Why Edge Computing Frameworks Need Zero Trust Architecture
By: Alan Seal on June 26, 2019
Edge computing framework has become much more common as organizations push key data processing functions closer to the edge of their networks. By keeping data closer to where it is gathered, edge networks can combat latency and deliver faster, more efficient services to end users. The versatile structure of edge computing framework makes it easy to scale and provides tremendous flexibility for a variety of big data applications.
But shifting so many key tasks to the edge of the network creates a number of new challenges for organizations. One of the most critical has to do with security. The expansion of the network edge also expands the amount of potential attack vectors for hackers to exploit, forcing cybersecurity experts and data center security solutions to explore new strategies for safeguarding valuable data to avoid a costly breach.
The Edge, the Casino, and the Aquarium: A Cautionary Tale
Edge computing networks come into contact with a lot of Internet of Things (IoT) devices. While that’s largely the point of an edge computing framework, connecting all of these devices to a broader network presents a few unfortunate complications. Even if every device is a trusted one, connectivity is a two-way street, and there’s often nothing to stop someone with malign intentions from using IoT devices as a backdoor into edge computing networks.
“There’s a lot of Internet of Things devices, everything from thermostats, refrigeration systems, HVAC systems, to people who bring their Alexa devices into the offices,” Nicole Eagan, CEO of the cybersecurity company Darktrace, said at the 2018 WSJ CEO Council Conference. “There’s just a lot of IoT. IT expands the attack surface, and most of this isn’t covered by traditional defenses.”
To drive home these risks, Eagan shared a story in which a hacker gained access to a casino’s data by way of a thermometer in the lobby aquarium. “The attackers used that to get a foothold in the network. They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud.”
The Threat of Lateral Mobility
These stories reveal not only the potential risks that IoT devices pose to an edge network and data center security, but also the lateral mobility risks that most networks face regardless of their architecture. Traditionally, networks focus their security efforts at the edge, guarding the access points (such as routers and switches) with firewalls that permit or deny access based on a set of predetermined protocols. The idea is that only authorized users and requests can enter the network, which keeps it safely insulated from hostile cyberattacks and protects the valuable data stored inside.
Unfortunately, traditional perimeter-based security isn’t designed to deal with lateral threat movement, which occurs when an unauthorized user manages to bypass the outer perimeter. Conventional security models often treat everything inside the network as if it can be trusted. If an edge computing framework incorporates devices with minimal security capabilities, they could potentially serve as open doors for anyone seeking to gain access to the more centralized cloud network inside the edge.
Zero Trust Architecture
Developed by the analyst firm Forrester Research, zero trust architecture operates on the assumption that every device or user within a network could potentially be hostile or compromised by malware. By employing a combination of micro-segmentation of users and sub-perimeters within the network, zero trust architecture applies a “never trust, always verify” philosophy to every access request.
Zero trust architecture recognizes that the initial point of contact during a cyberattack is rarely the intended target. Rather than throwing all defenses at the main entry points, zero trust turns the entire network into a defense mechanism capable of sounding the alarm every time an unauthorized user attempts to take an action. While they might be able to bypass the outer edge, chances are they won’t be able to move far enough laterally through the network to access anything sensitive or valuable.
Zero Trust Architecture and Edge Computing Networks
Going back to the infamous aquarium thermostat example, zero trust architecture would likely have prevented a further security compromise. Rather than allowing deeper access into the network, zero trust protocols would have forced the IoT thermostat to provide authentication to gain further access. Since it likely would not be able to do so, a hacker would not have been able to penetrate any deeper into the network.
Fortunately, zero trust architecture doesn’t require data center security experts to tear up and replace the existing network or implement expensive new software. Additional segmentation gateways and access policies based on users, applications, and data types can be put in place over time, allowing security measures to be scaled up over time or put in place where the risks are most serious. Organizations could begin at the edge, imposing strict policies regarding devices and edge data centers security to ensure that unauthorized users aren’t able to slip into the network due to lax security standards on devices.
By using zero trust architecture, organizations can significantly shore up their network defenses to combat one of the key vulnerabilities posed by edge computing. Despite the security concerns raised by IoT devices, implementing zero trust architecture to protect edge computing frameworks can help organizations guard against both known and unknown threats. It’s also a security architecture that can grow along with an edge network, continually expanding to protect infrastructure from unauthorized access.
About Alan Seal
Alan Seal is the VP of Engineering at vXchnge. Alan is responsible for managing teams in IT support and infrastructure, app development, QA, and ERP business systems.