nirutft - stock.adobe.com
How APAC organisations can mitigate edge security threats
The move to the edge expands an organisation’s attack surface. Here are some measures that organisations can take to minimise their edge security risks
From smart hydroponics farms that crunch data onsite to monitor the health of crops, to using autonomous vehicles for road sweeping, interest in edge computing has surged in recent years, thanks to the growing momentum of 5G across the Asia-Pacific (APAC) region.
By bringing computational and other resources closer to where data is created, organisations running edge applications can expect faster insights that help to support real-time decision-making.
According to IDC, enterprises are expected to spend $176bn on edge computing this year, an increase of 14.8% over 2021. By 2025, this figure is set to reach nearly $274bn.
“Edge computing continues to gain momentum as digital-first organisations seek to innovate outside of the datacentre,” says Dave McCarthy, research vice-president for cloud and edge infrastructure services at IDC.
But the move to the edge also puts devices, applications and data beyond the reach of the on-premise security stack, creating new attack vectors for cyber criminals, says Vijay Kolli, enterprise leader at Akamai Asia-Pacific and Japan.
“Additionally, the increased volume of data and processing at the edge means cyber criminals are likely to target edge applications and devices more frequently,” he adds.
Edge computing deployments could range from having an integrated technology stack to one that is assembled from a software stack and pre-certified hardware. This introduces ambiguity in ownership and accountability, creating security risks, says Lee Ming Kai, head of systems engineering at Juniper Networks Asia-Pacific.
Finally, deploying code to edge nodes means there’s a larger attack surface to deal with, says Reinhart Hansen, director of technology at Imperva’s CTO office: “It also means we have operational and business logic located at each node, providing cyber criminals with opportunities to exploit code and gain unauthorised access to data.”
Some threat actors are already capitalising on the security risks posed by edge computing by exploiting vulnerabilities in internet of things (IoT) and edge devices, which are often less secure, as well as launching phishing and distributed denial-of-service (DDoS) attacks.
DDoS attacks, in particular, have increased fourfold since 2020 and are threatening to overcome low or legacy defences, says Hansen, adding: “We expect the volume and intensity to increase with the maturity of 5G networks and the continued adoption of IoT.”
Fending off edge security threats
With traditional defence mechanisms often unable to keep pace with the volume and complexity of cyber attacks, Hansen highlighted the importance of keeping attacks as far away as possible from the corporate network and datacentre.
In practice, that means mitigating attacks close to the point of entry – at the edge. Not only is this more efficient, but it can also have a positive impact on the user experience. “Enterprises must implement security all the way to the edge, encompassing all devices – especially mobile and IoT devices that connect to corporate assets,” says Hansen.
Security capabilities at the edge must also include automation to deal with threats in real time and prevent serious damage. For instance, they must be able to route suspicious traffic to a scrubbing centre within milliseconds of detection to mitigate any threats.
According to Juniper Networks’ Lee, other best practices that organisations in Asia-Pacific can adopt to address edge security threats include:
- Manage edge security across all locations from a unified management console: This allows a consistent and clear view of the actual security posture of the enterprise. Ideally, this should include integration to all layers within the stack to ensure complete visibility.
- Record all system activities with a log server and leverage the data collected to establish a baseline for security measures: This allows cyber attacks to be identified and helps in both incident response and forensics. In instances where parts of the stack are managed by third parties, integrating and consolidating all logs would ensure no gaps.
- Identify, categorise and tag the edge devices: Design and implement security policies based on the type and access needed for each device. This drives greater consistency across the entire extended infrastructure regardless of the make and model of devices in different locations.
- Keep up to date with latest security news and establish a patching policy for the firmware on edge devices: Keeping all devices patched and up to date ensures all known vulnerabilities are eliminated or contained.
- Implement mobile device management for user devices to ensure security policies are adhered to consistently: This ensures that user devices, which are often one of the weakest links, are secure and not prone to be exploited.
- Employ multifactor authentication and zero-trust security measures: This can include role-based access control for remote access to all edge devices and services.
Elaborating on the role of zero trust, Akamai’s Kolli says that as it is difficult to correlate a multitude of security and networking tools into a single risk rating, integrating network and security services through a zero-trust approach will help to reduce complexity for IT and security teams while increasing visibility and ease of management.
It’s also worth noting that edge computing doesn’t always bring more risk. As most edge applications are variants of machine-to-machine or IoT applications, Hansen says an organisation could terminate the connection to edge devices and apply traditional encryption and access controls on the connection between the edge and the cloud or datacentre. This will reduce the attack surface of edge applications.
Furthermore, edge infrastructure management tools can serve as the “eyes and ears” in places where staffing is insufficient. According to Lee, some inherent benefits of a distributed edge computing model include:
- Higher availability and resiliency of services: The “blast radius” of outages due to cyber attacks can be localised and restricted. For example, DDoS attacks on specific edge locations may not affect other locations at the same time.
- Improved data protection: Data must be replicated and backed up across different edge computing points of presence.
- Improved security response: Attacks and security information can be shared with other edge devices or locations. For example, an attacker’s IP address or malware signature can be shared to allow the enterprise to establish a more effective defence mechanism in other locations.
How Asia-Pacific is faring
In recent months, Juniper has seen more organisations in the region adopt edge security measures, especially those that have been increasing their pace of digitisation.
Notwithstanding, they continue to face challenges such as the lack of integration between different security products, departmental silos where different teams still want to retain control of their security devices and policies, and the lack of talent to manage edge security using myriad tools.
Fernando Serto, principal architect and tech evangelist at Cloudflare in Asia-Pacific, Japan and China, says while the company saw a huge increase in adoption of edge security services last year, it will take time for organisations to understand their entire attack surface and how to best mitigate risk.
“Another common issue is previous investments in older technologies which may not be fit for purpose today, based on how much the threat landscape has evolved in the past two years,” he adds.
“The pandemic has certainly not only accelerated the adoption of such technologies, but also showed organisations how unprepared they were for catering for a distributed workforce and the new threats and risks with it.”
Read more about cyber security in APAC
- IBM opens cyber security hub in India to help enterprises in APAC guard against cyber attacks, which have intensified across the region.
- Two-thirds of APAC organisations have a zero-trust strategy even as they grapple with the lack of skills and other organisational challenges.
- Organisations will need to develop behavioural detection, machine learning and threat hunting capabilities to keep pace with the onslaught of cyber attacks.
- GitHub’s first chief security officer offers a glimpse into the company’s efforts to help developers and organisations embrace secure software development practices.