Schneider Electric, has debunked cybersecurity misconceptions about edge computing, adding that edge computing is becoming increasingly undeniable, cementing its place from hype to necessary technology of the now.
According to Schneider Electric, Forrester the American market research company called 2021 the year for Edge Computing, having predicted that the technology would move from experimentation to mass deployment.
It, however, noted that the newness of Edge, outside of IT circles, unfortunately, contributes to a lot of confusion on the subject and related concern about how secure it is. Schneider Electric explained that compared to a centralized and highly secured data centre, the idea of a decentralized network of endpoint devices placed at the edge of computing networks is leading to concerns and more unfortunately even misconceptions and undue worry, which could get in the way of organizational adoption.
The energy management company stressed that while organizations may have run with the castle-and-moat mentality – assuming those located at the back end were harmless and could be cleared for all-access – organizations are no longer as isolated, often depending on cloud solutions or having employees access company resources externally, especially when working from home.
Speaking on behalf of APC by Schneider Electric, Oluwaseun Oloyede, Secure Power Leader for Anglophone West Africa, further explained that with the current reality, the old proverb of “trust, but verify” is no longer safe enough, adding that instead, Zero Trust is the way to go, by adopting a “don’t trust anyone, until verified” mentality.
He stated that while this may cost more to secure one’s operations, it will help in avoiding loss of data and customer trust due to data breaches, and will save an organization much more in the long run.
Citing Cybercrime Magazine, Oloyede predicts cybercrime will inflict $6 trillion in damages globally in 2021, making it the third-largest “economy” after the US and China. This, he says, is expected to grow 15 percent year-on-year, likely to reach $10.5 trillion in damages by 2025.
In view of that, Schneider Electric says that adopting Edge Computing can also present an exciting opportunity to refresh one’s security systems, noting that concerns faced by the Edge have been thoroughly ventilated by security experts, who recommend mitigation with a holistic strategy in four parts, which includes device selection criteria; secure network design; device setup/configuration; and operation and maintenance.
A common concern with IoT devices is that they could be the weakest link that enables attackers to break into an Edge network. Emphasizing on device selection criteria, Schneider Electric said that it’s important to consider two standards when choosing devices. One is that it has a well implemented Security Development Lifecycle (SDL), a concept introduced by Microsoft to consider security and privacy concerns throughout the entire software development process. Next is IEC 62443, an internationally accepted standard that lays down process requirements for the secure development of products used in industrial automation and control systems as well as Edge IT applications.
On secure network design, Schneider Electric said that rather than a one-size-fits-all approach, a Defense-in-Depth Network (DDN) approach can help diversify risks by creating security zones with different defensive elements in each zone. While no individual method can stop all cyber threats, together they guard against a wide variety of threats while incorporating redundancy in the event one mechanism fails.
For device set-up or configuration, it said that before plugging in a new device or system into an edge application, it’s prudent to understand how it will function within your operation.
On operation and maintenance, it said that installing a new device or system is only the start of the security journey. It added that in the context of maintaining an Edge application, there are three best practices to apply: patch management, vulnerability management, and penetration testing.