Edge Computing May Increase Attack Surface
To protect the edge, enterprises should move toward architectures that will protect applications even if the infrastructure is compromised.
April 17, 2018
Edge computing can increase computing power and lower latency, but it poses the risk of expanding the attack surface, experts say.
For example, some enterprises are deploying compute clusters or small edge data centers closer to endusers or production facilities to minimize network latency and reduce the volume of network traffic, said Bob Peterson, CTO architect at Sungard Availability Services.
"However, many times they are putting systems in areas that may not have the same logical and physical controls as their larger data centers," he said.
In addition, restoring physical control or services can be more difficult with remote centers, and the risk of systems being breached or tampered with increases when devices are placed in locations with little or no staff.
"I think it's not that security teams are overlooking the risks, but more so that security teams are unable to keep up with the rapid evolution of technology," he said. "I think we are still too far away from information security being a fundamental part of everyone’s role."
Edge computing is also useful in distributed environments like smart cars or manufacturing facilities, said Alex Henthorn-Iwane, VP of product marketing at ThousandEyes, a San Francisco-based network intelligence company.
But if those devices are connected to the internet, and not adequately secured, then attackers could do damage to the device or machinery that it controls.
And they could use access to that device to move onto other areas in the corporate environment, or use it to launch attacks against external targets.
"Take a connected car, for example," he said. "A connected car has to do a ton of calculations all the time, because it has sensors built in and is taking all kinds of measurements all the time. That data is used by the computer in the car to make split-second decisions -- if I'm about to run into a light pole, I need to auto brake."
And the amount of data being collected by distributed sensors is growing dramatically, he said. There are critical decisions being made at the perimeter, and other, less time-sensitive decisions, that are sent back to a central location for processing.
This means that an attack against a single edge computing device -- or against the communications infrastructure, or against the central servers -- can also potentially have a cascading effect.
If one part of the system goes off-line, or is just slowed down due to the attack, then other parts that depend on it could also be affected.
"The more complex all these interconnected systems get, the more you have to look at the performance of all these communications," he said.
So far, these attacks are more theoretical than actual, he said, because many of these systems are still in trial stages, or run on private, isolated networks.
"Industries are really at the beginning of their journey of automating big industrial gear," he said.
When faced with a large number of devices, in remote locations, with different levels of control, there is only one thing for companies to do: assume that the edge devices are compromised. Once you make that assumption, it changes how these devices are allowed to connect to the data center, and what access they are granted, said Ofri Ziv, VP of research at GuardiCore.
"The data sent from these devices must be considered malicious until proven otherwise," he said.
To protect the edge, enterprises should move toward architectures that will protect applications even if the infrastructure is compromised, agreed Ketan Shah, VP of products at Fortanix.
"Organizations can borrow a page from cloud security," he said. "Encryption has been effective at protecting data in the cloud."
For edge computing, especially for sensitive workloads, the scope has to be ramped up, he said, to cover data at rest, data in motion, and data in use.
About the Author
You May Also Like