Edge computing: risks and challenges

by Paul Gysen - Cloud & IM Consulting Lead | minutes read

After discussing the potential benefits of edge computing in my previous blogpost, it seems only correct that we should also take a look at the potential risks involved in that new computing paradigm. Most are to be found on the reverse side of that benefits coin, with security probably the most prominent risk to take into account.

As computing power is shifting away from your central cloud or on-premises infrastructure to the edge of your IT architecture, the need to adequately secure that edge computing platform and its connection to your central infrastructure has indeed become critical. For that platform - be it a server, an endpoint device or an IoT appliance - faces various risks or threats nowadays, ranging from simple disruptions to serious data leakage or tampering, and even more serious identity spoofing.

 

Larger attack surface

The flexibility and versatility brought by edge computing allows a vast range of different endpoint device types to provide local application services. What’s more, each of these device types is often custom designed, running specifically designed applications in their various versions and configured in their own way.

Essentially a benefit, this flexibility and versatility can just as easily turn into a risk factor, however. While allowing for a vast array of combinations, each of these combinations also exposes its own attack surface. And that surface, as a rule, is much larger than it would have been within a more controlled data centre or cloud environment.

 

Adapt your security

Also, since this technology is relatively new, you will have to adapt your security controls, processes and checkpoints. Multiple hacking examples of edge devices have already shown that this is a real and serious vulnerability. Especially when your devices reside in remote and sometimes unsupervised locations, with limited monitoring and control. 

And then there is this side-effect risk that edge computing is sure to bring to poorly prepared organisations that increasingly use DevOps technology. That risk is particularly strong in organisations that have a strong shadow IT rooted in more autonomous lines of business, aggressively pursuing their own product release and time-to-market objectives.

 

Increased complexity

Ironically enough, securing connectivity in its turn increases networking complexity across your whole IT infrastructure chain: from your endpoint devices, through your actual edge computing platform, all the way up to your central processing in the cloud. This complexity is further increased by the presence of different network and telecom carriers, connecting edge platforms to data centres, as well as different hybrid cloud (and soon multi-cloud) providers - all with their different levels of readiness to cope with cyberattacks.

Your endpoint devices - extremely numerous by their very nature, especially IoT devices - are so many distant points of indirect access to your central infrastructure. Consequently, they need to carry the necessary protection by design. This is needed to secure your data integrity, the authentication of both ends of your connectivity and the encryption of your data in transit, especially if that data is sensitive or confidential.

Even though a certain amount of operating autonomy is built into your edge computing platform, that platform’s ability to communicate with your central information system nevertheless remains essential. This requires your edge computing platform first to securely store your data locally, and then to possibly use alternative communication routes and channels. Those two elements also add to the overall complexity.

Finally, due to the high volume of devices and their potential diversity in types, you also require a well-thought, highly automated management system for those devices. It should allow you to deploy and maintain the applications running on them, update and manage your devices’ configurations, monitor their operations, detect and react upon security issues, and, quite obviously, protect and securely transfer their data.

 

Edge computing architecture

To conclude, delivering all the benefits of edge computing will require a significantly more complex, adaptive, multi-tiered hardware, software and network architecture, specifically designed for edge computing.  This is necessary to meet the highly demanding underlying requirements with regard to data and access security, application maintenance, operational availability and flexibility.

As I am writing this, the IT and field industries are still learning a lot, developing new solutions along those lines, embracing risks and overcoming challenges. Their outcomes will hopefully shape the future, sustainable designs of edge computing ecosystems.

Search