Industry executives and experts share their predictions for 2019. Read them in this 11th annual VMblog.com series exclusive.
Contributed by Colin Sullivan, Product Manager at Synadia
A Move Toward Decentralized Security and Identity Management
Given the explosive growth of IoT and edge computing, there
is a need to evolve beyond the standard security and endpoint management models
we have today to a model that can truly scale, independent of provider - cloud,
edge, telecom, or otherwise. With 25 billion connected devices by 2021,
no single central authority can or should be used to identify and apply policy
to billions of these endpoints. We will need end-to-end, decentralized
security over a zero trust communications system.
As the number of devices, applications, and endpoints
exponentially grow, we're approaching the edge of our ability to aggregate and
control our data, much less secure that data. We're seeing this data
explosion give rise to edge computing in order to relieve and distribute data
processing pressure from back-end and cloud resources. Unfortunately
security around this has been lagging with multiple models glued together to
secure different components throughout the IoT hardware and software
stack. Amazon, Google, Microsoft and others have done a great job in
centralizing and securing identities in the cloud and their gateways, but at
some point still has to map identities between different models, which is
problematic at best. The sheer volume of mapped identities between persons,
devices, and machines will be astounding. This and the data to secure
will become troublesome to manage, especially as markets mature and we see
acquisitions and mergers create IoT deployments of unforeseen proportions.
As this growth continues through 2019, in order to
effectively secure and manage endpoints we will need to decentralize security
and identity management. Therefore, we will see a paradigm shift from thinking
of security in a centralized context to a decentralized context where security
is administered by various operators (internal organizations, companies,
vendors, etc.), each securing different components of the distributed system
with the same mechanism, albeit in a distributed and manageable manner.
To that end I predict:
Security efforts in IoT, edge computing, and cloud will
move toward a decentralized model. This might occur as a zero trust
distributed system having authentication and authorization driven by various
operators of the system, but not within the system itself. This will be
the only way to effectively manage billions of devices, applications, and
endpoints securely and with trust. Imagine end to end communication
platforms that never hold or access private keys, instead relying on secure
operators to manage private keys outside of the system. An operator that
is compromised won't jeopardize the entire system. Operators would allow
their administrators to apply individual security policies as they need, and
revoke or refresh keys as necessary.
Data flow policies between defined silos of the
application, device, and endpoint ecosystem will also need to be decentralized
- data flow will only be permitted when the various operators of the system,
not the distributed system itself, mutually trust each other, effectively
decentralizing authorization. For example, an enterprise operator would
set policy and provide a cloud based back-end, and each regional operator
managing millions of devices would only be permitted to send and receive data
to the back end when both agree and apply the data flow policy on both
sides. Either can revoke at any time to stop the flow of data or
availability of services. Scaling up, adding regions would simply involve
the enterprise operator and regional operators agreeing to allow data flow to a
new region.
I predict 2019 will be the year the market unveils the need
for a new, decentralized security, authorization, and authentication model to
scale for IoT, edge, and cloud computing. Granted, it will take
years to move to a decentralized model, but the market need will become clear
sooner rather than later.
##
About the Author
Colin Sullivan, Product Manager at Synadia
Colin has been managing and developing messaging products
and distributed systems for over 20 years at Synadia, Apcera, TIBCO, Talarian,
and PLATINUM.