By John Fryer, Senior Director of Industry Solution, Stratus Technologies
The benefits of edge computing are not a secret anymore. Many companies across a variety of industries have realized the benefits of implementing edge solutions for faster processing and enhanced data analysis. Given the remote access points of these devices – literally at the edge of the network – these companies are facing new security vulnerabilities that they have not experienced before. These touchpoints, which were previously isolated within the network, are exposing new threat surfaces – which can lead to the loss of data integrity and network vulnerabilities, for example. Unfortunately, these two threats combined put companies at greater risk for potentially catastrophic events, including ransomware attacks.
To protect their networks and data, companies utilizing edge technology need to make sure that they are addressing cybersecurity threats on the edge. However, edge security strategies are not a one-size-fits-all approach. To develop the best edge security strategy for their specific operations, companies need to take into account the below best practices prior to implementation.
1. Define Security
Edge security can be especially complicated because security needs are different for each stakeholder involved. For example, information technology (IT) staff associate security with data protection and minimizing network vulnerabilities, whereas operational technology (OT) staff define security in terms of safety and reliability of operations. Effective edge security strategies must address all of these concerns – especially considering that edge computing regularly serves as a platform both IT and OT applications.
2. Coordinate Your Stakeholders
As I touched on in my previous point – edge computing is in the hands of both IT and OT professionals on a day-to-day basis. Because of this convergence, effective security remediation plans need the buy in of both IT and OT teams. The cooperation and coordination between both sets of professionals is crucial – and a lack to do so can result in detrimental outcomes. An effective remediation plan properly outlines what both teams’ roles are in protecting the company’s operations and assets. It is possible for IT and OT teams to work cohesively to protect the security of their organization.
3. Know Your Security Needs
This is arguably the most integral part of the edge security process – companies need to conduct a comprehensive security audit of existing environments. In this step, a security auditor properly identifies physical and digital security threats at the edge. After all of the points of weakness are identified, a proper and comprehensive edge security strategy can be put in place.
4. Implement Security Awareness Solutions
Due to the nature of the edge, security has different requirements from traditional IT infrastructure. At the edge, priorities are highly focused on the simplicity of the solution, the autonomy of operation and the ability to self-protect (against cyber-attacks or component failure) to prevent unplanned downtime. Because of this, edge security strategies cannot be complicated or costly. When addressing this issue, companies need to consider implementing security awareness solutions that suit the needs of the OT professionals who are directly managing the front lines at the edge, while also working in tandem to minimize the risk for IT security issues.
Overall, if a company is using edge computing now – or thinking about implementing it in the future – it’s important that they implement a security strategy proactively. By defining security, coordinating both IT and OT teams, conducting a security audit and implementing security awareness solutions, a company will develop an edge security strategy that will protect both their data and their bottoms line. While it is true that edge computing is still new and that not all of its benefits have been realized, one thing is for certain – security needs to be a critical part of the edge conversation.