Security at the Edge: Why It's Complicated

Edge technology widens the attack surface by bringing data analysis closer to where it's collected. Now is the time for public and private sector groups to establish guidelines and identify security best-practices frameworks.

The federal government's IT modernization efforts have focused on centralizing cloud computing technologies. As more agencies improve those capabilities, they're starting to think about how computing at the edge can improve their data-driven decisions.

However, as edge computing continues to grow given emerging technologies, such as 5G, there's one area being neglected: security. With edge computing, we're on the cusp of repeating the familiar mistake of not thinking through the security implications of new technologies.

Now is the time to change that. By identifying gaps and vulnerabilities that edge technology could create prior to its implementation, the public sector can ensure the edge isn't creating new security risks.

Edge Security-Related Challenges

Data is now the core foundation of any business. Yet managing the unprecedented growth of data in cloud-based operations has placed a massive strain on Internet communications, causing latency and inefficiency. Edge technology eliminates those latency and performance issues by bringing the data analysis closer to where it's collected — on mobile devices or sensors — so it can be processed more quickly.

With data being processed closer to the end user, there is an array of unrecognized security concerns that government agencies can address to securely implement this new technology.

As exciting as the possibilities associated with the edge can be, we know adversaries see opportunities to engage in pernicious or malevolent behavior with emerging technology. It's critical we recognize that edge technology widens the attack surface by generating and analyzing data outside of the traditional IT perimeter.

Shift of Security Mindset

This requires IT and security leaders to shift their mindset when it comes to securing edge technology. But with the security of edge computing not well-defined, federal agencies should ensure they consider the following steps when implementing edge technology.

  • Clarifying roles and responsibilities. Federal agencies need to work in coordination with technology vendors to determine the responsibilities for securing the edge. With an array of different agencies and vendors playing a role in edge technology, there's currently a lack of understanding around the role each party plays regarding security. To determine this, there needs to be a framework developed between the government and the technology community that offers best practices for how they can share the responsibility of securing edge technology to close unrecognized security gaps.
  • Applicability and gap analysis of current security products and services. Government organizations need to ask vendors how their products and services address edge-based computing security before implementing them. Questions should range from the security of edge-based products to how these products and services are monitored and remediated. Without an understanding of the security practices already implemented into edge technology, you can't ensure that proper protocols are in place to defend against unprotected areas. Being proactive is key.

The Future of Edge Security

Luckily, the future of the edge isn't dark. But the government needs a plan to address the inevitable security threat landscape. Both private and public sector organizations can help make this possible by drafting frameworks, identifying best practices, and coming together to share that intelligence. These are the steps necessary to create an industrywide method. Through combined support of private and public sector organizations — such as the CSA — government agencies can start to unpack and prepare for security challenges of the edge before its implementation

Editors' Choice
Jai Vijayan, Contributing Writer, Dark Reading
Kelly Jackson Higgins 2, Editor-in-Chief, Dark Reading