Edge Clouds have quickly proven their value in the Edge Computing world. While IoT and Edge Computing devices are becoming more powerful, they still lack the processing power to perform machine learning, deep analytics, video compression and other critical services. And of course, the latency reduction they provide has been a key driver from day one.
Security and privacy have also been major drivers for Edge Clouds. Keep personally-identifiable information (PII) at the edge reduces the risk of regulatory compliance violations. But there is one other important aspect of security in which Edge Clouds play a major role – mitigating the impact of the “attack surface” that is exposed by millions of edge and IoT devices.
Security at the Edge
There has been a lot of press lately about security at the edge. While the container bandwagon is gaining lots of momentum, enterprises should be aware of some of its risks before “jumping on.” While these security risks will continue to be addressed, there will always be exposure. Denial of service (DoS) attacks and other malicious activities are not going away, and the broad attack surface of Edge Computing and IoT is a welcome sight for hackers.
Public clouds offer various levels of security for the services they provide, but typically it’s up to the user to provide higher levels of security. Since the majority of public cloud Edge Computing and IoT solutions are enrollment based and utilize primarily “north-south” traffic flows, the first line of defense against attacks may be at the edge of the public cloud itself. This introduces massive exposures as DoS attacks may overwhelm these perimeter security implementations. Or worse, the DoS attack or infected traffic may reach the application itself.
Figure 1 – Public cloud implementations for Edge Computing and IoT present a large attack surface that can have major impact on back-end applications and services.
Security in Edge Clouds
Edge Clouds enable much deeper and broader security solutions by placing them closer to the devices under attack. The compute, storage and networking resources offered by Edge Clouds can be utilized to create very sophisticated Intrusion Detection and Prevention that can deflect DoS attacks, protecting critical edge applications and reducing further upstream exposure. By adding additional security services at the edge such as Deep Packet Inspection, Edge Clouds can prevent the malicious infection of data that could be used to generate local or upstream attacks. And since Edge Clouds provide a “segmentation” model by dividing large populations of Edge Computing and IoT devices across multiple clouds, the impact of large-scale attacks can be managed and isolated on a more granular level.
Figure 2 – Edge Clouds provide an ideal platform for implementing sophisticated security services that prevent DoS attacks and the malicious manipulation of data.
Deploying more security services at the edge does come with a cost in that it makes the service chain and life cycle management for both applications and infrastructure more complex. But, with robust and resilient distributed cloud orchestration, this problem, like the security exposure itself, can be easily managed and mitigated.
If you would like to learn how CPLANE.ai can help you quickly deploy edge defenses, contact us here.