You’re probably hearing a bunch of chatter about edge computing these days and how it, along with 5G, are the latest pieces of technology to redefine how we conduct our business. In fact, you may even be hearing people say that edge computing will replace cloud computing. Let’s separate the facts from the speculation.

What Edge and 5G Are and Are Not

Let’s start off with a definition of edge computing: it’s a distributed computing framework that brings enterprise applications closer to data sources (there is a great accompanying video in the link if you’d like to learn more). In practical terms, edge computing is designed to move computing power closer to data in order to reduce latency. This tactic is a powerful solution for organizations that are either too far away from the cloud or require speed to conduct their business.

5G, while also designed to improve latency concerns, does not have any inherent computing power like edge or cloud computing. 5G is a wireless network designed to increase speed through improved bandwidth capabilities. Therefore, edge computing and 5G are not alternatives to each other; how they generate speed is entirely different. But the two are complementary to each other.

Think of it like this: 5G is the superhighway, the bandwidth that allows more room for travel, whereas edge computing setups are the service stations along the way that reduces the distance required to travel. When combined and working together, more work can be done faster both because of reduced distance and increased speed.

So, is Edge Computing Really Just Cloud Computing?

The quick answer is no. Edge and cloud computing are different, and the right fit for your organization will depend on what you’re looking to do. In keeping with the roadway-related analogies, edge computing is about speed whereas the cloud is about torque. Therefore, if you need to move data and conduct processes fast (speed) then an edge solution might be a better fit for your needs. But if you need to move a lot of data and can accept some latency (torque), then a cloud solution may be the best road for you to take.

With edge computing, what you are effectively doing is cutting the distance to the computing power. Instead of going all the way to the cloud, you are running processes on the edge server or even local devices, such as computers or IoT devices.

With the perimeter being pushed out, it’s probably becoming clear why a marriage between edge computing and 5G is attractive from a business efficiency perspective. But you would also be right to see that there are cybersecurity, configuration and security concerns, ones that simply out of sheer numbers could be overwhelming for an industry that is already short-staffed and burdened. Despite artificial intelligence and other automation solutions available to assist in the game, people are still going to be at the helm.

Are Speed and Security in Opposition?

Security safeguards are often redundant. A door keeps unwanted people from walking into your home, but adding a lock makes that door more secure – while also adding a redundant layer that takes extra time for you to navigate, every time you want to get inside. That is often the business cost: if you want robust security, it frequently requires compromises in terms of speed.

Business moves at the speed of light, requiring increasingly automated processes to support the delivery of products and services. At the same time, security concerns can be overwhelming for already strained resources capabilities as the attack surface and vulnerabilities continue to grow.

That’s a clear business concern, with critical priorities that seem to be pulling in different directions. One comes at the cost of the other, but that cost is by no means binary. The cost is determined by your risk appetite and risk assessment, which will then drive your resiliency strategy.

From this perspective, deploying edge computing and adopting 5G solutions is not really a case of good versus bad, but more a matter of what is right for your organization.

Some Security Challenges May Not Be Immediately Visible

Despite the differences between cloud and edge computing, they share some similar security concerns. It comes down to ubiquity and the attack surface. To illustrate this concept, let’s focus specifically on operating systems.

A malicious actor, with finite resources, has a choice to make:

  • Plan resources around attacking Operating System 1 (OS1), which owns 90% of the market share; or
  • Plan resources around attacking Operating System 2 (OS2), which owns 10% of the market share.

If you were the malicious actor, which is the more lucrative target?  Where is your greater opportunity for a successful attack, OS1 or OS2?  Assuming everything else is equal, it’s OS1. That option presents a larger attack surface for the actor to attempt to exploit, even if OS2 is not necessarily more secure. Market dominance, or ubiquity, can skew perceived security.  For the actor that has finite resources, going after OS2 is just not worth their time. The incentive is not there.

The same incentives and thinking also apply to cloud computing, and will eventually apply to edge computing as well. Over the past few years, as more applications and more data have moved to the cloud, we’ve seen a corresponding rise in attacks against and leveraging the cloud, too. Today, cloud applications are the most common way to distribute malware.

Similarly, as time passes and there is increased adoption of edge computing and 5G networks, do not be surprised to see attackers exploiting these vectors more often. For perspective, it is expected that by 2025 75% of enterprise data will be processed at the edge, whereas that rate is about 10% today.

