Security risks threaten the benefits of the edge

Edge compute is touted for its ultra-low latency and high efficiency. 

But it also presents a new attack surface can that bad actors can use to compromise data confidentiality, app integrity and service availability. 

“What else is also getting distributed? The attacks,” said Richard Yew, senior director of product management for security at Edgio.

Ultimately, highly distributed compute power provides opportunity to launch even more powerful attacks — at the edge, in the cloud, on data at rest and in transit between cloud and edge applications.

“Whether data is stored on-premises, in the cloud or at the edge, proper safeguards for authentication and authorization must always be ensured, else (organizations) run the risk of a data breach,” said Yew. 

Moving to the edge — safely

Computing is increasingly moving to the edge: According to IDC, worldwide enterprise and service provider spending on edge hardware, software and services is expected to approach $274 billion by 2025. By another estimate, the edge computing market was valued at $44.7 billion in 2022, and will reach $101.3 billion over the next five years. 

And, while in some cases edge is a “nice-to-have,” it will soon be a “must-have,” according to experts. 

“To stay competitive, companies will be forced to adopt edge computing,” said Kris Lovejoy, global practice leader for security and resiliency at Kyndryl. 

This is because it enables a whole new set of use cases to help optimize and advance everyday business operations.

“However, with a more distributed landscape of advanced IT systems comes a higher risk of unwanted exposure to cyber risks,” Lovejoy said.

And, depending on the specific edge compute use case, organizations may face new challenges securing connectivity back to central systems hosted in the cloud, she said.

According to Edgio’s Yew, major attack categories in edge computing include distributed denial-of-service (DDoS) attacks, cache poisoning, side-channel attacks, injection attacks, authentication and authorization attacks and man-in-the-middle (MITM) attacks. 

These are “not dissimilar to the types of threats to web applications hosted on-premises or in a hybrid cloud environment,” he said. 

Misconfigurations common

As it relates to cloud storage and cloud transfer, common attack vectors include use of stolen credentials, as well as taking advantage of poor or non-existent authentication mechanisms, said Lovejoy. 

For instance, Kyndryl has seen numerous instances where cloud-based storage buckets were accessed due to absence of authentication controls.

“Clients mistakenly misconfigure cloud storage repositories to be publicly accessible,” she said, “and only learn about the mistake after data has already been obtained by threat actors.”

Likewise, cloud-based ecommerce platforms are often administered with only single-factor authentication at the edge, meaning that compromised credentials — often stemming from an unrelated compromise — allow threat actors access to data without providing a second identification factor.

“Single-factor authentication credentials present the same risk profile in the cloud as on-premises,” she said. 

Proper access control, authentication

Generally, organizations should think of edge computing platforms as similar to the public cloud portion of their IT operations, said Edgio’s Yew. “Edge computing environments are still subject to many of the same threat vectors that must be managed in cloud computing.” 

Organizations should use the latest TLS protocol and ciphers, he said. Care must also be taken to ensure that users are not overprovisioned, and that access control is carefully monitored.

Furthermore, edge environments must remain configured properly and secured using the latest authentication and encryption technologies to lower the risk of a data breach. 

“The edge expands the perimeter beyond the cloud and closer to end users, but the framework still applies,” said Yew. 

Zero trust critical

As with any comprehensive security infrastructure, Lovejoy pointed out, organizations will have to maintain a strong inventory of edge compute assets and have the ability to understand traffic flows between the edge compute system and the central systems it interacts with.

In this, zero trust is critical.

“Zero trust is typically not about implementing more or new security systems, but more to interconnect your existing security tools in a way that they work together,” said Lovejoy. “This will require organizations to change operating models from a siloed to more of a collaborative operation.”

Yew agreed: Do not assume users are trusted, he advised. Apply high levels of network security to segment users and devices. Use firewalls between devices and networks so that would-be attackers or malicious insiders cannot access privileged data or settings or move laterally within an environment.

Because edge computing systems are decentralized and distributed, it’s important to have tools with strong centralized control to reduce blind spots and ensure consistent policies are applied across all edge devices, he said. Strong analytic and streaming capabilities are also essential to detect and respond quickly to security events. 

Secure coding practices should also be applied when developing edge applications, he said. Organizations should perform code reviews, automated testing and vulnerability scans. API endpoints must be protected via authentication and a positive security model, as well as against DDoS and malicious bots, he advised.

But not all bad news

Still, while edge computing may introduce some new security challenges, there are also several benefits from a security perspective, said Yew.

For example, a large DDoS attack that might otherwise take down an application hosted in an on-premises or regional cloud datacenter can more easily be routed away and scrubbed by an edge provider with scale.

“The ephemeral nature of serverless and function-as-a-service makes it nearly impossible for attackers to guess the right machine to attack, or the temporary data store to target,” he said. “Additionally, security can be enhanced when edge devices are part of a large global network with massive network and compute scale.”