In this blog, I’d like to cast some light on the role that information security plays in IoT, its architecture in the world of edge computing, and its importance.
Information security has always followed a layered approach. This in-depth defense helps you protect resources even if one of the layers is compromised. With edge devices possessing the power to offload the compute and analytics workload from data center servers, they can also act as the mechanism to authenticate the endpoint terminals.
Taking this understanding forward, let’s see which different layers of security are meant for edge workloads.
1. Hardware layer. The high number of breaches and the sophistication involved are driving OEMs to incorporate security at the design phase of the device. At the hardware level, this establishes TPMs (trusted platform modules), which integrates cryptographic keys in the chips that can be used by the software layer for device authentication. However, the keys involved may still be vulnerable if they are shared on a bus. This issue can be addressed if encryption/decryption occurs at the TPM level and not via sharing keys.
2. Communication layer. This refers to the medium of data transmission that should be secure so that "man-in-the-middle" and similar attacks can be avoided. This communication can be divided into:
Here, edge gateways provide security via encryption and X.509 certificates. They also act as a protocol translator converting disparate data from multiple devices into a single protocol such as Messaging Queuing Telemetry Transport (MQTT). This is a very lightweight protocol designed for high-latency, low-bandwidth networks.
3. Cloud security. To maintain data integrity, sensitive data should be moved from edges to cloud with encryption in place. Here, the edge orchestrator -- a software layer for management and configuration of edge devices -- enters the picture and simplifies the movement of encrypted data from edge to master and vice versa. Also, digital certificates play a critical role in authentication of other cloud or third-party applications trying to communicate with your cloud service.
4. Continuous lifecycle management. What if you are not patching or upgrading the firmware of your edge devices or endpoint sensors with the latest updates? With new sophisticated attacks happening every day, it is very important to remotely update all the edge devices and endpoints at regular intervals.
With the controls outlined above, we have mitigated the number of threat vectors, including:
With the rampant growth of endpoints, from temperature sensors in cars to mobile devices and smart grids, a new set of edge clouds are emerging. These clouds serve customers located within a specific region, thereby providing low latency and consuming less bandwidth. Nonetheless, it is of utmost importance to choose the right infrastructure to run these edge workloads. Containers have an advantage, but where should they be hosted? VM or bare metal? The answer lies in the edge workload that you are planning to run.
Securing these new edge clouds is vital and should not be forgotten. You will need to enforce data encryption, both in transit and at rest, and protect communication with master clouds. Only by establishing security by design and embedding security mechanisms in all the components/layers involved will your edge workload be on the right track.
Jeremy Hess is the community and growth manager at Cloudify. He is also co-chair of the Technical Marketing & Education ad-hoc for the OASIS TOSCA Technical Committee. When he isn't spending time with his wife and 2 daughters or brewing beer, Jeremy is an organizer of several meet-ups as well as events such as OpenStack Day Israel and DevOpsDays Tel Aviv.
Senior stakeholders who want to hold on to their CISOs must ensure that they have sufficient incentives and, more importantly, support to cope with the burden of risk that they are carrying.
The most alarming takeaway from Cisco’s new Cybersecurity Readiness Index report is that even after decades of having the importance of cybersecurity driven home, cyber threats are still taken too lightly.
In today’s data-driven world, higher educational institution networks and their management must be modernized to address the needs of everyone across campus. Enterprises face similar challenges and also need to modernize their networks.
