Security at the Edge: Why It's Complicated

Edge technology widens the attack surface by bringing data analysis closer to where it's collected. Now is the time for public and private sector groups to establish guidelines and identify security best-practices frameworks.

Paul Kurtz, Chief Cybersecurity Adviser, Splunk Public Sector

June 1, 2022

3 Min Read
Edge computing
Source: NicoElNino via Alamy Stock Photo

The federal government's IT modernization efforts have focused on centralizing cloud computing technologies. As more agencies improve those capabilities, they're starting to think about how computing at the edge can improve their data-driven decisions.

However, as edge computing continues to grow given emerging technologies, such as 5G, there's one area being neglected: security. With edge computing, we're on the cusp of repeating the familiar mistake of not thinking through the security implications of new technologies.

Now is the time to change that. By identifying gaps and vulnerabilities that edge technology could create prior to its implementation, the public sector can ensure the edge isn't creating new security risks.

Data is now the core foundation of any business. Yet managing the unprecedented growth of data in cloud-based operations has placed a massive strain on Internet communications, causing latency and inefficiency. Edge technology eliminates those latency and performance issues by bringing the data analysis closer to where it's collected — on mobile devices or sensors — so it can be processed more quickly.

With data being processed closer to the end user, there is an array of unrecognized security concerns that government agencies can address to securely implement this new technology.

As exciting as the possibilities associated with the edge can be, we know adversaries see opportunities to engage in pernicious or malevolent behavior with emerging technology. It's critical we recognize that edge technology widens the attack surface by generating and analyzing data outside of the traditional IT perimeter.

Shift of Security Mindset

This requires IT and security leaders to shift their mindset when it comes to securing edge technology. But with the security of edge computing not well-defined, federal agencies should ensure they consider the following steps when implementing edge technology.

  • Clarifying roles and responsibilities. Federal agencies need to work in coordination with technology vendors to determine the responsibilities for securing the edge. With an array of different agencies and vendors playing a role in edge technology, there's currently a lack of understanding around the role each party plays regarding security. To determine this, there needs to be a framework developed between the government and the technology community that offers best practices for how they can share the responsibility of securing edge technology to close unrecognized security gaps.

  • Applicability and gap analysis of current security products and services. Government organizations need to ask vendors how their products and services address edge-based computing security before implementing them. Questions should range from the security of edge-based products to how these products and services are monitored and remediated. Without an understanding of the security practices already implemented into edge technology, you can't ensure that proper protocols are in place to defend against unprotected areas. Being proactive is key.

The Future of Edge Security

Luckily, the future of the edge isn't dark. But the government needs a plan to address the inevitable security threat landscape. Both private and public sector organizations can help make this possible by drafting frameworks, identifying best practices, and coming together to share that intelligence. These are the steps necessary to create an industrywide method. Through combined support of private and public sector organizations — such as the CSA — government agencies can start to unpack and prepare for security challenges of the edge before its implementation

About the Author(s)

Paul Kurtz

Chief Cybersecurity Adviser, Splunk Public Sector

Paul Kurtz is an internationally recognized expert on cybersecurity and a co-founder of TruSTAR and now is the Chief Cybersecurity Adviser of Splunk's Public Sector business. Paul began working on cybersecurity at the White House in the late 1990s where he served in senior positions relating to critical infrastructure and counterterrorism on the White House's National Security and Homeland Security Councils.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights