Cyberattacks can exacerbate existing security issues and expose new gaps at the edge, presenting a series of challenges for IT and security staff. Infrastructure must withstand the vulnerabilities that come with the massive proliferation of devices generating, capturing and consuming data outside the traditional data center. The need for a holistic cyber resiliency strategy has never been greater — not only for protecting data at the edge, but for consolidating protection from all endpoints of a business to centralized datacenters and public clouds.
But before we get into the benefits of a holistic framework for cyber resiliency, it may help to get a better understanding of why the edge is often susceptible to cyberattacks, and how adhering to some tried-and-true security best practices can help tighten up edge defenses.
The impact of human error
Human error can be the difference between an unsuccessful attack and one that causes application downtime, data loss or financial loss. More than half of new enterprise IT infrastructure will be at the edge by 2023, according to IDC.
With so much data coming and going from the endpoints of an organization, the role humans play in ensuring its safety is magnified.
Perhaps the biggest challenge is that edge environments are typically not staffed with IT administrators, so there is lack of oversight to both the systems deployed at the edge as well as the people who use them.
While capitalizing on data created at the edge is critical for growth in today’s digital economy, how can we overcome the challenge of securing an expanding attack surface with cyber threats becoming more sophisticated and invasive than ever?
A multi-layered approach
It may feel like there are no simple answers, but organizations may start by addressing three fundamental key elements for security and data protection: Confidentiality, Integrity and Availability (CIA).
In addition to adopting CIA principles, organizations should consider applying a multi-layered approach for protecting and securing infrastructure and data at the edge. This typically falls into three categories: the physical layer, the operational layer and the application layer.
Physical layer
At the edge, servers and other IT infrastructure are likely to be housed beside an assembly line, in the stockroom of a retail store, or even in the base of a streetlight. This makes data on the edge much more vulnerable, calling for hardened solutions to help ensure the physical security of edge application infrastructure.
Best practices to consider for physical security at the edge include:
• Controlling infrastructure and devices throughout their end-to-end lifecycle, from the supply chain and factory to operation to disposition.
• Preventing systems from being altered or accessed without permission.
• Protecting vulnerable access points, such as open ports, from bad actors.
• Preventing data loss if a device or system is stolen or tampered with.
Operational layer
Edge environments tend to lag in specific security software and necessary updates, including data protection. The vast number of devices being deployed and lack of visibility into the devices makes it difficult to secure endpoints vs. a centralized data center.
Best practices to consider for securing IT infrastructure at the edge include:
• Ensuring a secure boot spin up for infrastructure with an uncompromised image.
• Controlling access to the system, such as locking down ports to avoid physical access.
• Installing applications into a known secure environment.
Application layer
Once you get to the application layer, data protection looks a lot like traditional data center security. However, the high amount of data transfer combined with the large number of endpoints inherent in edge computing opens points of attack as data travels between the edge, the core data center and to the cloud and back.
Best practices to consider for application security at the edge include:
• Securing external connection points.
• Identifying and locking down exposures related to backup and replication.
• Assuring that application traffic is coming from known resources.
Recovering from the inevitable
While CIA and taking a layered approach to edge protection can greatly mitigate risk, successful cyberattacks are inevitable. Organizations need assurance that they can quickly recover data and systems after a cyberattack.
Recovery is a critical step in resuming normal business operations.
By vaulting data on the edge to a regional data center or to the cloud through an automated, air-gapped solution, organizations can ensure its immutability for data trust. Once in the vault, it can be analyzed for proactive detection of any cyber risk for protected data. Avoiding data loss and minimizing costly downtime with analytics and remediation tools in the vault can help ensure data integrity and accelerate recovery.
Backup-as-a-service
Organizations can address edge data protection and cybersecurity challenges head-on by deploying and managing holistic modern data protection solutions on-premises, at the edge and in the cloud or by leveraging Backup as-a-Service (BaaS) solutions. Through BaaS, businesses large and small can leverage the flexibility and economies of scale of cloud-based backup and long-term retention to protect critical data at the edge — which can be especially important in remote work scenarios.
As part of a larger zero trust or other security strategy, organizations should consider a holistic approach that includes cyber security standards, guidelines, people, business processes and technology solutions and services to achieve cyber resilience.
The threat of cyberattacks and the importance of maintaining the confidentiality, integrity and availability of data require an innovative resiliency strategy to protect vital data and systems — whether at the edge, core or across multi-cloud.