By Steve Durbin, Managing Director, Information Security Forum
In the coming years, the requirement for real-time data
processing and analysis will drive organizations to adopt edge computing in
order to reduce latency and increase connectivity between devices - but
adopters will inadvertently bring about a renaissance of neglected security
issues. Poorly secured edge computing environments will create multiple points
of failure, and a lack of security oversight will enable attackers to
significantly disrupt operations.
Organizations in industries such as manufacturing,
utilities, or those using Internet of Things (IoT) and robotics will be dependent
upon edge computing to connect their ever-expanding technical infrastructure.
However, many will not have the visibility, security or analysis capabilities
that have previously been associated with cloud service providers - information
risks will be transferred firmly back within the purview of the organization.
Attackers will exploit security blind spots, targeting devices on the periphery
of the network environment. Operational capabilities will be crippled by
sophisticated malware attacks, with organizations experiencing periods of
significant downtime and financial damage.
Poor implementation of edge computing solutions will leave
organizations open to attack. Nation states, hacking groups, hacktivists and
terrorists aiming to disrupt operations will target edge computing devices,
pushing security to the brink of failure and beyond.
What is the Justification for This Threat?
As the world moves into the fourth industrial revolution,
the requirement for high-speed connectivity, real-time data processing and
analytics will be increasingly important for business and society. With the
combined IoT market size projected to reach more than $500 billion by 2021, the
development of edge computing solutions alongside 5G networks will be required
to provide near-instantaneous network speed and to underpin computational
platforms close to where data is created.
The transition of processing from cloud platforms to edge
computing will be a requirement for organizations demanding speed and
significantly lower latency between devices. With potential use cases of edge
computing ranging from real-time maintenance in vehicles, to drone surveillance
in defense and mining, to health monitoring of livestock, securing this
architecture will be a priority.
With edge computing solutions, security blind spots will
provide attackers with an opportunity to access vital operational data and
intellectual property. Moreover, organizations will be particularly susceptible
to espionage and sabotage from nation states and other adversarial threats.
Edge computing environments, by their nature, are decentralized and unlikely to
benefit from initiatives such as security monitoring. Many devices sitting
within this type of environment are also likely to have poor physical security
while also operating in remote and hostile conditions. This creates
challenges in terms of maintaining these devices and detecting any
vulnerabilities or breaches.
Organizations that adopt edge computing will see an
expansion of their threat landscape. With many organizations valuing speed and
connectivity over security, the vast number of IoT devices, robotics and other
technologies operating within edge computing environments will become
unmanageable and hard to secure.
Edge computing will underpin critical national
infrastructure (CNI) and many important services, reinforcing the necessity to
secure them against a range of disruptive attacks and accidental errors.
Failures in edge computing solutions will result in financial loss, regulatory
fines and significant reputational damage. An inability to secure this
infrastructure will be detrimental to the operational capabilities of the
business as attackers compromise both physical and digital assets alike. Human
lives may also be endangered, should systems in products such as drones,
weaponry and vehicles be compromised.
How Should Your Organization Prepare?
Organizations that are planning to adopt edge computing
should consider if this architectural approach is suitable for their
requirements.
In the short term, organizations should review physical
security and potential points of failure for edge computing environments in the
context of operational resilience. Carry out penetration testing on edge
computing environments, including hardware components. Finally, identify blind
spots in security event and network management systems.
In the long term, generate a hybrid security approach that
incorporates both cloud and edge computing. Create a secure architectural
framework for edge computing and ensure security specialists are suitably
trained to deal with edge computing-related threats.
##
About the Author
Steve
Durbin is Managing Director of the Information Security Forum (ISF). His main areas of focus include
strategy, information technology, cyber security, digitalization and the
emerging security threat landscape across both the corporate and personal
environments. Previously, he was senior vice president at Gartner.