Push your hardware closer to the action. Y'know, live life on the edge – the network edge
What you need to know about workloads, security, and the vanishing perimeter
Sponsored Edge computing has been getting a lot of attention recently, as organizations of all sizes look to roll out digital transformation projects that can make better use of data and analytics, and automate more procedures. This looks set to be a growth area in IT for the near future, but there are natural concerns that connecting more and more things will open the door to more security risks.
According to a study conducted by Grand View Research, the global edge computing market is projected to reach a value of $3.24bn by 2025, driven by the storage and real-time computing capabilities required to handle the volumes of data being generated and processed.
IoT, however, puts OEMs on the security front line. Devices such as industrial control systems, cars, medical scanners and everything in between – and beyond – that were once overlooked or inaccessible to the malware writer, hacker or wannabe data kidnapper become potential targets once they get an IP heartbeat and a network connection.
With IoT serving in many aspects of daily life, that means customers and users are now at risk. We have already seen the Mirai botnet that used hordes of compromised devices to launch a distributed denial-of-service attack back in 2016.
But attackers may also exploit vulnerabilities in devices to steal data or to sabotage the system. As Accenture points out in its report Security call to action: Preparing for the Internet of Things, many industrial control systems in use today employ intricate and precise mechanisms that automate complex industrial processes, and controlling this via software gives cyber-attackers a rich vein of targets to exploit.
That means, attacks on vulnerabilities in OEMs’ IoT equipment could potentially lead to a loss of vital data or even a catastrophic failure – not cyber space but in the real world.
In security terms, at least, these once proprietary and non-networked devices are now on a par with traditional PCs and servers operating in the rest of the enterprise according to the research manager for IDC’s European security practice and IoT practice Romain Fouchereau.
“It’s not that different from IT, just on a much larger scale, because of the disappearance of the perimeter and the expanded and/or inconsistent attack surface created by the IoT deployment” Fouchereau said.
But it’s not just the immediate threat. Edge computing deployments may also be expected to be operational over a much longer lifecycle than the average server or PC – perhaps ten years or more. This means, devices that were secure on installation can slip out of compliance if they are not continually updated or if the vendor kills that particular product line.
That means that OEMs must think about whether the components and software in their devices will be supported over a very long timeframe – whether they’ll continue to receive bug fixes and security updates.
“One big point of difference [between PCs and servers and IoT] is the lack of manufacturer support on the devices themselves once they have been shipped, and that includes firmware updates to patch bugs and vulnerabilities,” Fouchereau said.
Inevitably, this puts pressure on device makers and integrators, meaning they must take extra care to mitigate these risks from the outset.
Resist the urge to customize
It’s very tempting in this IoT world of cheap components, packaged software and free-to-download operating systems for OEMs to simply buy and integrate the pieces themselves since this allows them to build or tailor the hardware and software precisely to the requirements of a particular application.
In practice, OEMs and integrators should really use existing components that are known to be reliable and can be integrated at minimal risk as the building blocks of their systems. OEMs that adopt such pre-integrated and supported x86 systems stand a far better chance on security than those going it alone on the build and integration phase.
OEMs moving to x86 who pick standards-based hardware and software should be well served with support extending updates and patches on various operating systems, plus extensive driver support for pretty much any peripheral hardware the application might require.
There is also a wide variety of ready-made software for x86, ranging from data analytics to anti-malware tools, not to mention the fact that such systems are more likely to integrate well with existing management tools that the IT team have in operation on the organization’s core network.
One of the advantages of this is that customers should be able to extend their existing network security infrastructure and policies to cover the edge infrastructure, enabling them to use VPNs or secure tunnels to protect traffic, and employing pro-active threat detection technologies to identify potential issues as early as possible.
OEMs and integrators may not have all the expertise, though, and may also need to seek out industry partners who have the experience of integrating and operating all the required technologies and services.
For many edge computing scenarios, this will likely mean partnering with one of the big-name vendors in the industry such as Hewlett Packard Enterprise OEM Solutions.
But what should they partner on? What is this edge in the IoT world?
A simple definition of edge computing is one that puts the amount of compute power closer to where the action is – to gather, process and analyze data at, or near, its source.
Edge computing can be roughly divided into two main categories: First, gateways for functions such as control, data acquisition and transfer, and – in some cases – analytics. Next, integrated computing platforms that can carry out either IT-only functions or combined IT and operations technology (OT) functions. These imply fairly capable hardware that is reliable because the systems may have to withstand high-risk environments such as the factory floor. For these reasons, many edge-computing systems are based on standard x86 hardware, fitted into a ruggedized enclosure where necessary.
There are so many scenarios for such device, but let’s just pick three by way of illustration: you might see analytics processed on the factory floor rather than in the cloud; cellular base stations that require a substantial amount of local compute and storage to deliver network services and reduce latency; and there’s the blurring of the lines between computing, OT and industrial IoT applications that’s producing a bewildering array of new devices – from tiny smart sensors up to what is basically a self-contained micro data centre.
It is here that OEMs should think to use packaged or easily integrated components and systems.
Edge computing offers new opportunities for business, but the increasing presence of devices in daily life and business and the potential vulnerability of these IP-based and networked devices, puts added pressure on manufactures to mitigate the security risks from the outset.
In many cases, using existing proven technology will lead to a product that is more secure, integrates better with existing infrastructure, and that is easier to maintain than going it alone.
Sponsored by Hewlett Packard Enterprise OEM Solutions.
Sponsored: Becoming a Pragmatic Security Leader