Edge Computing Security Challenges

Let’s spend a moment reviewing some edge-related security challenges:

  • Operational Manageability. Just like the explosion of 5G devices coming online causes a management issue, the same problem will exist for edge computing.  More nodes mean more monitoring, more maintenance and, of course, more vectors for attack and malicious injection.  Your defense strategies can include activation methods and signal analysis, but you may already be thinking this becomes an automation and configuration challenge too. More complications can result in a less resilient and more fragile system, especially if security design is not top of mind.
  • Data Manageability. If you suddenly develop the ability to process more, and process faster, chances are you likely to generate, acquire and hold more data. Your entire data backup and restore strategies, along with your data handling, retention, and destruction protocol may be in need of a fundamental overhaul.
  • Physical Security. The likelihood of physically breaching a cloud service provider’s data centers is relatively low, but edge computing changes that calculus. All of a sudden, that computing power could be just a few hundred yards away on some 5G tower, or even locked up somewhere on-premises. This design reality creates a very interesting dynamic, especially if deploying a private 5G network is in your sights.
  • Authentication Requirements. IoT and other similarly-related internet-connected devices are notorious for vulnerabilities stemming from default passwords. From a security perspective, if edge computing is to have a fighting chance over time, the “default password” must go off into the ether. Poor password hygiene and failure to activate multi-factor authentication – problems we still haven’t tackled well – will cause ever-increasing security headaches if not addressed.
  • Perimeter Expansion. Having a well-defined and controlled perimeter is essential to your security strategy, but edge computing relies on an expansion of that perimeter. As in all types of breaches, once an attacker can break through the perimeter, their opportunity to conduct further reconnaissance and attacks is considerable. Note as well that many credentials will be stored at the edge if required to communicate back to data centers.  Zero trust modeling can help reduce the role of the perimeter, which can help mitigate the increased risk footprint that can arise under edge computing.

5G Security Challenges

Time now for a short look at some 5G related concerns:

  • Smart Supply Chain Devices. This issue can apply to basically any type of smart device nowadays. Not only are there possible software vulnerabilities, but the hardware itself may be compromised. As we have covered before, wires are easier to trust; wireless systems that rely on software and are constantly connected to the internet are more vulnerable.
  • Reliability and Management of Devices. As noted above, 5G will provide organizations with more bandwidth and speed with which to work. It’s a safe bet that with this increased speed we will also see more devices coming online. There will be many more endpoints to handle, and currently, no common standard exists to ensure only secure devices make it onto the network.
  • Privacy. A great use case of 5G and edge computing comes during life-saving moments, such as when an ambulance can feed video back to the emergency room and then be assisted by autonomous medical devices and medical professionals. But with this increased power comes increased privacy concerns, especially with so much biometric data being fed through the networks.

Do the Math and Weigh the Risks of Edge Computing and 5G

Just like any other computing configuration or setup, as long as strong and secure cybersecurity practices are deployed throughout a network that uses edge computing and 5G, that system can be reliably safe. But that is sometimes easier said than done.

Any edge computing or 5G deployment will come with an initial adoption cost and then ongoing maintenance and security costs.  An honest return-on-investment analysis needs to be conducted, meaning that the decision will ultimately be one that weighs business risk and bottom-line impact. That is why the business, IT and security teams need to work together. Do the math before you sign up, and determine whether the cost of adding edge computing convenience and 5G speeds to your organization’s workflows without adding unacceptable security vulnerabilities makes business sense.

more from Application Security

Why Your Success Depends on Your IAM Capability

It’s truly universal: if you require your workforce, customers, patients, citizens, constituents, students, teachers… anyone, to register before digitally accessing information or buying goods or services, you are enabling that interaction with identity and access management (IAM). Many IAM vendors talk about how IAM solutions can be an enabler for productivity, about the return on investment (ROI) that can be…

Controlling the Source: Abusing Source Code Management Systems

For full details on this research, see the X-Force Red whitepaper “Controlling the Source: Abusing Source Code Management Systems”. This material is also being presented at Black Hat USA 2022. Source Code Management (SCM) systems play a vital role within organizations and have been an afterthought in terms of defenses compared to other critical enterprise systems such as Active Directory.…