How to Keep Edge Computing Secure

Analysts agree that edge computing, where the processing and storage is located as close as possible to where it’s used, is the next major development in information technology. Digital transformation, contactless commerce and data-driven decision are driving the shift to more distributed, hybrid networks. Our traditional notions of the enterprise perimeter have changed with the advent of remote working, software-defined enterprises and multi-cloud adoption. Today’s networks are far more distributed and complex than ever before. In particular, the shift to cloud and hybrid networks made traditional leased line networks used for routing traffic back to data centers less relevant.  In their place we now see software-defined wide area networks characterized by application-aware dynamic routing and security – also known as Secure SD-WAN.

As 5G becomes more widely available, it’s high performance will enable accelerated computing by connecting edge computing to nearby micro clouds, and in doing so, reduce latency and network traffic – and thereby, network costs. With the use of industrial applications like augmented reality and predictive, proactive contracting, one begins to see the transformative potential of edge computing. Indeed, according to the Worldwide Edge Spending Guide from International Data Corporation (IDC), the worldwide edge computing market will reach $250.6 billion in 2024. As a result, many of the industry’s biggest names are now investing heavily in edge computing.

What is edge compute and what are the benefits?

Bringing computation and data storage as close to the user as possible—on the enterprise edge where the data is actually being collected and processed—saves bandwidth and speeds response times. Achieving this, however, requires low latency, high-performing 5G networks, which is particularly important for Internet-of-Things (IoT) devices to function at their fullest potential.

Edge computing delivers a number of key benefits that facilitate better business outcomes and enhanced end user experiences.  First, moving computing closer to where its used accelerates data driven decision-making and shortens operating intervals, leading to better outcomes and experiences.  This is especially important in smart solutions and connected platforms – such as robotic factor floors and level 5 autonomous vehicles. Edge computing enables better and faster decisions for proactive and predictive maintenance – generating cost savings and better performance. These transformative technologies need split second timing and seamless, secure and highly reliable connectivity to function properly and more importantly, safely.

Edge computing also enables organizations to scale their hybrid cloud infrastructures and increase their compute capabilities faster and at less cost. This allows for better data collection and analysis, including collecting actionable IoT data, to make adjustments quickly for better customer experience. But relying on IoT and other edge devices for critical business functions can also introduce security challenges.

Security challenges

Edge computing creates additional network edges that result in increased levels of complexity which is challenging to organizations of all sizes.  We now see a proliferation of network edges from IoT edges, home edges, branch office edges, headquarter edges, enterprise data center edges, and a multitude of cloud edges.  From the evolution of perimeter defenses to the advent of cloud-based security services, security has always followed the compute. Edge computing requires visibility and control over an ever-expanding number of IoT devices collecting and sharing data to make semi- and fully autonomous decisions.  This visibility, control, and correlation requires a Zero Trust access-based approach to address security on the LAN edge, WAN edge and cloud edge, as well as, network management. Zero Trust is key as it allows organizations to address the idea that all devices are compromised and must be inspected before access is granted. 

As organizations shift the focus to business outcomes and customer experiences, it’s now clear that success requires an integrated approach to security, networking and the compute. Outcomes and experiences depend on all elements of the security, network and application performance to be optimized.  So not only do organizations need low latency and high-performing systems, such as 5G networks, but they also need to be able to dynamically adapt security and networking to ensure computing.  This requires an integrated security and networking platform, as well as network and security operations integration. Network operations and security operations can no longer operate in separate silos – requiring both technology, organizational and cultural changes so that networking, security and the compute functions as a single, integrated system.

Security system audit and future solutions

Considerations for edge security

Part of the reason why traditional security approaches have not been very effective is the often-haphazard way in which security solutions are chosen and deployed.  In all too many cases, security is an afterthought applied by bolting on devices and controls. Therefore, the first exercise should be defining your objective and an assessment of your current state. 

Organizations should also identify all devices, users and entities in your network and then ascertain their underlying dependencies and criticality. Organizations should also assess what kind of data they have, which of it is critical, where it currently resides, and how it is being classified. Next, they should ensure they’re following basic cyber hygiene policies. From there, employ sound defense and in-depth strategies based on Zero Trust access principles applied via a security solution to enforce segmentation and other controls. 

As with all devices, vulnerability management should be a top priority. Many edge-based computing devices, especially IoT devices, are produced with limited security forethought. All of the devices on your network, no matter where they reside, need to be configured, managed, and patched using a consistent policy and enforcement strategy to ensure they remain compliant and secure.

In addition to using next generation firewalls, network access controls and encryption to classify and segment data flows, security teams should also consider behavioral-based analytics to detect anomalous behavior of cameras, thermostats, controllers, sensors and other edge computing devices. Such departures from normal source, destination, commands and other data are early indicators of compromised devices.   

Implementing a Zero Trust–based approach and properly segmenting edge compute is a powerful strategy for ensuring least-privileged access and control. Building a zero-trust model using a unified security platform approach that spans your cloud computing ecosystem helps consolidate security across all edges, simplifying the protection of the expanding attack surface regardless of where users or devices are located. It also enables a single-pane-of-glass management model makes security visibility and policy orchestration less complex and more flexible, and enables automation to span the entire distributed network.

A unified platform approach should cover a wide range of functions, including:

• Security operations
• Network operations
• Applications management
• Distributed communication
• Identity and access management
• Cross-platform integrations
• Data design

Integrate security at the onset

The substantial benefits of edge computing are enabling many organizations to accelerate operations, improve network performance and lower costs, while enabling better outcomes and experiences. But because edge devices and networks dramatically expand the attack surface, security must be prioritized equally with computing and networking. Implementing an edge strategy with well-planned and highly integrated security processes at the onset, built around an integrated security platform, will enable the productivity, innovation and agility needed to compete more in today’s digital marketplace.

Find out how Fortinet’s Security Fabric delivers broad, integrated, and automated protection across an organization’s entire digital attack surface from IoT to the edge, network core and to multi-clouds.