The new paradigm shift toward data decentralization may signal a shift in how organizations approach edge protection.
Cyberattacks can intensify existing security issues while exposing new gaps at the perimeter, posing several challenges for IT and security personnel. Infrastructure must be resilient to the security flaws introduced by the massive proliferation of devices that generate, capture, and consume data outside of the traditional data center.
The need for a holistic cyber resiliency strategy has never been greater — not only for safeguarding data at the edge but for strengthening protection from all endpoints of a business to centralized data centers and public clouds.
But before diving into the perks of a holistic framework for cyber resiliency, it may help to get a deeper understanding of why the edge is often susceptible to cyberattacks, and how adhering to some tried-and-true security best practices can help tighten up edge defenses.
The consequences of human error
According to conventional IT wisdom, security is only as strong as its weakest link: humans. Human error can be the difference between an unsuccessful attack and one that causes application downtime, data loss or financial loss. According to IDC, more than half of new enterprise IT infrastructure will be at the edge by 2023. In addition, Gartner predicts that by 2025, 75% of enterprise-generated data will be created and processed outside of a traditional data center.
The concern is securing and protecting critical data in edge environments where the attack surface is growing exponentially and near-instant data access is required.
With so much data flowing in and out of an organization's endpoints, the function of humans in ensuring its security is amplified. For example, failing to practice basic cyber hygiene (reusing passwords, opening phishing emails, or downloading malicious software) can hand over the keys to the kingdom to a cyber-criminal without anyone in IT knowing.
In addition to the risks linked with disregarding standard security protocols, end-users may bring unauthorized devices to the workplace, creating additional blind spots for the IT organization. While capitalizing on edge data is essential for expansion in today's digital economy, how can we overcome the challenge of securing an expanding attack surface as cyber threats become more sophisticated and invasive than ever?
A multi-layered approach
It may feel like there are no simple answers, but organizations may start by addressing three fundamental key elements for security and data protection: Confidentiality, Integrity, and Availability (CIA).
- Confidentiality: Data is protected from unauthorized observation or disclosure both in transit, in use, and when stored.
- Integrity: Data is protected from being altered, stolen, or deleted by unauthorized attackers.
- Availability: Data is highly available to only authorized users as required.
In addition to following CIA principles, organizations should consider implementing a multi-layered strategy for securing and safeguarding infrastructure and data at the edge. This typically falls into three categories: the physical layer, the operational layer, and the application layer.
Physical layer:
Physical security is built into data centers, with a set of policies and protocols in place to prevent unauthorized access and to avoid physical damage or loss of IT infrastructure and data stored in them. At the edge, however, servers and other IT infrastructure are likely to be housed beside an assembly line, in the stockroom of a retail store, or even in the base of a streetlight. Evaluate the following best practices for physical security at the edge:
- Controlling infrastructure and devices from start to finish, from the supply chain and factory to operation and disposal.
- Preventing systems from being modified or accessed without permission.
- Safeguarding vulnerable access points, such as open ports, from bad actors.
- Preventing data loss if a device or system is stolen or tampered with.
Operational layer
Beyond physical security, once IT infrastructure is functional at the edge, it is vulnerable to a new set of vulnerabilities. Infrastructure is deployed and managed in the data center using a set of tightly controlled processes and procedures. Edge environments, on the other hand, tend to lag in specific security software and necessary updates, including data protection. Endpoint security is difficult to achieve compared to a centralized data center due to the large number of devices deployed and the lack of visibility into the devices. Consider the following best practices for securing IT infrastructure at the edge:
- Using an uncompromised image to ensure a secure boot spin-up for infrastructure.
- Controlling system access, such as locking down ports to prevent physical access.
- Installing applications into a known secure environment.
Application layer:
Data protection looks a lot like traditional data center security once you get to the application layer. However, the high volume of data transfer, combined with a large number of endpoints inherent in edge computing, creates attack vectors as data travels between the edge, the core data center, the cloud, and the back.
Best practices to consider for application security at the edge include:
- Securing external connection points.
- Identifying and locking down exposures related to backup and replication.
- Assuring that application traffic is coming from known resources.