The notion of edge computing is a relatively nascent one in modern IT. While end user, data center and cloud computing are well understood, Edge computing is still struggling to define itself – and come to terms with some significant security challenges.
At the OpenStack Summit in Vancouver on May 23, a panel of experts debated the security considerations and challenges for edge computing. OpenStack is an open-source cloud platform technology project that is widely deployed by large carriers and enterprises. An emerging use-case for OpenStack is at the edge of the network, rather just in a data center.
Though there is some debate over precisely what edge computing means, in the OpenStack context, it's about delivering and enabling the cloud at the edge of a larger network – making edge computing also a cloud security issue. The edge can still benefit from a data center, but it also can work independently and is a use case that is becoming increasingly attractive to operators as 5G mobile deployment efforts ramp up.
"Edge computing adds new vectors with potential for break-in," said Beth Cohen, co-founder of the edge computing working group at OpenStack and advanced networking product manager at Verizon. "Data centers are already fairly secure and physical access is pretty limited."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
In contrast, edge of network deployments can be in exposed locations, such as cell towers and remote locations that aren't as actively monitored and secured as a traditional data center.
Rob Hirschfeld, founder and CEO of RackN, said that with edge computing, the importance of data encryption is magnified. Due to the fact that edge computing deployments might not have the same physical security as traditional cloud deployments, an attacker could steal a hard drive or potentially plug in a USB key. Hirschfeld also suggested that trusted platform computing elements all need to be turned on for edge computing.
"There is security embedded in infrastructure now that we're not using now, in part because it's not well automated," Hirschfeld said.
With traditional cloud computing, most assets are within the same data center, or at least the same service provider. With edge computing, Glen McGowan, Dell EMC principal architect for NFV and cloud provider solutions, said traffic is flowing over untrusted public network segments. McGowan suggested that all edge computing traffic go over secure VPN tunnels that are as hardened as possible.
"Let's start now to build a robust approach, because the bad guys are 10 steps ahead in a lot of cases," McGowan said.
For McGowan, one of the top challenges for edge computing is the lack of a common security framework. In his view there is a need for consensus on best practices for edge computing. In Hirschfeld's view, the top challenge for edge computing is to automate the ability for an edge computing deployment to be updated and fully patched.
So what are the steps to secure edge computing?
- Encrypt Everything: By encrypting all data, even if data is stolen an attacker will have limited utility.
- Use Secure Tunnels: As edge computing isn't all located within a secured data center, connectivity should be hardened with the use of VPNs and secure tunnels.
- Constant Iteration Beyond Initial Setup: Organizations that are deploying edge computing need to have processes in place to enable constant iteration beyond the initial setup to deal with patching and emerging security issues.
- Employ Pro-Active Threat Detection: Since edge computing by definition is not centralized, it's critically important for providers to employ proactive threat detection technologies to identify potential issues early.
- Automated Patching and Assertion: Given that edge computing can potentially involve large numbers of distributed devices, there is a need to make sure that patching is automated that a given patch has been validated and properly implemented.
"If we find a vulnerability that impacts thousands of edge sites and we don't have a way to propagate the patch quickly, we've allowed that vulnerability to be easily exploited," Hirschfeld said.
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.