The Edge data center market is on the edge of booming. The market is expected to exceed $13 billion by 2024 according to a Market Study Report. The mean number of Edge locations is predicted to reach 12 within three years, up from six today.
While the number of sites is growing, so is the amount of data they are gathering, with Gartner predicting the majority of enterprise data will be handled there by 2025.
The Edge is becoming more prevalent because of use cases such as pre-processing of Internet of Things data before it is sent on to the host data center or as low-latency hubs for content distribution. But all this growth is making Edge facilities prime targets for threat actors.
Edge data centers pose all the same challenges around security and resilience as a traditional data center. However, they also pose new and unique challenges due to their placement, environments, and use cases. You cannot take Edge security for granted, and assuming you have the kind of security you might see in a centralized data center (whether it has Uptime Tier certification or not) may lead to pitfalls.
Edge data centers can be located in a huge variety of places, including self-reliant processing hubs attached to telco base stations, and micro data centers in branch offices or factories. A lot of the logical and physical controls available in larger data centers may not be available or practical in these locations, making a standardized approach to security across all your Edge locations difficult.
“Simply replicating an on-premise cyber security strategy at the Edge is impractical,” warns Stephen Marchewitz, director of risk management at security consulting company TrustedSec. “Those at the Edge will be unmanned as there are too many to have staff to be cost effective. Information about the status of the facilities will generally take place in the cloud, without the traditional command and control mechanisms that they are used to.
“The fact that Edge data centers will be unmanned increases risk as the time to resolution for an onsite problem will generally be longer. This is especially so if multiple Edge data centers go down at the same time. It also creates greater risk if orchestration, automation, and response are not planned out correctly and tested to ensure the processes are working.”
Not only could compromised Edge locations lead to data breaches of the information on the devices or potentially act as entry points to core networks, but threat actors could corrupt data being sent back and forth between the home network, the Edge location, and other devices feeding into that location. This could lead to incorrect information being sent back to the business, incorrect instructions being sent out to any device connected to the Edge data center, or potentially have it used as a part of distributed-denial-of-service (DDoS) attacks.
“Essentially the fundamental cyber security challenges haven’t changed because of the introduction of Edge centers,” says Gary Criddle, cyber risk and business resilience consultant at Sungard Availability Services, “but the dispersed nature of the data and the use of numerous smaller data centers simply multiplies the number of touchpoints that attackers can play with.
“IoT connected devices already pose security issues and every IoT device connected to a network effectively becomes a doorway into that network. I’m sure we will learn the IoT security lessons the hard way and Edge computing will be at the epicenter of these problems when they hit.”
On the physical side, by and large Edge facilities should be secured in the same way as servers in branch locations or telecoms base stations, with as many physical controls in place as is feasible. These include walls or fences where suitable with strong doors and locking systems. If located within an office or factory, sturdy enclosures with robust locking doors should be installed and the security procedures of the entire building should be assessed and updated if necessary. All servers and racks should be securely tied down to prevent unauthorized removal. Visible deterrents such as barbed wire and warning signage may deter spur of the moment attacks.
Given the greater number of locations, many of which may have little or no staff and may well be hours away from the nearest engineer. Limited infrastructure means facility monitoring becomes even more important. Access controls such as a keypad, keycard, or even biometrics system should be used (and logged), along with burglar alarms, 24-hour alarmed surveillance via CCTV, sound and motion detectors, as well as fire detection and suppression systems. Additional detection mechanisms such as proximity, infrared, temperature, and even pressure sensors can provide a more holistic view of a location.
As physical security merges more with digital security, artificial intelligence is increasingly being deployed in efforts to better secure physical locations. Swedish ‘smart building’ research firm Memoori predicts AI-based video analytics could “dominate” physical security investment over the next five years. For example, CCTV-based image recognition can detect if people are present in view, meaning alerts can be set up if no one is scheduled to be on-site, behavioral analytics around access control systems can alert you to unusual or unexpected use of keycards at edge.
While physical security is important, the data security element is elevated in importance compared to other deployments purely because the information within those locations sits outside the traditionally well-known confines of your network.
“In these ephemeral environments, visibility is the first challenge from a security standpoint,” says Marco Rottigni, chief technical security officer EMEA at Qualys. “Strengthening visibility is crucial to understand what you have before being able to defend and protect it. This involves deploying specialized security sensors to observe what is installed in the Edge data center, organize and classify it, gain information about it and then stream this information to the central brain where it can be processed holistically.”
If used within IoT use cases, large volumes of devices connecting from random IP addresses to your location increases the complexity compared to more controlled environments. Increased monitoring – both in terms of data being sent back and forth as well as who is accessing terminals – and implementing a strict alerting system for abnormal traffic activity or unscheduled behavior if collecting information in batches will help flag potential issues.
“The ideal approach is to build security in from the start versus bolting it on as an afterthought once the Edge data center has been put together,” says Rottigni. “Best practices here include passive traffic listening, implementing container security, and building security system agents into any golden images for deployment or via SDK into IoT devices. All this data should also be integrated with cloud service providers APIs. Encryption becomes more critical because data travels over potentially more insecure channels.”
Encryption - both in transit and at rest - is incredibly important to ensure that if any data is compromised it’s less likely to be used or abused by attackers. you must also plan how to scale all of your security activities to suit the larger footprint of Edge.
“Traditional data center encryption may have a limited number of “sessions” between assets whereby information is encrypted and decrypted,” says TrustedSec’s Marchewitz. “This is different in that a much larger number of devices are connecting more often causing potential delays that the Edge data center was meant to relieve, and so device-to-data-center encryption needs to be able to be scalable to meet the increased demand for large number of devices connecting in a short period of time.”
“With the sheer number of devices leading to an ever-increasing number of Edge data centers required, poor planning up front on security, or any missteps will have domino effects as they are rolled out.”