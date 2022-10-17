Data is being produced at the network ‘edge’ faster than ever before. That makes the concentration of intelligence and data processing on far-flung Internet of Things (IoT), Industrial IoT (IIoT) and operational technology (OT) devices a key enabler for new technology-driven business models.

That true whether it’s point-of-sale devices, smart meters on solar farms, or street cameras in smart cities, as examples.

Edge computing makes these models possible by allowing for the collection and processing of large volumes of operational and environmental data without being limited by restrictions on bandwidth or latency that would otherwise hinder the transmission of data to core or cloud-based systems for processing.

By adding computing and storage capacity at the network edge, edge computing models reduce the dependence on wide-area communications, allowing the devices to be more detailed in their data collection and more responsive to changes in the environments they are monitoring.

Real-time analytics of ‘smart grid’ installations, for example, would be impossible without building an edge computing framework that operates at the physical network level. This allows data to be collected from sensors physically located in the place of interest, then processed immediately. Only aggregated data need then be set back to the core, via terrestrial network or 4G/5G mobile service, as required.

Many edge-computing applications are being linked with artificial intelligence (AI) and machine learning (ML) algorithms that continuously sift through large volumes of operational data, searching for anomalies.

Trying to move so much data to the network core for processing would quickly become unwieldy, but in an edge-computing environment the AI/ML system can be deployed to filter most of the noise coming from the edge devices before sending only the highlights back for managerial action.

This approach is already proving its value in commercial and industrial environments where, for example, sensors monitoring the operation of in-the-field equipment continuously collect data and can be programmed to raise alerts when particular operating parameters.

It’s worth noting that edge devices may be small, sensor-attached computers or they may be moderately expansive infrastructure, such as Schneider Electric’s prefabricated EcoStruxure modular data centres – which integrate extensive computing capabilities for easy onsite deployment in nearly any situation.

Either way, data is collected, stored and analysed where it’s generated – but secured in line with corporate standards and policies that span the entire business.

The risks of the edge – and how to avoid them

For all its benefits, however, adding large numbers of edge devices to conventional centralised network architectures can pose major security issues because edge data is often generated and used outside of the access controls of the conventional network.

Building an effective edge computing cybersecurity strategy requires four key elements – ranging from selection criteria for devices to secure network design, device configuration, and operation and maintenance strategies to ensure the risk of breaches is minimised.

Containing this risk has spawned an entire body of work that Gartner has christened Secure Access Secure Edge (SASE) – an increasingly popular paradigm that combines network security functions such as Cloud Access Security Brokers (CASB) and Zero Trust Network Access (ZTNA) with a software-defined WAN (SD-WAN) that can dynamically monitor and respond to changes in the edge environment.

That means, among other things, that security policies can be monitored and enforced locally rather than relying on a connected network core or cloud service – enabling faster detection and response to security anomalies.

It also means that the connections between the customer environment and supporting cloud services can be monitored, scaled during demand surges, and seamlessly rerouted in the event of a service disruption.

Because SASE is based in software that interacts dynamically with the network and supporting environment, it can be closely integrated with companies’ security development lifecycle (SDL), allowing applications to interact directly with edge devices and integrating them into broader security architectures.

Adopting SDL forces developers to consider the security implications of edge and other technologies across every step of the software development process – and with seven phases across the SDL timeline, there are ample opportunities to design risk out of the equation.

The full SDL includes training, requirements planning, design, implementation, verification, release, and response stages that ensure development is guided by agreed security parameters – and that code is verified and checked for vulnerabilities before it goes live.

Yet SDL is only the beginning of the accommodations necessary to make SASE a reality. The increasingly popular IEC 62443 standard – which lays down common concepts, security lifecycle and use cases, industrial automation security programs, conformance metrics, and other elements – also integrates SDL and is being reviewed for currency in the age of virtualisation, cloud, and edge computing.

Also forming part of the secure edge approach is Defence-in-Depth Network (DDN) design, which provides a layered approach to securing systems and networks that relies upon a ‘zone’ concept that segments the network and groups network elements into functional groups.

In this approach, zoned systems work together to provide core services but travelling between zones requires authentication – either explicitly, or automatically using ZTNA techniques.

Successfully deploying and securing the industrial edge takes work and time.

But as enterprises shift to a new security approach that seamlessly extends to the computing edge, the resultant framework provides holistic, effective security that ensures data and devices remain protected no matter how far they are from the network core.