Securing the edge: 4 trends to watch

The COVID-19 pandemic and the disruption to workplace and operational environments that it triggered have accentuated and, in some cases, exacerbated some of the security concerns around edge computing.

Edge computing is a model where organizations, instead of relying solely on centralized datacenters, distribute processing and storage capacities closer to where the data is generated—IoT devices for instance—and to the users and applications consuming the data.

In a research note last year, Gartner described edge computing as entering the mainstream among organizations seeking to take advantage of IoT and transformative, next-generation cloud-native business applications. The analyst firm advocates that infrastructure and operations leaders take steps to incorporate edge computing into their cloud plans over the next few years. Forrester Research has predicted that organizations with highly distributed operations will increasingly begin looking for small and more local data centers and cloud services as edge processing services for their computing needs.

The trend toward edge computing has surfaced several security issues for organizations. For instance, the explosion of devices at the network edge has significantly expanded the attack surface at many companies and given threat actors a lot more opportunities to use these systems to break into the larger corporate network. Many of the servers and storage systems that organizations are using for edge processing are rich targets themselves because of the data they contain and the fact that they are often less well protected than servers hosted in enterprise locations and centralized cloud datacenters and co-location facilities.

Another issue: ISPs, device manufacturers, systems integrators and other stakeholders have begun delivering or integrating edge computing capabilities of their own for their customers and partners—a trend that has further complicated questions over ownership and responsibility for edge security in heterogenous vendor environments.

Experts have identified the following four areas where edge computing will have the most significant effect on enterprise threat models.

An accelerated shift to SASE

The shift to a more distributed edge-oriented computing model has focused greater attention on secure access service edge (SASE), a computing approach that combines network security functions such as secure web gateways and cloud access security brokers with secure wide area networking (WAN) capabilities. A survey that Versa Networks commissioned earlier this year showed that SASE adoption surged over the past year, with 34% saying they were in the process of implementing it and 30% planning to do so.

Reasons for the surging interest included problems that users had connecting to the enterprise network from remote locations, dropped connections, and performance issues when using bandwidth hungry apps such as videoconferencing. Challenges enforcing security policies and spotting new threats were other issues.

“One technology changing security and the edge is SASE,” says Ernest Sampera, co-founder of vXchnge. SASE is built around the idea that as users, applications and data move out of the enterprise data center to the cloud and network edge, it is also necessary to move security and WAN to the edge to minimize latency and performance issues. “SASE combines SD-WAN with a stack of solutions that protects the network portions involved in edge computing. Edge use cases grew considerably during the pandemic and not surprisingly, so did SASE adoption,” Sampera says.

Increased focus on attack surface visibility

The shift to work from home and hybrid work environments has primarily impacted the endpoints that people have been using to access enterprise networks, says Fernando Montenegro, principal analyst, information security at 451 Research. “In that sense, the last 18 months have resulted in lots of people trying to do their best connecting remotely to corporate systems.” The trend highlighted both how people connect remotely—via VPNs for example—and how people are supported in their remote work. It also led to a sharp increase in exploit activity against older VPN devices and other technologies used for remote access.

“The increased adoption of edge computing means that technology is now being used to address ever more specific use cases in many areas of the enterprise, meaning that there needs to be strong alignment between security and the business unit or team deploying edge computing,” Montenegro says. “If not addressed properly, a disconnect between security and business can result in unmet security needs.”

Chris Morales, CISO at Netenrich, says one fallout of the shift to a more distributed work environment has been an over-emphasis on endpoint security and not so much on other aspects of edge computing. As one example he points to the focus on preventing endpoint threats even as account takeover attacks targeting Office 365 environments has become a bigger attack surface. “In general, security budgets have shifted to threat detection as priority but have spent little time on attack surface visibility and risk quantification,” Morales says.

He advocates that organizations seeking to secure their edge environments try enabling greater visibility over their entire attack surface and not just user endpoint devices. “For every organization, the only way to understand the right strategy is to have visibility of the entire attack surface and to operationalize risk management using techniques like threat modeling and adversary emulation,” Morales says.

Identifying device risks

Risks from device variety at the edge have increased says Sampera from vXchnge. Much of the security concerns around remote work stem from users logging in from remote locations that may not offer strict security controls, he says. As organizations have attempted to mitigate that threat with controls like VPN and multi-factor authentication, attacks on those tools have increased.