The growth of The Edge ecosystem reaffirms need for proactive security

April 3, 2023
A cross-functional collaboration to safeguard digital assets is a critical element to secure organizational information assets

As the digital world continues to transform and develop, there are new cybersecurity threats that business leaders need to be aware of and protect against. This is even more important as computing continues to move toward the edge. According to a recent survey, 76% of security professionals expect fully new threats to emerge because of an expanded attack surface. Take the recent example of the ransomware group BotenaGo being able to attack vulnerable IoT targets without relying on any human activity.

The advancement of edge and expanded attack surface is something adversaries are moving toward and taking a proactive stance is key for those innovating at the edge. The stakes are too high for reactionary security decisions or security controls prescribed based primarily on past experiences or practices. Sensors and data are everywhere, and networks are always available.

SecurityInfoWatch.com recently had a conversation with former Gartner analyst and Head of Cybersecurity Evangelism at AT&T Business, Theresa Lanowitz, who spoke to existing cybersecurity controls and the cost benefits of those controls as companies move toward the edge. She also discusses the need for cross-functional collaboration to safeguard digital assets, build a resilient business, and drive operational efficiency of security budgets to deliver stronger outcomes.  

SecurityInfoWatch.com (SIW): Edge computing is a term that has been circulating in the industry for a while. How exactly do you define edge computing?

Theresa Lanowitz: The term edge means different things to different people depending on where they are in the ecosystem. For example, vendors selling edge solutions will skew the definition towards their technology stack. Organizations implementing edge will skew towards the technology stack they are using.

However, looking at edge computing through the lens of three essential characteristics seems to help clarify the topic. Those three essential characteristics for edge computing which provide a consistent framework are:

●    A distributed model of management, intelligence, and networks

●     Applications, workloads, and hosting closer to the users and assets that are generating or consuming the data, which can be on-premises and/or in the cloud

●     Software-defined

It’s important to keep in mind the above characteristics in order to truly help define what is occurring with edge computing.

Edge use cases are evolutionary, not revolutionary. Edge use cases are pervasive, and many apply existing connectivity, networking, and security elements. As use cases evolve, resilience gains importance and the competitive advantage that edge applications provide can be fine-tuned. Future evolution will involve more IoT devices, faster connectivity and networks, and holistic security tailored to hybrid environments.

Some of the top edge use cases we’ve uncovered in different industries through our research include:

  • Finance – concierge services
  • Retail – loss prevention
  • Healthcare – consumer virtual care
  • Manufacturing – video-based quality inspection
  • Energy and utilities – remote-control operations

    SIW: As organizations across all industries move to edge computing, what must happen to ensure an edge ecosystem is being adopted properly and what benefits will organizations begin to see as a result?

    Theresa: This question really hits on the decades-old silos that have been erected inside any business. For successful implementation and with security at the core, those silos need to erode. Over the past four to five decades, we’ve seen silos such as networking, IT, quality assurance, operations, and application security become isolated from one another. Moving to a computing paradigm that is more experiential and based on near real-time data and observations, there has to be more cross-functional work, roles, and communication. The edge is calling for collaboration across the business as a whole, and this entails putting together an extensive plan for moving toward the edge, as well as bringing in trusted third-party advisors to help.

    Those trusted advisors have the experience needed to bring about this evolution in computing. For example, businesses may work with a telco to help with the network component of edge computing, a global systems integrator to help with application integration, or with a managed security service provider (MSSP) to provide endpoint security. According to recent data from the annual AT&T Cybersecurity Insights Report, 65% of survey participants are working with a third party for designing and deploying new architectures for edge use cases.

    As teams begin to move to edge computing, we will see computing experiences move the user away from the traditional input/output of monolithic applications. The move to experiential computing offering a digital experience with near real-time information will be the norm. For example, look at the top edge use case for manufacturing – video-based quality inspection, this allows defects to be remediated at the point of insertion almost immediately. Using a system of cameras and sensors, teams are alerted immediately and appropriate adjustments can be made.

    SIW: What emerging threats concern businesses the most in relation to edge computing?

    Theresa: Research shows that 75% of global survey respondents from the AT&T Cybersecurity Insights Report are on a journey to the edge with use cases either in full or partial implementation – this is a powerful indication that the market is on its way to introducing new computing paradigms that go beyond monolithic applications. With that said, another 74% of respondents say a security compromise is very likely with a high impact on the business as a result of the compromise – this is indicative of the fact that organizations now understand the inextricable link between business outcomes and security as a business function vs. a technical problem. We probably would not have seen this connection between a security incident and the realization of a business impact five years ago. Across the board, businesses are savvier about what security risks mean to the business and the need to build a resilient business.

    Adversaries adapt and look for new ways to interrupt businesses. In late 2021, malware named BotenaGo was able to attack vulnerable IoT targets without relying on any human activity. This indicates that the advancement of edge computing and the expanded attack surface is something adversaries are moving toward, which calls for a proactive stance on security for all enterprises that are innovating at the edge. The stakes are too high for reactionary security decisions or security controls prescribed based primarily on past experiences or practices. Sensors and data are everywhere, and networks are always available.

    Fortunately, organizations are moving to combine cybersecurity controls and network functions in the cloud (for example, SASE). While manual security activity has proven to be less useful in edge use cases, multifactor authentication is specifically indicated as one of the leading cybersecurity controls for the edge ecosystem

    SIW: What advice do you have for business professionals to best secure the edge?

    Theresa: As organizations across all industries move to edge computing, it is important to evaluate existing cybersecurity controls and the cost-benefit of those controls. It is also critical to evaluate what new edge use cases require for security. Each organization has to make the call on what cybersecurity controls they should continue to use with new computing types and which to leave with legacy computing for maintenance purposes. Overall, there is quite a bit to be optimistic about. Yes - cyber adversaries are determined, but defenses are moving to be holistic vs. reactive. Today’s line of business understands the criticality of security, and organizations are planning and investing properly. This includes collaboration among the line of business, network teams, application development teams, security teams, and third-party trusted providers.

    Edge use cases represent the future with digital trust being at the core of businesses of all types. Further securing the edge will be a matter of working with an internal and external ecosystem to safeguard digital assets, build a resilient business, and drive operational efficiency of security budgets to deliver stronger outcomes.