How To Secure The Intelligent Edge

It is perhaps the lowest form of human life that uses a crisis like COVID-19 to exploit the vulnerabilities of people and organizations. From price gouging critical supplies to the phishing scams that are hitting email inboxes daily, there have been many reminders lately that the cyber-world is full of actors–individuals, groups, and nation-states–that exploit for gain. While edge computing holds a lot of promise for organizations of all sizes and types, the risk of a security incident holds a lot of companies back from going “all in.”

Securing the edge is not just daunting – it can seem downright impossible. An unprecedented number of devices on the network, generating data every second of the day that needs to be ingested, transformed and analyzed by compute platforms in the wild. Yeah, I don’t want to be the one tasked with locking this environment down. But here’s the thing–securing the intelligent edge is not impossible. Many organizations –perhaps your competition–are doing it today. Furthermore, they are reaping the benefits that edge computing delivers. How are they managing this? Read on to find out.

The current state of cybersecurity in enterprise IT is eye-opening

In mid-2019, the Ponemon Institute released the findings of a survey focused on cybersecurity readiness for US IT organizations. Here are a few highlights:

  • Respondents spend an average of $18.4M annually on cybersecurity products
  • Responding IT organizations deploy 47 different cybersecurity products
  • 53% of the respondents don’t know how well these cybersecurity tools work
  • Only 41% of respondents say their IT security team is effective in determining gaps in security and closing them
  • 75% say their IT security teams are unable to respond to incidents within 24 hours

If you weren’t paranoid about cybersecurity before, this should help push you to the brink. The net-net of the report is something we all know: organizations of all sizes are lacking in cybersecurity readiness and responsiveness. This is one of the reasons why edge projects don’t move more quickly, despite the business benefits.

Securing the intelligent edge is a multi-dimensional task

Surprisingly, a large number of IT professionals think of security as securing perimeters and implementing robust access control. However, security in today’s era of edge and cloud is so much more complicated. With the explosion of IoT/IIoT in particular, the number of attack surfaces and vectors increase dramatically. To illustrate, consider the Target breach way back in 2013. 40 million credit card numbers were stolen, along with 70 million records – all because a hacker was able to get the credentials for an HVAC service organization. While this example may sound extreme, it certainly demonstrated the need to deploy security solutions that address all the people and devices that populate the network–not just a firewall. This story also drives home the point that these challenges are not new. The network must be secured, from edge to cloud to datacenter.

Securing is equal parts product, process, and people

One of the big takeaways from the aforementioned Ponemon research is that despite throwing money at the cybersecurity challenge, IT organizations still struggle. This is because a comprehensive cybersecurity strategy involves more than just products. The most secure servers can’t prevent a user from opening a phishing email. Likewise, the most well-equipped IT security staff cannot achieve and maintain readiness without the training, procedures and testing to ensure that it is prepared. I believe HPE’s approach to cybersecurity and data protection is very comprehensive. It is made up of five essential elements:

  • People – It’s difficult to raise awareness around cybersecurity and ensure that it stays top of mind for employees. It requires a consistent drumbeat of training, messaging, and reminders.
  • Policy and procedure – It is challenging to expect employees to maintain a high level of vigilance without higher-order governance. Well-communicated policy (e.g. how an organization protects against unauthorized access, where data can be stored, etc.) is critical, so that people can develop the specific steps (i.e., processes) to protect the organization. 
  • Processes – The specific steps an organization and its people take to protect against and respond to cyber incidents.
  • Product – From silicon to hardware to software, products are the tools used to protect the environment. In the era of edge computing, IoT and IIoT device management is particularly complex.
  • Proof – So you think your environment is locked down? How much validation has been done to prove it? Any red team-blue team exercises? Stress testing is the ultimate way to validate organizational readiness across planes.

Figure 1

What’s your readiness level?

It’s hard for an IT organization to construct a security readiness plan when it isn’t sure how ready it is. Moor Insights & Strategy created a cybersecurity readiness model that measures an organization’s implementation of HPE’s Intelligent Cybersecurity Framework (which, in turn, is based on the NIST Cybersecurity Framework). This model should give organizations an excellent initial baseline regarding cybersecurity readiness, and enable them to measure progress toward a zero-trust environment.

Figure 2

For more information on the cybersecurity readiness model and criteria for progressing through classifications, read the detailed report. In this report, IT practitioners can find helpful tools in securing their environment, including the intelligent edge.

Bring in a neutral third party

IT admins often regard their environments not unlike parents of preschoolers. They see their own as the most beautiful and smart kid in the class. Because of this, the only sure-fire way to get an honest assessment of little Johnny is to call in a stranger. Similarly, assessing and achieving security in the datacenter and at the edge is best achieved through the eyes of a neutral third party, who can assist in the journey. 

Companies like HPE are very interesting partners in this journey to cybersecurity nirvana because they check all the boxes. Hardware? Got it, with its Silicon Root of Trust. Software? Aruba ClearPass will manage devices, and iLO Amplifier Pack helps in the detection, remediation and recovery from attacks. Additionally, the Pointnext team has years of experience in delivering security solutions to companies of all sizes across all industries around the world. In other words, the folks at HPE will tell you if your precious Johnny has bucked teeth and give him some braces to fix it.  

Closing thoughts

There is no one size fits all approach to securing the edge. Nor is there a silver bullet that can solve all of your security needs with one install. The right approach to securing your environment is unique to you and will require a solution consisting of integrated products and processes that drive overall cybersecurity readiness. When looking for a partner in developing and deploying a comprehensive cybersecurity strategy, look for a company that can deliver a full suite of products, consultation and services.