With a continuous rise in edge devices used within organisations comes an increase in vulnerabilities at the edge of networks which hackers can exploit. As such, it’s vital that companies ensure that edge device security is maintained.
A recent report from AT&T Cybersecurity, which surveyed over 700 cyber security professionals, found that respondents’ biggest concerns regarding the use of 5G include a greater number of devices accessing the network, and the extension of security policies to new types of devices, such as the Internet of Things (IoT).
5G networking infrastructure spend to double in 2020 — Gartner
With this in mind, what must companies consider when looking to ensure edge device security?
Fundamental building blocks
Marc Canel, vice-president of strategy and security at Imagination Technologies, provides some fundamental building blocks to start with.
“The first one is making sure that there is a root of trust in the device and a secure boot to ensure that known code is running in the device,” said Canel.
“Additionally, depending upon the complexity of the system, a Trusted Execution Environment as defined within the Global Platform standard can play a role to protect keys and other sensitive materials in the device by isolating them from the main execution environment.
“From there, each application that runs in the device can have its own identifier which would be protected within the trust execution environment and would enable secure communications with back end systems in the clouds or the network.”
Constant monitoring
As with any security within any area of an organisation, securing edge devices requires constant monitoring of where exactly these are being deployed, as well as the data they are sharing. According to Mike Bursell, chief security architect at Red Hat, “If you can’t measure it, you can’t monitor it, and if you can’t monitor it, you can’t find out when you have problems – and fix them.
How to control access to IoT data
“Nobody can expect perfect security all the time – and that is even more true for devices at the edge of the network, where they are more vulnerable to both physical and logical tampering.
“Measuring isn’t just about knowing what’s on your devices, though: it’s equally about knowing what’s not on them. Sensitive workloads – whether the algorithms they are running, or the data they are processing – need to be carefully controlled, and you need to be sure that the devices to which you are deploying them are sufficiently protected before they end up in the wrong place, vulnerable to attacks that you are unable to control.
“Confidential computing – protecting data in use with hardware controls called Trusted Execution Environments – is coming, an example being the Confidential Computing Consortium, a Linux Foundation project, which includes many of the biggest names in the industry. But it’s not ready for most deployments yet, so in the meantime, categorise your workloads, decide what is safe to go where, set up controls to manage placement, and then monitor, monitor, monitor.”
Security by design
Another aspect that may be worth looking into is investing in edge infrastructure with security at its core from the start.
“Our approach is always to ensure security by design,” said Richard Simmons, head of European centre of excellence for IoT at Logicalis UK. “That means considering the implications and risks of any edge device, how it generates and processes data and how it is then moved to the data centre of cloud systems. Often security is seen as something to be added at a later date which either causes projects to become locked in pilot purgatory or worse still introduces significant risk to production environments.
“There are several key elements to this: Firstly, ensuring microsegmentation of the network with strong automated policies to ensure that devices can only communicate where they need. Secondly, leveraging strong security software such as Cisco Cybervision to enable you to extend your security environment right out to the edge is critical, especially if you are connecting to industrial assets that leverage specialist communications. Finally, only leverage devices and sensors that have been designed and built to work securely at scale.”
Behavioural visibility
With many employees continuing to work from home, seeking behavioural visibility is also important for sufficient edge device security, according to Dave Barnett, director of edge protection EMEA at Forcepoint.
“With more staff working remotely, often on a wide range of BYOD or shared devices, the traditional ‘edge’ of a network is now obsolete, and people are the new perimeter,” said Barnett. “In these new, decentralised, work environments it’s crucial to move beyond just reacting to threats after they’ve happened. Instead, organisations must excel at anticipating and stopping the next data breach before it occurs, and the most effective way to do that requires visibility into the behaviours of users, data and devices at the edge of the network and in the cloud, to proactively protect the company’s most valuable assets—its people and critical data.
How much do behavioural biometrics improve cyber security?
“One example of how IT teams can implement this is through a Secure Access Service Edge (SASE) architecture. This concept, first formulated by Gartner, aims to eliminate discrepancies through bringing networking and security back to where the applications and data are: the cloud. With more mass remote working because of the impact of the Covid-19 pandemic, SASE is beneficial in providing support for the ever-increasing number of users accessing cloud applications from outside the corporate network.
“Data-centric SASE solutions will be key to better securing modern enterprises, where the perimeter is no longer a defined edge within a physical office, but everywhere. SASE architecture provides the flexibility for enterprises to protect people, applications, and data and connectivity to the cloud.”
Assess security from the source
Finally, when initially procuring edge devices, companies must ensure that the security credentials of the device, and its manufacturer, is worth assessing before confirming any deal.
“Procuring IoT devices should always be done with great care,” said Chris Bates, chief information security officer at SentinelOne. “Ensure that the manufacturer does not use hardcoded admin passwords, and that the device does not ‘phone home’ any data that could represent a breach of your security or privacy regulations. Assess the manufacturer’s track record of supplying firmware updates, and choose one that takes security seriously and responsibly.
“On acquisition of any IoT device, make certain to change any default passwords so that your device is not susceptible to simple brute force dictionary attacks such as those used by Mirai and similar copycat IoT botnets. It is also essential that you find out from the manufacturer or supplier what their notification policy is regarding firmware updates and that you have processes in place to patch as soon as possible when an update notification is received.
“There’s no doubt that IoT ‘smart’ devices are here to stay in enterprise environments and along with that comes a number of security risks as we’ve outlined above. The risk will increase as more devices find their way into corporate environments, and it’s vital that your enterprise is aware of the risks IoT devices present and that it develops policies to govern how these devices are procured, monitored and decommissioned.”