On a razor’s edge

Though there are many potential advantages, organisations must see the dangers in edge computing writes Steve Durbin, Managing Director of Information Security Forum

The requirement for real-time data processing and analysis will soon drive businesses to adopt edge computing in order to ease latency and increase connectivity between devices. However, adopters will unintentionally bring about a renaissance of neglected security issues. Poorly secured edge computing environments will create multiple points of failure, and a lack of security oversight will allow attackers to significantly disrupt operations.  

Organisations in industries such as manufacturing, utilities, or those using Internet of Things (IoT) and robotics, will be dependent upon edge computing to connect their ever-expanding technical infrastructure. However, many will not have the visibility, security or analysis capabilities that have previously been linked with cloud service providers – information risks will be transferred back within the purview of the organisation. Attackers will exploit security blind spots, targeting devices on the outside edge of the network environment. Operational capabilities will be crippled by sophisticated malware attacks, with companies suffering periods of substantial downtime and financial damage.  

Poor implementation of edge computing solutions will leave organisations open to attack. Nation states, hacking groups, hacktivists and terrorists aiming to disrupt operations will target edge computing devices, pushing security to the brink of failure. 

What is the reasoning for this threat? 

As the world moves into the fourth industrial revolution, the requirement for high-speed connectivity, real-time data processing and analytics will be increasingly important for business and society. With the combined IoT market size projected to reach $520bn by 2021, the development of edge computing solutions alongside 5G networks will be essential to provide near-instantaneous network speed and to underpin computational platforms close to where data is created.  

The transition of processing from cloud platforms to edge computing will be a requirement for organisations demanding speed and significantly lower latency between devices. With potential use cases of edge computing ranging from real-time maintenance in vehicles, to drone surveillance in defense and mining, to health monitoring of livestock, securing this architecture will be a priority.  

With edge computing solutions, security blind spots will provide attackers with an opportunity to access vital operational data and intellectual property. Moreover, organisations will be particularly susceptible to espionage and sabotage from nation states and other adversarial threats. Edge computing environments, by their nature, are decentralised and unlikely to benefit from initiatives such as security monitoring. Many devices sitting within this type of environment are also likely to have poor physical security while also operating in remote and hostile conditions. This creates challenges in terms of maintaining these devices and detecting any vulnerabilities or breaches. 

Businesses that adopt edge computing will see an expansion of their threat landscape. With many organisations valuing speed and connectivity over security, the vast number of IoT devices, robotics and other technologies operating within edge computing environments will become unmanageable and hard to secure. 

Edge computing will underpin critical national infrastructure (CNI) and many important services, reinforcing the necessity to secure them against a range of disruptive attacks and accidental errors. Failures in edge computing solutions will result in financial loss, regulatory fines and significant reputational damage. An inability to secure this infrastructure will be detrimental to the operational capabilities of the business as attackers compromise both physical and digital assets alike. Human lives may also be endangered, should systems in products such as drones, weaponry and vehicles be compromised. 

How should your business prepare?

Organisations that are planning to adopt edge computing should consider if this architectural approach is suitable for their requirements. 

In the short term, organisations should review physical security and potential points of failure for edge computing environments in the context of operational resilience. Carry out penetration testing on edge computing environments, including hardware components. Finally, identify blind spots in security event and network management systems. 

In the long term, generate a hybrid security approach that incorporates both cloud and edge computing. Create a secure architectural framework for edge computing and ensure security specialists are suitably trained to deal with edge computing-related threats.