How to Prevent Physical Security Nightmares in Edge Computing
With edge computing, guaranteeing physical device security can be a horror show. Here’s what works and doesn’t work when securing edge devices against physical security threats.
There are many reasons to be excited about edge computing, a paradigm that places workloads closer to end users in order to boost performance, reliability and more.
But edge computing also poses some very steep challenges. Among them – and arguably the most difficult – is physical security. In an edge environment, guaranteeing physical device security is not just hard, it’s a nightmare.
Here’s why, and what IT architects and security teams can do to guarantee the physical security of edge infrastructure.
Edge Computing and Physical Security
The reason why physical security is so vexing in the context of edge computing is simple enough: Edge networks typically involve a large number of devices that are distributed across a wide geographic area. Preventing unauthorized physical access to each one of those devices is much harder than it is to secure a conventional server or PC that lives in a data center or an office building.
To contextualize this challenge, imagine a network of edge devices that a brick-and-mortar retailer deploys in each of its stores to process transactions locally. Each of those devices may store and manage sensitive data such as customer information and sales records. As a result, anyone who gains physical access to the devices inside retail stores may be able to access this data.
Likewise, consider an edge infrastructure composed of smart home devices that consumers use to do things like control their homes’ temperature or lock and unlock doors. If those devices are linked together by an edge network that connects them to a vendor’s data center, an attacker who gains access to one of those devices could potentially use that access as a beachhead to compromise other devices – including those owned by consumers other than the one whose device was first compromised.
These are physical security risks that don’t exist in the context of conventional computing (or, for that matter, cloud computing). But they’re risks that must be solved if edge computing is truly going to go mainstream.
Securing Edge Devices: What Works and Doesn’t Work
What’s the best way to secure edge devices against physical security threats?
The obvious answer may seem to be to prevent unauthorized physical access by locking edge devices behind closed doors. That’s the strategy that businesses typically use to enforce physical security for conventional IT infrastructure.
The problem with using this approach for edge computing, however, is that it’s just not practical or highly effective in many cases. You can’t lock smart home devices inside closed boxes without disrupting their usability. You could try to protect edge infrastructure in a retail store by placing it in a secure room, but that only provides so much protection. It’s also expensive to implement if you have hundreds or thousands of stores.
And, of course, it’s hard to imagine companies deploying security guards to defend sprawling edge infrastructures in the way that they would for a data center.
What all of this means is that traditional approaches to physical security don’t work well in the context of edge. A better strategy is to rely on software-level controls to mitigate physical security risks via practices such as:
Network segmentation: Edge networks should be designed in ways that mitigate the risk of a physical security breach on one device impacting other devices. Network segmentation may not prevent physical security risks, but it will minimize their potential harm.
Zero trust: Along similar lines, edge devices should never trust each other by default. Just as important, trust relationships between devices should last only as long as necessary – meaning that once two devices no longer have a reason to share data or communicate with each other, they should stop doing so.
Data minimization: The core purpose of edge computing is to enable data to be processed and stored close to end users. For that reason, you typically can’t remove sensitive data from edge devices entirely. But you can avoid storing it for longer than is needed, or sharing it unnecessarily between devices. The more data you store and share on your edge network, the higher the risks posed by physical security threats.
Strong device authentication: While it’s impossible to guarantee that someone with physical access to a device won’t find a way to access the data and software running on it, device designers should make this difficult by implementing strong authentication controls on individual devices. Requiring biometric authentication may be helpful for edge networks where this is a feasible approach.
Teams certainly can and should also take steps to restrict physical access to devices in the first place. But relying on physical access controls alone is like placing all your faith in the Maginot Line: It creates a crisis when your primary line of defense fails and you have no backup plan.
Conclusion
Edge computing poses physical security challenges that have disappeared from most other niches of the IT industry in the past decade. While other infrastructure has been consolidated in locations that are easy to secure physically, edge architectures have pushed devices in the opposite direction.
The good news is that there are solutions. But they lie mostly at the device and network level, not the physical security level.
About the Author
You May Also Like