Edge computing applications, which use devices at the “edges” of networks to process data, raise challenges and concerns for industrial and enterprise users. Often, physical security concerns become readily apparent as edge technologies move beyond protected rooms into open, uncontrolled environments like subway tunnels and farm fields. Data security faces a culture clash between IT and operational engineers in managing the responsibilities and security of edge micro-data centers.
Lock it or lose it
Edge computing has enabled the unprecedented connectivity, centralization and intelligence that IoT technologies deliver, especially in demanding, non-factory-floor environments. Public facing environments, such as cruise ships or public transit systems see crowds of hundreds, thousands, or even millions of people over the lifetime of the installation. The New York City Subway, for example, sees over five million riders per day. With such large numbers of people passing near them at any given time, edge computing devices are especially vulnerable to physical tampering. This includes not only physical theft, but also intentional malicious actions, such as introducing harmful hardware, software or data theft.
Scores of people in the vicinity of edge equipment mean extra steps have to be taken to secure it. These can include sourcing rugged enclosures that lock securely and are constructed of durable, hard-to-break materials like stainless steel. Such enclosures help prevent unauthorized people from accessing sensitive equipment and deter tampering with the external structure.
Locking mechanisms should be secure and redundant, with only trusted people holding the keys. Avoid using insecure locks such as mass-market padlocks. These are often easy to pick, cut or pry open. Multiple locking mechanisms, including mechanical and electronic, can help in case electricity to the lock gets cut. Preventing physical access to devices may seem obvious, but it is surprisingly an all-too-common starting point for many malicious actions.
Out of sight, out of mind
Beyond housing equipment in secure enclosures behind locked doors, engineers should also ensure that the micro-data center is out of sight and not easily accessible. Intent can be influenced by opportunity, so keeping the enclosures out of sight minimizes opportunity. Ensure equipment and enclosures are in raised locations or in non-public areas so that large crowds are less likely to gain access to them. Design crowd control flows that take people away from sensitive and restricted zones, through the use of barriers, gates and walls.
History provides many instances of systems compromised because someone left a door open
Make sure to give access to edge computing equipment only to authorized people. These people should be keenly aware of the risks of unsecured access, and not letting anyone gain access to secured areas unless they have clearance. History has provided many instances of compromised systems merely because someone left a door open or let an unknown person gain access to critical systems.
That being said, even authorized people can end up being malicious actors. This could be in the form of disgruntled current or ex-employees, or even malicious actors looking for access to critical systems. For these situations, it may not be possible to catch all such saboteurs. However, make sure to have a plan in place to deal with the fallout. Plan how to do damage control and make sure as much data as possible remains secured and backed up. Enterprise users should have contingency actions in place, and they should remain ready to use them at all times.
These contingency plans should include regular data backups, redundant hardware and software, and other primarily technological aspects. They should also include communications that effectively convey the gravity of the problem promptly to all affected parties so that they too can take corrective actions. Inform consumers, other vendors, companies, and even competitors. Chances are, if an intrusion has occurred in one place, it will arise in another.
Data security still matters
While physical security has gained a new focus in edge computing, data security still matters as well. This is particularly the case in edge computing IoT setups where data is stored and used both locally and in the cloud.
These factors often mean that engineers should reserve the cloud portions of edge computing for highly abstracted, longer-term data rather than short term, live-action data. Store short-term, sensitive data and use it almost immediately on local equipment. This is a more secure approaches, but also makes more sense with the way edge computing works, as the reduced latency of local equipment delivers the best insight to make quick decisions.
Industrial systems engineers can learn from the IT world. Stories of IoT data breaches and loss of company data have been common in recent history. Pay attention to the latest data security threats, and apply software and firmware updates as soon as they are released.
While it may seem obvious, it is important to change the default passwords of networking equipment to secure, unique passwords. Furthermore, update these passwords frequently to avoid dangerous intrusions. For example, a train signaling system that has been compromised by poor password management is not a situation any transit agency wants to face.
Additionally, it is important to implement a set of best practices with new equipment, such as reading all manuals, changing the default passwords, and logging them on a master list of equipment. Make password updates a part of existing regular maintenance practices, along with regular cleanings and cable checks that already take place in most applications.
End the IT/OT culture clash
Historically, Industrial and IT equipment have been separate worlds. While this may have been a functional system in the past, this situation should no longer remain. Data and physical security concerns in edge computing require cross-functional collaboration to ensure security success. Ideally, both of these groups can collaborate to create risk analysis plans and formulate responses to data and security breaches if they occur. Both groups have their own set of detailed insights into how to secure edge computing infrastructure, and they should harness them in combination to the best effect. On an ongoing basis, the two groups can share data and have organized, structured communication channels between them.
Beyond making edge computing systems more secure, better cooperation between these camps improves efficiency. Better, more secure data helps both function more efficiently and communicate more effectively. This not only makes all operations smoother, but it also improves the bottom line as equipment can run better and turn more profit.
Listen to Infrastructure vendors
As infrastructure needs evolve, so too will the needs of edge equipment. For example, enclosures now have to protect a large variety of edge equipment from environmental damage, human intervention, and routine operating conditions. Proper design involves choosing rugged materials like stainless steel that can stand up to the environment and a variety of intrusion tactics. In fact, many infrastructure vendors offer solutions that not only secure micro-data centers but also include cable management systems, cooling and equipment racks to create a secure, plug-in-play solution.
Beyond providing infrastructure solutions, vendors can also provide insight from installations in a variety of environments, with challenges ranging from contaminants, physical security and even thermal management. In addition, they likely have a long history with seeing unanticipated security problems and how successful companies have anticipated and reacted to these issues.
Indeed, during the dot-com bubble of the 1990s, a different—but Internet-related—rise of technologies and applications occurred, and infrastructure vendors saw firsthand some of the headaches and complications that this growth in technology ushered in. Leaning on integrators and equipment manufacturers can help edge computing users understand what they may have to consider in their own systems. Historical parallels can offer lessons to modern industry, and they mean that engineers do not necessarily have to start from scratch.
As edge computing grows and manufacturers utilize its value in more places and increasingly public ways, security becomes a greater concern. Edge security means both physical and data security, especially beyond the plant and controlled environments. It is vital to the long term success of the edge data center to prevent access to equipment, with both secure enclosures and locks, and by locating the center out of traffic areas. Securing edge also means greater collaboration among the internal stakeholders to enact best security practices , and utilizing vendor insights to design the right equipment solutions to deliver the full value of edge computing.
Hans Baumann is product manager IT, Rittal Corporation