What is Edge Computing?

Edge computing is a network architecture in which data is processed at the network's

edge, close to the data source. It is used to process time-sensitive data and improve
applications' performance that require low latency.

In other words, edge computing is a way to process and store data closer to the source
of the data rather than in a centralized location. This can be done by using devices such
as sensors, cameras, and other devices connected to the internet. We can reduce latency
and improve performance by bringing computation and data storage closer to these
devices.

Edge computing has many benefits, including improved performance, reduced

bandwidth consumption, and increased security. However, some risks are also
associated with edge computing, including the potential for data breaches and denial of
service attacks.

The Different Types of Edge Computing

There are three different types of edge computing: Datamation, inference, and
actuation.

Dataummation is collecting data from various sources and consolidating it into a

single location. The inference is the process of making deductions based on that data,
and the Actuation is taking action based on those deductions.

Each type of edge computing has its security risks and challenges. Dataummation can
be susceptible to data loss or corruption if not adequately managed. Inference can be
subject to bias if not handled correctly, and Actuation can result in unforeseen
consequences if not executed properly.

Before implementing any solution, one must carefully consider edge computing
security risks and challenges. Depending on the use case, one type of edge computing
may be more appropriate than another. Proper risk management and planning are
essential to ensure a successful deployment.

Security risks and challenges of Edge Computing

Edge computing has many benefits, including lower latency, higher security, and
improved efficiency. However, there are also several security risks and challenges
associated with this technology.

Data Breach

One of the biggest security risks with edge computing is data breaches. When data is
stored locally on devices instead of in a central location, it becomes much easier for
hackers to access it. Hackers can target individual devices or networks of devices to
gain access to sensitive information. In addition, if data is sent over the internet to
another device for processing, it could be intercepted by third parties.
Frequent Updates

Another challenge associated with edge computing is ensuring that all devices are
properly updated with security patches. Because each device has its processor and
memory, it can be difficult to push updates out to all devices promptly. This can leave
some devices vulnerable to attack even after patches have been released for other
devices.

Scalability

Finally, one of the biggest challenges facing edge computing is scalability. As more and
more devices are connected to the internet and begin generating data, it becomes
increasingly more work to manage and process all of that data centrally.

Cloud Adoption Risk

Organizations must be aware of these risks when considering adopting cloud-based

applications and services that use edge computing. They should consider implementing
additional security controls to protect data and systems and ensure that their staff are
trained on the proper handling of data at the edge. In addition, they should work with
their cloud service providers to ensure that appropriate measures are in place to
mitigate these risks.

Edge and IoT security risks

The rise of the Internet of Things (IoT) has created a new category of devices when left
unsecured become easy targets for hackers. Edge devices are increasingly being used to
collect and process data and are particularly vulnerable. These devices are often located
in remote or difficult-to-reach locations, making them difficult to secure and manage. In
addition, they typically have limited processing power and storage, making them more
susceptible to attacks.

How to secure Edge Computing?

As edge computing becomes more prevalent, it is essential to consider the security risks
and challenges associated with it. Let's understand how to secure edge computing.

Keep your devices and data safe.

Protect your devices connected to the internet and keep them up-to-date with the latest
security patches. In addition, be sure to encrypt your data at rest and in transit.

Secure your network connection.

Ensure that your network connection is secure using a VPN or other encryption
methods. This will help to prevent eavesdropping and data theft.

Implement security measures at the edge device level.

You can implement several security measures at the edge device level, such as firewalls,
intrusion detection/prevention systems, and access control mechanisms. By
implementing these measures, you can help to protect your data and devices from
attack.

Protect against IoT security risks.

The best way to protect against these risks is to implement a comprehensive security
strategy that includes physical and logical security measures. Physical security
measures should be implemented to secure edge devices and prevent unauthorized
access. Logical security measures, such as encryption and authentication, should be
used to protect data collected by edge devices.

Monitor and log all edge activities

As edge computing becomes more popular, securing the devices connected to the
network is essential. One way to do this is to monitor and log all activity relating to
operations and configuration. This will help to identify any potential security risks and
allow you to take steps to mitigate them.

