Edge computing: The cybersecurity risks you must consider

Edge computing could be an innovative new way to collect data, but it also opens up a world of additional security headaches.
Written by Danny Palmer, Senior Writer

Edge computing is based around the idea that, to cope with the vast amounts of data generated by IoT sensors and environmental monitors, computing and network infrastructure will need a rethink: a lot of that data will need to be analysed and processed at the edge of the network, rather than transported to a remote centralised data centre.

With processing being done close to where data is generated, such architectures will be able to deliver better performance and efficiency, and ultimately allow companies to reduce their operational expenses.

But like the IoT, the supposed benefits of edge computing also come with additional risks: adding more data-generating devices to your network in more locations -- particularly those that are physically remote or aren't well monitored -- can lead to additional cyber security headaches.

"Security at the edge remains a huge challenge, primarily because there are highly diverse use cases for IoT, and most IoT devices don't have traditional IT hardware protocols. So the security configuration and software updates which are often needed through the lifecycle of the device may not be present," says Barika Pace, research director at analyst firm Gartner.

"This is why when we talk about security in edge computing, tracking the threat landscape becomes more challenging," she adds.

SEE: Sensor'd enterprise: IoT, ML, and big data (ZDNet special report) | Download the report as a PDF (TechRepublic)

Essentially, edge computing shares the same security challenges as the IoT: the devices are often small, often not built with security in mind and may not even receive updates.

Combined, these issues lead to the threat of cyber attacks, potentially providing attackers with an easy entry point into the network, which can then be exploited to gain access to the core systems to which the edge devices eventually connect.

Those looking to deploy these devices should therefore consider the security of the devices and the network before rushing to deploy them.

"Are these systems designed to talk to each other over controlled networks that are carefully secured by the operator, or are they appropriately safe that they can be deployed and effectively talk to each other over the internet?," says Dave Palmer, director of technology at cyber defence company Darktrace. "Or is it the kind of product which is rushed into the market to be first?"

Devices deployed as part of edge computing infrastructure aren't just at risk of digital attacks either: physical security needs to be a consideration, in addition to cyber security.

"From a cyber-physical perspective you're not only protecting the data, now we're getting to a state where we're protecting the physical. Protecting the physical means that our jobs have got a lot bigger," says Pace.

"So when we think about attacks when somebody can physically tamper with a device, now we're not dealing with threats just in the digital space, but physical consequences which could harm safety," she adds.

The obvious response is to make the devices harder to attack, but that creates another problem says Palmer.

"As soon as you start trying to design a system to be resistant to an attacker attempting to gain physical access, you usually end up designing something that isn't edge computing anymore -- because if the data doesn't reside on the device, but a cloud or a data centre, the data lives somewhere else," he says.

SEE: Cybersecurity in an IoT and mobile world (ZDNet special report) | Download the report as a PDF (TechRepublic)

For those producing the devices, there should be a relatively simple answer: "Employing security by design is the basic to securing devices on the edge," says Pace. However, as demonstrated by the sheer number of security issues in IoT devices, this still isn't close to being applied.

It could be that the only way to ensure the integrity of edge computing is to have someone physically visiting the devices on a regular basis -- a timely and costly process that undermines the benefits of deploying hand-off sensors in the first place.

Ultimately, if an organisation wants to deploy edge computing, it's not the sort of thing that should be rushed or taken lightly: if you do it on the cheap, you may find that your devices are full of security holes that it might not be possible to fix.

"It might well make sense to pick something which may not have all the features or the best price, but is the one that definitely offers ten years or longer of guaranteed support and security fixes in a timely manner -- and that you can deploy over the networks rather than having to physically go and visit them," says Palmer.

"That's an amazingly important set of features and characteristics. It's those sort of features that some don't think about -- but really they should, because edge computing systems are likely to be long-lived," Palmer adds.


IoT security: Is cryptocurrency-mining malware your next big headache?
IoT devices lack the power of PCs, but some dark web users are still keen to see if compromising connected devices for financial gain is plausible.

Woman pleads guilty to hacking police surveillance cameras
A chase around Europe led to the extradition of a 28-year-old who infected police equipment with ransomware days before Trump's inauguration.

Spark lights up Cat M1 IoT network
New Zealand telco deploying Cat M1 across the country in the coming six months.

The race to ruin the internet is upon us
Australia versus China versus Europe: It's a potent combination of ineptness and maliciousness, and the internet is about to change.

Microsoft introduces Azure Sphere to protect your IoT (CNET)
It's a comprehensive system meant to secure some of the most vulnerable devices connected to the internet.

New security certification could make it easier for businesses to get started with IoT(TechRepublic)
CTIA Cybersecurity Certification Program is the first to partner with nationwide wireless providers to improve the security of cellular-connected IoT devices.

Editorial standards