Making edge computing safe means applying sound security principles to the unique edge environment. Credit: MF3D / Getty Images The problem of edge security isn’t unique – many of the issues being dealt with are the same ones that have been facing the general IT sector for decades. But the edge adds its own wrinkles to those problems, making them, in many cases, more difficult to address. Yet, by applying basic information security precautions, most edge deployments can be substantially safer. The most common IoT vulnerability occurs because many sensors and edge computing devices are running some kind of built-in web server to allow for remote access and management. This is an issue because many end-users don’t – or, in some cases, can’t – change default login and password information, nor are they able to seal them off from the Internet at large. There are dedicated gray-market search sites out there to help bad actors find these unsecured web servers, and they can even be found with a little creative Googling, although Joan Pepin, CISO at security and authentication vendor Auth0, said that the search giant has taken steps recently to make that process more difficult. “There’s definitely a market opportunity for a company to do better at the device management level, not having thousands of little web servers with the default username and password,” she said. One issue with solving that problem is the heterodox nature of the IIoT and edge computing worlds – any given deployment might use one company’s silicon, running in another company’s boxes, which are running another company’s software, connecting to several other companies’ sensors. Full-stack solutions – which would include edge devices, sensors, and all the various types of software and connectivity solutions required – are not common. “Given existing platforms, there’s a lot of viable attack vectors and increased exposure of both the endpoint and the edge devices,” said Yaniv Karta, CTO of app security and penetration-testing vendor SEWORKS. Worse, some of the methods currently used to secure all or part of an edge deployment can increase the exposure of the IoT network. VPNs, used to secure traffic while in transit, can be vulnerable to man-in-the-middle attacks under certain circumstances. Older industrial protocols like CANbus simply weren’t designed to protect against modern infosec threats, and even LP-WAN protocols used to connect sensors to the edge can be vulnerable if encryption keys are compromised. The industry currently considers this fragmentation something of an advantage, said Karta, mostly from a flexibility standpoint. The ability to use equipment and software from a wide array of different vendors without too much difficulty in tying those systems together is attractive to some customers. The fact that companies generally have to use a middleware layer of some type to tie all the disparate elements of their deployments together, however, makes for yet another attack surface. What’s to be done? It’s not rocket science, according to Pepin. Most of the same fundamental principles that apply to securing cloud or data center or userland environments apply to the edge as well. “For example, you should not be running any unnecessary services on your devices, whether that’s a server, a laptop, an IoT device.” She joked that the industrial IoT, in a way, is a dream situation for IT pros – potentially hundreds of thousands of endpoints, but no users at the end of them to mess things up. Tortuga Logic CEO Jason Oberg agreed that better fundamentals are needed to help secure the edge, as well as authentication and encryption for the code that edge devices are running. One way to promote better security will be new industry standards. “I think there will be some working groups around best practices,” he said. “I do think there will be a large initiative to build security into the hardware, and that’s already happening, because I think people realize it’s a heavily hardware/software-driven issue.” End-to-end encryption is another technique that could prove useful against edge attackers, argued Pepin. While there’s a performance cost to encryption, there are standards and software out there that are designed to make that cost a minimal one, even on smaller and less capable devices. “If all these devices are encrypting data over the wire … everything is running over secure protocols like TLS, and you’re not running random listening ports and whatnot, it’s the same security model,” she said, also citing the Blowfish cipher as well-suited for edge and IIoT deployments. “If [a smartphone], which fits easily in my hand, can do that type of encryption and not impact my user experience, then, certainly, an IoT device can perform the same types of encryption and not affect the user experience.” Related content analysis Juniper tunes AI to find and fix SD-WAN, WAN routing problems New AI-driven management capabilities aim to provide greater visibility into SD-WAN performance and reduce WAN troubleshooting time. By Michael Cooney Jun 05, 2024 4 mins SASE SD-WAN Network Management Software news Cisco shows off new AI features to secure data flows The networking giant is busy embedding AI capabilities across the Cisco Security Cloud and beyond. By John E. Dunn Jun 04, 2024 4 mins Generative AI Network Security Networking news Network jobs watch: Hiring, skills and certification trends What IT leaders need to know about expanding responsibilities, new titles and hot skills for network professionals and I&O teams. By Denise Dubie Jun 04, 2024 10 mins Careers Data Center Networking news 2024 global network outage report and internet health check ThousandEyes tracks internet and cloud traffic and provides Network World with weekly updates on the performance of ISPs, cloud service providers, and UCaaS providers. By Ann Bednarz Jun 04, 2024 52 mins Internet Service Providers Network Management Software Cloud Computing PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe