Edge computing is computing that takes place on the “edge” of a network. More specifically, it’s a framework that transports data and resources closer to the edge of a network, where they’re needed to enhance reliability and speed.
Traditionally, company servers would operate on-premises, within a centralized data center. This center is a physical, tangible thing made up of hardware. Nowadays, as increasingly more workplaces are adopting a hybrid office structure, networks aren’t as static, and network perimeters often extend well beyond the reaches of this data center.
A network edge refers to the furthest reaches of a network, outside the data center, where devices and local networks interact with the internet. Edge devices are any devices that reside outside of a network or on the perimeter, providing a connection or entry point between the internet and the corporate network. They can be IoT devices, laptops, mobile devices, and so on, as well as routers and routing switches.
So, what does this all look like in practice? Think of a corporate network that has a centralized data center residing in their headquarters. Their hybrid employees are connected to their network through their devices, which includes edge devices that can be brought into the office and taken outside of it, such as laptops and mobile devices. Another example would be a retail company that has a headquarters but also has an edge network that services all of their stores, with edge devices being the payment tools and computers used in those stores.
How Does Edge Computing Actually Work?
Linux Foundation’s LF Edge group created an Open Glossary of Edge Computing, which defines “edge computing” as configuring computing capabilities to function at the furthest logical end of a network in order to deliver stronger performance, improve reliability, and reduce operational costs. It requires software and resources to be spread out between edge devices and the centralized data center in order to achieve these goals–not to just have software and resources reside behind the centralized data center.
Edge computing hinges on tracking, saving, processing, and transporting data as close to the network edge, data source, or event as it can get. Data is collected and sent to either the cloud or edge servers through machine learning, sensors, and other intuitive tools. Edge networks don’t actually need a centralized data center to work, though some organizations do have them just from legacy software and hardware prior to making the transition to edge computing.
As organizations with centralized data centers migrate to an edge computing network, edge servers and gateway devices need to be deployed in order to deliver tasks quickly and reliably. An infrastructure needs to be created, consisting of smaller edge data centers in other locations or through cloud data centers.
What Are The Benefits Of Edge Computing?
There are five main benefits to edge computing, when compared to a traditional network infrastructure with a data center at its heart:
Speed is perhaps one of the more notable benefits edge computing brings to the table. With edge computing, data no longer needs to be transported from the centralized data center to endpoints and back, reducing the overall time data actually spends in transport through the network.
With more and more data traveling through or resting at the edge, it reduces the amount of traffic between the edge and the centralized data center. This in turn reduces the bandwidth used, also removing unnecessary processing tasks and protocols that all take up bandwidth.
Edge computing needs to distribute processing tasks across the network, rather than in a centralized data center, leading it to be more resilient and therefore more reliable than other systems that completely rely on a centralized data center. A lack of a centralized data center to rely on, or indeed one that doesn’t have to be relied on for the bulk of processing, means that, if certain servers go offline for whatever reason, essential services can still be delivered on the edge.
The number of endpoints connected to a network is ever-increasing, from companies scaling up their business to a company attracting more consumers who need to connect to their network.
Edge computing can be easily configured and expanded to accommodate a surge in endpoint devices being added to the network, making it an attractive option for companies that need that scalability. Companies that only utilize centralized data centers must go through the extra effort of adding in more physical hardware to cope with demand–which can be costly and time-consuming to have installed.
This positive aspect ties in with scalability but is critical as a standalone point for many businesses—particularly those with tight budgets. A lack of hardware needed to be installed to scale operations reduces overall costs.
However, for as much as we can extoll the benefits of edge computing, it also presents organizations with a complex challenge: securing the endpoint devices residing outside of the centralized data center. These endpoints are particularly vulnerable to cyberattacks, as they don’t get to experience the full security benefits offered by the perimeter of the data center.
Which leaves the question, is edge computing secure?
The short answer is no. But you can take steps to make it secure.
What Is Edge Security?
Before we talk about how to secure your network edge, we need to understand the actual security issues presented by edge computing. As an edge network resides outside of a centralized data center, it doesn’t benefit from any of the robust security a centralized data center normally brings. Edge computing can be particularly vulnerable to malicious hardware or software injections and DDoS attacks.
Because of this, edge computing is only secure with robust edge security measures in place. As the name might imply, edge security delivers, well, security to data that lives on or travels through this edge with the intention of protecting the company network, the edge devices connected to this network, and the users who make use of the network.
How Can You Secure Your Network Edge?
Edge security needs to have a consolidation of a few security measures in order to deliver effective protection at the perimeter. Because so much activity is taking place outside of the data center and generally outside of administrators’ immediate view, a lot of processes in edge security need to be robust and they need to be automated, ensuring that they can do their job effectively and securely with little input, providing ‘round-the-clock protection.
Here are some of the most important tools that you’ll need to secure your network edge:
Web filtering is a critical tool in edge security. It essentially blocks certain websites deemed harmful, preventing users from accessing these sites while connected to the corporate network.
Web filtering works in two ways. The first way is through an assessment of the quality – and security – of a website. This is done through the consultation of lists of known malicious or unsecure websites, which are frequently and regularly updated. These lists inform the web filtering tool which domains and sites have been known to host malware, phishing, viruses, and other harmful content. They can also report on sites and domains that may not have necessarily harmful content, but content that may not be appropriate.
The second way web filtering functions is by enabling admins to configure browsing controls. The web filtering tool then blocks any pages whose contents doesn’t fall in line with these preferences.
You can read our guide to the top web security solutions here.
Anti-malware is a broad term that applies to a range of methods that seek to prevent any malicious attacks from harvesting credentials, stealing sensitive data, or causing other forms of irreparable harm and damage to your business and brand. Anti-malware can consist of anti-phishing solutions, anti-spyware tools, sandboxing tools, endpoint protection solutions, and more. It seeks out harmful code, quarantines and potentially sandboxes it, before safely removing it and alerting administrators.
Intrusion Prevention Systems (IPS)
IPS is a network security tool that often works in tandem with a next-gen firewall, sitting directly behind it to analyze the flow of incoming web traffic. It performs a deeper packet inspection that firewalls aren’t capable of for further analysis of the contents of each data packet. IPS is adept in the detection, reporting, and blocking of any anomalies in network traffic to prevent anything malicious from invading the network, such as ransomware attacks and DDoS attacks.
For more information on IPS tools, read our guide: What Is Intrusion Prevention?
Next-Generation Firewalls (NGFW)
Next-gen firewalls are seen as part of the “third-generation” of firewalls on the market. Their framework follows that of a standard firewall architecture, with additional features included in a bid to overcome traditional firewall limitations. Next-gen firewalls possess all the packet filtering, stateful inspection, VPN support, network address translation, and port address translation that traditional firewalls have. But they also include DDoS blocking, block breaches from encrypted apps, strong analysis and reporting features, in-depth packet analysis, intrusion prevention, and application-level inspection that first- and second-gen firewalls don’t provide.
What is a network firewall?
With an expanded network perimeter and an infinite potential number of connected endpoints, ensuring the security perimeter is robust and non-porous at all times is imperative to your company’s overall cybersecurity health. Software and security perimeters are a constant work in progress and need to be regularly updated through patch management, which applies “patches” to issues or bugs in software and operating systems. These can be configured to be automatic or require end-users to accept the update via their device.
You can compare the best patch management tools on the market in our guide to The Top 10 Patch Management Solutions For Business.
In depth and widespread visibility into all parts of the edge computing network is a key component in ensuring your company’s overall cybersecurity health. With a potential for untold number of edge devices and users and an expansive and porous network, it can be easy for harmful code or threat actors to hide. Network monitoring tools that can provide deep inspection and full reporting and insights is highly valued in edge security, such as network packet brokers which can analyze network packets and monitor traffic, delivering in depth reporting to admins.
Security Access Service Edge (SASE) And Security Service Edge (SSE)
As more and more companies turn to the cloud, an increasing number have been turning to security access service edge (SASE) for an edge computing security solution. SASE is a consolidation of security tools that combine security service edge with SD-WAN capabilities. SSE is a unified subset of security protocols—including secure web gateways, zero-trust capabilities, CASBs, and firewalls—to deliver a comprehensive edge security solution, while SD-WAN provides a unified network service.
SASE provides a flexible and intuitive, yet robust, solution that offers a consolidation of the measures mentioned above to provide security in one unified architecture.
For more about edge security solutions and SASE’s architecture, read our blog: What Are Edge Security Solutions?
Edge computing allows organizations to cut costs, increase scalability and productivity, and improve their bandwidth use. Currently, roughly 10% of all enterprise related data is created, transported, processed, and resides outside of a centralized data center or cloud. But with so many benefits associated with edge computing, it comes as little surprise that Gartner predicts this figure to hit 75% by 2025. However, with more data being stored outside of a data center and immediate network, protecting it has never been more important.
By nature, edge computing is not secure. Expansion of a network outside of a data center, without proper insight into the who, what, where, when, and why of each action undertaken by each connected edge device, leaves businesses with porous network perimeter that can easily be taken advantage of by threat actors. The more devices connected to a network, the more attack vectors there are, so an expanded network results in an increased attack surface. Implementing edge security measures is paramount to defending yourself against attacks and subsequent data breaches and financial losses.
Put simply, your edge computing network is only as good as your edge security solution.