Edge computing places nodes, often in the form of embedded systems, locally on the site where data is being gathered and processed. These nodes exist on the "edge" of your cloud's coverage and broadcast data (often preprocessed) back to your application service or data storage facility.
[ Improve your skills managing and using SELinux with this helpful guide. ]
Edge has many advantages, but by definition, it means deploying several computers (depending on your needs, it could be in the hundreds) to remote locations. Each of those systems represents a potential attack vector, so it's important to think about how to restrict access to your edge devices.
1. Services
Don't let the terminology fool you. An edge device is a hyper-specific server that runs some service or collection of services. It receives input and produces output.
As with functional programming, you must ensure that the services running on the device accept (and validate) only the required inputs and provide verifiable output. The classic example of SQL statements that drop tables or add users is still relevant. While it may or may not apply to your device, the idea is the same: Restrict input to only what's expected, and provide output that's strictly scrutinized.
2. Operating system
This one is straightforward:
- What operating system is the device running?
- What support does it have for updates?
- What security policies does it make available to you?
Luckily, many edge devices run open source, such as Linux, BSD, or RTOS, so there's a lot of potential for optimizing settings with features like SELinux. However, through neglect or mismanagement, there's always the possibility that you're not taking advantage of your operating system's built-in features. Get to know your devices' operating system, read the documentation, and implement safeguards.
[ Boost security, flexibility, and scale at the edge with Red Hat Enterprise Linux. ]
3. Firewall
The edge is not synonymous with DMZ. Just because your devices are remote doesn't mean they don't need coverage. Whether you set up a site-specific firewall server or use a device's built-in firewall features, your edge network needs a firewall.
4. Encryption
Some commodity devices have easy modes for quick connectivity. These may be great features for quick setup and testing. However, they are no substitute for establishing dedicated encrypted connections with encryption keys that you oversee and can revoke when necessary.
5. Zero-trust security
Use the zero-trust model:
- Authenticate all connections.
- Verify all devices, users, and applications.
- Route all traffic at the application level.
6. Monitoring
An unmonitored device is an invitation for failure. There are many great monitoring tools out there, like Tripwire, Prometheus, and more. Watch the edge the same as you monitor your local network (if not more).
Welcome to the edge
Edge computing can make your cloud snappier and more efficient, but it requires attention. It's a big and widespread responsibility to compute on the edge, so treat it carefully. Give it the attention it deserves, and treat your edge network with the same care you have for your local users.
執筆者紹介
類似検索
Red Hat to acquire Chatterbox Labs: Frequently Asked Questions
From incident responder to security steward: My journey to understanding Red Hat's open approach to vulnerability management
What Is Product Security? | Compiler
Technically Speaking | Security for the AI supply chain
チャンネル別に見る
自動化
テクノロジー、チームおよび環境に関する IT 自動化の最新情報
AI (人工知能)
お客様が AI ワークロードをどこでも自由に実行することを可能にするプラットフォームについてのアップデート
オープン・ハイブリッドクラウド
ハイブリッドクラウドで柔軟に未来を築く方法をご確認ください。
セキュリティ
環境やテクノロジー全体に及ぶリスクを軽減する方法に関する最新情報
エッジコンピューティング
エッジでの運用を単純化するプラットフォームのアップデート
インフラストラクチャ
世界有数のエンタープライズ向け Linux プラットフォームの最新情報
アプリケーション
アプリケーションの最も困難な課題に対する Red Hat ソリューションの詳細
仮想化
オンプレミスまたは複数クラウドでのワークロードに対応するエンタープライズ仮想化の将来についてご覧ください