Edge computing security and privacy

With the development of Internet of Things, more and more powerful devices are
mediating our daily lives. Gartner predicts that there will be 20.4 billion IoT devices by
2020. This will also result in massive data generated by billions of sensors and devices.
Meanwhile the increasing demand for advanced services and applications, such as
virtual reality, augmented reality and infrastructure for smart cities, has created huge
challenges on cloud computing. Edge computing has been proposed as a new
computing paradigm where resources like computation and storage are placed closer to
the data source. It enables a new class of latency and bandwidth sensitive applications
as data can be processed at the nearest edge. Without sending data to the cloud, edge
computing therefore enhances security and privacy.

However, edge computing also brings new possibilities and challenges for research in
the field the security and privacy:

1) Edge nodes are close to the users, and as a result can potentially receive large
amounts of privacy-sensitive data. If the data from an edge node is leaked, the
consequences can be serious.

2) Compared with cloud centers, edge nodes have limited resources, so they cannot
support complex security mechanisms.

3) Due to the high mobility of the devices and users, the edge computing
environment is always changing. Attackers can easily join the group, and it is
difficult to design security rules with multi-domain overlapping such as device
provider, data generator/user, etc.

This thematic series aims to collect the most relevant ongoing research efforts in edge
computing security and privacy. Topics include, but aren’t limited to:
New threat models and attacks in edge computing

 Defenses and countermeasures

 Anonymity and privacy in edge computing
 Scalability issues and solutions
 System and software security of edge nodes
 Lightweight cryptography, protocols, and standards in edge computing
 Trust management of edge system
 Security and privacy management of edge system
 Security issues due to services and application deployment
 Security issues due to the overall architecture and cooperation
 Novel privacy, liability, and legal issues raised by edge computing
 Malware detection in edge application and system
 Secure service and application design

Edge security provides protection for resources beyond the edge of the
traditional network. The fastest growing need stems from edge computing for
the Internet of Things (IoT) such as fitness bands, self-driving cars, and retail
point-of-sale (POS) registers. However, the same need for security exists for
remote workers, cloud computing networks, and operational technology (OT)
such as smart industrial pumps, temperature sensors, and industrial control
systems (ICS).

Why Is Edge Security Needed?

Data no longer lives safely behind the firewall and within corporate data centers.
Instead, data now processes within branch offices, retail locations, factories, and
a host of IoT devices. Even though most of these assets reside outside of the
corporate firewall’s protection, these devices are considered to be the edge of the
network, and the core of the network is the cloud or locally-hosted data center.

Attackers, both malicious insiders and outside threats, seek to hijack

communication streams, steal credentials, and remotely attack devices. These
attacks gain access to the larger network, steal sensitive data, or compromise
credentials for further attacks. While branch offices and some retail locations can
be protected by traditional measures such as next generation firewall (NGFW)
appliances, such expensive, large, and fragile equipment will often be
inappropriate for the edge for the following reasons:

 Asset mobility of users and IoT prevent the installation of fixed security
devices in a single location
 Expertise limitations at edge locations can make it impossible to properly
install and configure equipment
  Physical size limitations of personal devices such as fitness trackers
makes adding additional hardware impossible
 Scale requirements to manage the maintenance, access, and security
profiles of hundreds or thousands of remote devices become too
cumbersome for traditional management systems

Additionally, even as the number of assets and users continues to grow,

organizations cannot necessarily increase their staffing and equipment at the
same pace. Organizations require a centralized management capability that can
scale without adding much additional work.

How Edge Security Works

Edge security replaces traditional appliances with solutions that extend security
from the cloud to the remote assets. Edge security does not directly protect the
endpoint device (laptop, server, IoT, etc.), data center, or cloud applications;
however, it creates a hardened and monitored connection between them all.

The type of technology adopted will determine the nature of the layers of
security deployed between the data center, cloud resources, and edge assets. In
all cases, the technology will need to protect against attacks and create secure
connections. Common features will include:

 Antivirus and antimalware detection and blocking

 Cloud access security broker (CASB)
 Intrusion detection and prevention systems (IDS/IPS)
 Network access control (NAC)
 Next generation firewall (NGFW)
 Secure web gateway (SWG)
 Software defined wide area networking (SD-WAN)
 Unified threat management (UTM)
 URL and domain filtering
 Vulnerability management
 Zero trust network access (ZTNA)

More robust edge security options will also be context aware and able to provide
different levels of connections based upon the users, edge devices, and type of
data as well as the resource requested for the connection. Artificial intelligence
(AI) and machine learning (ML) analytics are also becoming common additions
to many of the major offerings.

