Does edge computing mean a new network security risk?
By adopting edge computing, some enterprises can migrate some services to the periphery, which is closer to improving performance, reducing network traffic, and reducing latency. This has brought a series of network security challenges that traditional data center operators may not be able to cope with.
For example, Zac Smith, CEO of Packet, a bare metal cloud provider headquartered in New York, said that the company had spent a lot of energy on deploying edge computing in terms of network security and was conducting several edge computing deployment experiments in shared spaces such as modular data centers, large commercial buildings or shopping malls.
With the exponential growth of the number of devices and traffic brought by 5G, these network security problems will continue to increase.
"The key to safety is a kind of thinking mode. People assume that equipment will be damaged before it is proved unsafe," Smith said.
Use of default password must be terminated
Unfortunately, when it comes to edge devices, many companies often lack security awareness. For example, the password used to access edge devices is usually a simple password or a default password.
Herb Hogue, senior vice president of cloud computing, security, hybrid data center and collaboration of PCM, an IT solution provider headquartered in El Segundo, California, said that enterprises should set strong passwords or adopt two factor authentication, especially for managers and root access accounts.
He said, "Network attackers usually use the method of brute force password cracking, which is often successful. When these credentials are disclosed, network attackers may be able to use them to obtain higher permissions and enter the victim's business operation environment. People often encounter this special use case, and usually do not notice it for several months."
Another area where businesses typically have loose perimeter security is WiFi. Hogue said, "WiFi applications for edge computing need to be fully locked and cannot be opened to the outside world, but in many cases, WiFi permissions are completely open to the public. "
Don't put all trust on the periphery
Hogue suggested that enterprises expand the scope of network segmentation. They should also divide traffic types and set firewalls between centers and branches.
Steven Carlini, vice president of innovation and data center of Schneider Electric, said that in some cases, edge computing devices may not need to be connected to the enterprise network at all. For example, there is no need to access customer data when an edge site is used to operate a farm or automated chemical plant. However, this is impossible for bank branches or retail stores.
He recommends that enterprises use encryption devices, firewalls and intrusion detection and prevention systems. In addition, the micro data center at the edge should be a cluster with redundant protection level. He said that IoT equipment should be physically connected through cables as far as possible.
Another possible attack vector for edge devices is the data they collect. For example, if the intelligent thermostat is considered that the ambient temperature is much lower than the actual temperature, it may start the heating system when it should not be heated. If hackers interfere with the manufacturer's sensors, it may cause significant damage to the production line.
Andrew Howard, chief technology officer of Kudelski Security, a Phoenix based security provider, said that when edge computing includes the ability to make critical decisions, additional attention should be paid to the received data or commands.
"This includes checking for traditional network security threats, such as input errors, but it must also include sanity checks for valid data. Some network attacks take advantage of the standard technology used by the edge data central processing unit," he said
Is cloud computing really necessary?
Sastry Malladi, chief technology officer of FogHorn Systems, an edge computing technology company headquartered in Sunnyvale, California, said that, as the name implies, IoT devices support the Internet, but edge computing does not actually require a continuous Internet connection.
He said, "By definition, an edge computing node works in a disconnected mode, and usually does not need a persistent connection with cloud computing, which can reduce security risks. However, even if the device is connected to the cloud in a very short time, if appropriate security measures are not taken, there is still a risk of equipment downtime."
He said that enterprises can further reduce these risks, not allow direct connections from edge nodes to the cloud, and require edge devices to start those necessary connections.
Edge data center is a positive network for security. If done well, edge computing will not become another source of network security risks.
Steven Carlini, vice president of innovation and data center of Schneider Electric, pointed out that "through appropriate architecture and protection, the edge data center can operate in clusters isolated from core and sensitive data, and will be used as a tool to improve network resilience."
