Security risks threaten the benefits of the edge

Edge computing is touted for its ultra-low latency and high efficiency.

But it also presents a new attack surface that bad actors can use to compromise data confidentiality, app integrity, and service availability.

“What else is distributed? The attacks,” said Richard Yew, senior director of product management for security at Edgy.

Ultimately, highly distributed compute power provides the opportunity to launch more powerful attacks — at the edge, in the cloud, on data at rest and in transit between cloud and edge applications.

“Whether data is stored on-premises, in the cloud or at the edge, proper precautions for authentication and authorization must always be ensured, otherwise (organizations) run the risk of a data breach,” Yew said.

Side shift — safe

Computing is increasingly moving to the edge: According to IDC, global enterprises and service providers spending on the side hardware, software and services is expected to approach $274 billion by 2025. By another estimatethe edge computing market will be worth $44.7 billion in 2022, and will reach $101.3 billion in the next five years.

And, while in some cases the edge is a “nice-to-have,” it’s about to become a “must-have,” according to experts.

“To remain competitive, companies will be forced to use edge computing,” said Kris Lovejoy, head of the global security and resilience practice at Kyndryl.

This is because it enables a whole new set of use cases to help optimize and advance day-to-day business operations.

“However, in a more shared landscape of advanced IT systems comes an increased risk of unwanted exposure to cyber risks,” Lovejoy said.

And, depending on the particular edge compute use case, organizations may face new challenges in securing connectivity back to central systems hosted in the cloud, he said.

According to Edgio’s Yew, the main categories of edge computing attacks include distributed denial-of-service (DDoS) attacks, cache poisoning, side-channel attacks, injection attacks, authentication and authorization attacks and man-in -the-middle (MITM) attacks .

These are “no different from the types of threats to web applications that are hosted on premises or in a hybrid cloud environment,” he said.

Common misconfiguration

As it relates to cloud storage and cloud transfer, common attack vectors include the use of stolen credentials, as well as exploiting weak or nonexistent authentication mechanisms, Lovejoy said.

For example, Kyndryl found many instances where cloud-based storage buckets were accessed due to a lack of authentication controls.

“Clients were misconfiguring cloud storage repositories to be publicly accessible,” he said, “and only learned about the mistake after the data was obtained by threat actors.”

Also, cloud-based ecommerce platforms are often managed with only single-factor authentication on the side, meaning that compromised credentials — often resulting from unrelated compromises — allow threats to actor to access data without providing a second factor of identification.

“Single-factor authentication credentials present the same risk profile in the cloud as on-premises,” he said.

Proper access control, authentication

In general, organizations should think of edge computing platforms like the public cloud portion of their IT operations, says Edgio’s Yew. “Edge computing environments are still subject to many of the same threat vectors that must be managed in cloud computing.”

Organizations should use the latest TLS protocol and cipher, he said. Care must also be taken to ensure that users are not overprovisioned, and that access control is carefully monitored.

Furthermore, edge environments must remain properly configured and secure using the latest authentication and encryption technologies to lower the risk of a data breach.

“The edge extends the perimeter beyond the cloud and closer to the end users, but the framework still applies,” Yew said.

Zero trust critical

As with any comprehensive security infrastructure, Lovejoy points out, organizations need to maintain a strong inventory of edge compute assets and have the ability to understand traffic flows between edge compute systems and central systems that interacting with it.

Here in, no trust is critical.

“Zero trust is generally not about implementing more or new security systems, but more to connect your existing security tools in a way that they work together,” Lovejoy said. “This will require organizations to change operating models from a siled to more of a collaborative operation.”

Yew agrees: Don’t assume users are trusted, he advises. Apply high levels of network security to segment users and devices. Use firewalls between devices and networks so that would-be attackers or malicious insiders cannot access privileged data or settings or move laterally within an environment.

Because edge computing systems are decentralized and distributed, it’s important to have tools with strong centralized controls to reduce blind spots and ensure consistent policies are applied to all edge devices, he said. Strong analytic and streaming capabilities are also essential to identify and respond quickly to security events.

Safe coding practices should also be applied when developing edge applications, he said. Organizations should conduct code reviews, automated testing and vulnerability scanning. API endpoints should be protected by authentication and a positive security model, as well as against DDoS and malicious bots, he advises.

But it’s not all bad news

However, while edge computing may introduce some new security challenges, there are also some benefits from a security perspective, Yew said.

For example, a large DDoS attack that could take down an application hosted in an on-premise or regional cloud datacenter might be more easily routed and scrubbed by an edge provider at scale.

“The ephemeral nature of serverless and function-as-a-service makes it nearly impossible for attackers to guess the right machine to attack, or the temporary data store to target,” he said. “Furthermore, security can be enhanced when edge devices are part of a large global network with massive network and compute scale.”