that would protect assets inside a traditional facility.
Here's why edge data center security can be challenging, and what data center operators can do to tackle the risks.
What Is an Edge Data Center?
An edge data center is a facility for hosting servers and other IT equipment close to the network "edge" – meaning the end-user devices that rely on workloads hosted in data centers.
For example, a retailer might set up a small edge data center adjacent to one of its stores so that it can achieve high-performance, low-latency connectivity between point-of-sale devices inside the store and applications and data hosted in the edge data center. Or, a business that hosts most of its workloads in the public cloud might rely on an edge data center to cache frequently accessed content closer to its main office in order to deliver a better experience for employees based in that office.
Typically, edge data centers are much smaller than conventional data centers. They often reside in a closet inside a larger building, or in a shipping container that can be deployed adjacent to the facility they are helping to support. There are usually no professional technicians on site to manage edge data centers on an ongoing basis.
The Challenges of Edge Data Center Security
The nature of edge data centers makes security challenging in several respects:
- Physical security risks: Conventional data centers usually benefit from strong physical security controls like high-security fences and doors. But an edge facility located in an office building or warehouse is likely to lack rigorous protections to discourage physical intrusion. Any physical access controls that exist are usually easy to defeat using tools like saws and crowbars.
- Risk of interference attacks: If someone wants to attack an edge data center physically without breaking in, they could use a method like intentional electromagnetic interference to damage IT equipment. They could also simply shut off power or cooling systems – and in many cases, edge facilities lack backups for these resources.
- Lack of staff access: Edge data centers are typically not staffed on a regular basis. As a result, if an attack occurs, there may be no one prepared to respond immediately.
- Fewer monitoring resources: Because edge facilities usually have limited infrastructure resources available, they may not be able to support robust network monitoring or firewall equipment, making it more challenging to detect and block network-based threats.
In short, the fact that edge data centers are typically located in places that lack strong physical security protections makes them prime targets for local attack. In addition, network-based attacks can be harder to detect and fend off due to the limited infrastructure resources that edge facilities support.
How To Secure an Edge Data Center
There is no simple solution for keeping an edge data center secure, but there are some measures that can help.
Don’t Label Your Edge Data Center
A simple but effective practice to protect edge data centers is to avoid making it obvious that they are data centers. Typically, no one except data center technicians who help support an edge facility needs to know where the facility is located, so there is no reason to label it with signs like "server closet" or "local data center." Keep things as non-descript as possible to help with physical security.
Install Remote Monitoring Systems
Although it typically doesn't make financial sense to pay technicians to staff edge data centers on a regular basis, installing remote video systems to monitor for threats is much less costly. AI technology can make these systems even more efficient by automatically flagging threats, reducing the number of staff required to monitor video feeds.
Designate Local Staff To Perform Security Monitoring
In some instances, you may have employees working in close proximity to edge data centers who are not data center technicians, but who are capable of performing some basic security tasks such as responding in the event that remote monitor systems detect efforts to tamper with locks.
For instance, a retailer with an edge facility next to a store could ask store managers or loss-prevention personnel to help support physical security inside its edge data center.
Consider Moving Your Edge Data Center
Edge data centers hosted in shipping containers or other easily portable facilities can be moved around periodically. Doing so is another way to make it less obvious to outside observers where your edge data centers are located.
Don’t Deploy Critical Infrastructure in an Edge Data Center
At the end of the day, the security of edge data centers is inherently weak compared to conventional facilities. For that reason, it's a best practice to avoid deploying anything essential inside an edge facility. Edge data centers can host infrastructure that boosts workload performance, but you should always have a backup solution in place in a traditional data center that can take over if your edge facility is breached.
Keeping critical workloads out of edge data centers won't make the facilities more secure, but it will reduce the impact in the event of an attack.
Conclusion
Ultimately, solutions available for securing edge data centers are limited. But taking the steps available to protect edge facilities is much better than doing nothing. To that end, businesses that operate edge data centers should invest in protections like remote monitoring systems, while also mitigating their risks by keeping mission-critical workloads outside of facilities and making sure they don't advertise the location of edge data centers to threat actors.
