Overcoming Zero Trust Challenges with Edge Computing
Could edge technology make zero trust security more financially and logistically feasible?
Few cybersecurity concepts have taken the enterprise world by storm like zero trust. Mauricio Pegoraro, CISO at Azion, takes a look at how edge computing can help with some of the most significant challenges tied to implementing zero trust.
According to recent data, 97% of companies say they have started to enact zero trust initiatives, and by 2027, zero trust products will be worth roughly $60 billion globally. Soon, not embracing zero trust could result in a competitive disadvantage, as potential customers may only trust companies that do implement zero trust strategies.
But for companies that have yet to embrace zero trust, 2023 is a challenging time to make ambitious changes. Between reduced budgets and potentially reduced personnel, many companies may not feel well prepared to overhaul the way they approach security, especially since a botched zero trust implementation could open the door to a breach.
One way that zero trust security can become financially and logistically feasible is by using edge technology. By partially or completely shifting your security onto a distributed architecture, you may be able to substantially streamline the process of securing your organization.
Ensuring the Right Permissions for Each Stakeholder
A core component of zero trust security is “least privileged access” — ensuring that each network user is only given access to exactly what they need. But unfortunately, assigning someone the exact correct permissions can be time-consuming and difficult, given the number of people who need permissions to be defined.
Two key components of least privileged access are specificity and time — what one has access to, and when that access is granted. Embracing the edge can help with both. Because edge infrastructure distributes components of your network away from a central infrastructure, it facilitates the process of microsegmentation. By splitting up the network and its contents into discrete sectors, the correct permissions can be easily given.
Yet even with specific permissions and microsegmentation, you will need to be able to rapidly make modifications as roles change. For optimal security, this will require a way to manage and track permissions in real-time, a feature that many edge solutions are now offering their clients.
Managing Complex Security Infrastructure
If your current network infrastructure runs on a large number of central servers, this is likely a burden to manage both logistically and financially. Working to implement zero trust on top of that complexity may be overwhelming.
Edge computing can help to mitigate that challenge. As part of the recent evolution of edge technology, dedicated serverless edge platforms have become more commonplace. These platforms allow you to focus on building for the edge and leave infrastructure maintenance to a group of experts.
If you are able to transition some of your infrastructure from a central location to one of these platforms, you can reduce the complexity of what central servers remain to be managed. From there, you can focus much of your efforts on implementing zero trust effectively.
See More: Why a Security-First Infrastructure Is Your Only Option
Minimizing Disruptive and Unsafe False Positives and Negatives
Accurately assessing incoming requests is another key component of zero trust. False negatives (failing to detect bad actors) can result in breaches, but false positives (wrongly blocking legitimate actors as threats) frustrate employees and harm productivity. A web application firewall (WAF) is an important component of any zero trust implementation, blocking application-layer threats like cross-site scripting. Placing a WAF at the edge helps to intercept threats quickly, but not all WAFs are created equal.
Historically, signature-based WAFs have been most common — “signature” referring to an attack pattern that is stored within the WAF once it has been identified. However, this leaves the WAF unprepared to face entirely new threats. An emerging alternative is scoring-based WAFs, which dynamically score attempted requests to detect possible threats, allowing these firewalls to stop strategies they’ve never seen before. Because scoring-based WAFs can also incorporate predetermined rules that help respond to known threats, this newer type of firewall can help avoid false negatives and adapt quickly to new situations, making it ideal for avoiding false positives.
See More: Web Application Firewall Goes Hybrid to Amp Up DDoS Defenses
Implementing Zero Trust Security Without Sacrificing Other Protections
While zero-trust security is essential to maintain rigorous, modern security standards, it’s not full protection against every kind of attack that could disrupt a company’s operations — for example, they could also face DDoS attacks and bot attacks.
You can implement protections against both DDoS attacks and bot attacks at the edge, where your WAF lives. Having the protections as far away from the central infrastructure as possible means that threats can be stopped before they come near central infrastructure. Additionally, you can define specific types of bots to block in order to ensure that you are not hindering search engine crawlers and harming search engine optimization. One note: Since DDoS attacks can take place at both the application and network layers, it’s important to find a DDoS protection option that covers both.
Assessing Whether Your Systems Are Operating Correctly
Even when you’ve finished setting up modern security infrastructure, it can be hard to know whether it is operating efficiently. The edge can help here because it’s localized. Getting information from a specific edge location makes it easier to target and address that issue and location specifically.
As a result, if you are able to funnel your edge data through to an SIEM system, you can quickly obtain a bird’s-eye view of your organization’s infrastructure and its efficacy. Over time, this can save you money through more efficient operations. Granted, just knowing the information is only half the battle. The other half is finding an edge orchestration platform that can coordinate your security efforts and empower you to respond to crises in real-time.
Avoiding Being Locked Into a Specific Security Strategy or Vendor
Within a few years, zero trust could look entirely different. Yet you may be tied to a vendor that only excels at what zero trust looks like now, and if your needs change, that doesn’t mean the vendor will evolve with you. This is particularly pressing if that vendor relies on proprietary standards, as moving your systems to another vendor will be challenging.
In order to avoid being at the mercy of a given provider, it’s best to align with open standards that many citizens, organizations, and companies use. If you do need to change providers, this makes it as easy as possible to do so. The edge is a site of bustling innovation in open standards, including WebAssembly, HTTP3, and many others, so you can build your functionality in a way that can still move elsewhere as needed.
There’s no doubt that adopting zero trust security practices can be a challenge, especially when there is pressure to complete the process quickly. But edge computing and networking technology can help by bolstering security, reducing management complexity, and helping you keep your options open when planning for the future. While zero trust trends may change in the future, edge computing will very likely continue to play a role in whatever zero trust evolves into.
What zero trust challenges are you struggling to overcome? Would edge computing offer adequate solutions? Share with us on Facebook, Twitter, and LinkedIn. We’d love to hear from you!
Image Source: Shutterstock
MORE ON ZERO TRUST