In addition to security features, edge security will provide centralized control

and distributed access points. Centralized control allows for consolidated
visibility and reporting of all edge assets as well as the determination of levels of
security that will be pushed out to all edge assets. Distributed access points
provide many different local and secure network or cloud access points for low-
latency and high-speed connections.

5 Top Options for Edge Security

Edge security can be cobbled together using a variety of traditional security tools
and techniques such as NGFW, wide-area networks (WAN), routers, URL
filtering, whitelisting, and IDS/IPS. However, many IT and security teams may
prefer more turnkey solutions that can enable faster speed, centralized control,
and integrated security.

Many of the as-a-service (aaS) solutions will be cloud-hosted, which enables

rapid deployment and easy scalability — both up and down. Some tools will also
deploy AI or ML to provide advanced protection against attacks, turbocharge
analysis, and even detect problems automatically.

The top options for edge security are:

 Firewall-as-a-Service (FWaaS)
 Network-as-a-Service (NaaS)
 Secure access service edge (SASE)
 Secure service edge (SSE)
 Zero trust edge (ZTE)

Firewall-As-A-Service (FWaaS)
FWaaS providers generally replace NGFW and SWG appliances throughout an
organization. FWaaS provides fully monitored and inspected traffic as well as
URL filtering and other anti-malware security measures.

FWaaS fully monitors and controls access for users and applications and
provides centralized reporting, visibility, and control for administrators. FWaaS
generally does not perform microsegmentation or other network operations
functions and monitoring.

Network-As-A-Service (NaaS)
NaaS providers consolidate management and control of a network for a fixed
monthly rate. There are several different levels of service, from equipment-only
NaaS to fully managed and implemented NaaS (with or without physical
equipment).

Organizations that need to equip branch offices or stores will often select a NaaS
provider that deploys on-premise equipment such as routers and switches.
However, fully mobile requirements typically require cloud-based NaaS
providers. Cloud-based NaaS deployments can easily scale and are used to
replace load balancers, firewall appliances, and virtual private network (VPN)
solutions.

NaaS delivers edge security through faster updates, centralized control, less need
for maintenance, built-in encryption, and fully-monitored connections between
edge devices and other resources. Some NaaS providers enable device access
control, multi-factor authentication (MFA), micro-segmentation, and even ZTNA
capabilities. Simpler NaaS solutions may need to be used in combination with
more robust identity access management (IAM) tools, SWGs, or a CASB.

NaaS does not generally provide traffic inspection capabilities. This may be a
plus for companies that require secrecy for their data and prefer to do their own
inspection of all data. To enable anti-malware capabilities, NaaS will need to be
combined with SWGs or IDS/IPS solutions.

Secure Access Service Edge (SASE)

SASE provides a complete and turnkey solution for edge security with a full
range of features such as access control, network segmentation, and traffic
inspection to prevent malware. Organizations that do not adopt SASE solutions
often prefer to work with multiple vendors or only need a subset of the features
and do not see value in the cost for the full feature set.

Secure Service Edge (SSE)

SSE provides a full set of access controls, anti-malware filtering, and packet
inspection features. SSE provides nearly turnkey edge security features with the
exception of SD-WAN capabilities.

Organizations with existing WAN or SD-WAN solutions often prefer to obtain

an SSE solution to create a complete edge security solution. Organizations that
pass on SSE will usually do so for the same reasons as they pass on SASE:
reluctance to use a single solution, or they simply don’t need all of the
capabilities and do not find value for the cost of the SSE.

Zero Trust Edge (ZTE)

Forrester defined ZTE as “a safer on-ramp to the internet for organizations’
physical locations and remote workers” that is close to SASE in capabilities but
with an emphasis on zero trust access principles. Most vendors will claim that
their SASE offering is also a ZTE solution, but organizations will need to check if
the vendor’s actual zero trust capabilities live up to their needs.