Edge computing places nodes, often in the form of embedded systems, locally on the site where data is being gathered and processed. These nodes exist on the "edge" of your cloud's coverage and broadcast data (often preprocessed) back to your application service or data storage facility.
[ Improve your skills managing and using SELinux with this helpful guide. ]
Edge has many advantages, but by definition, it means deploying several computers (depending on your needs, it could be in the hundreds) to remote locations. Each of those systems represents a potential attack vector, so it's important to think about how to restrict access to your edge devices.
1. Services
Don't let the terminology fool you. An edge device is a hyper-specific server that runs some service or collection of services. It receives input and produces output.
As with functional programming, you must ensure that the services running on the device accept (and validate) only the required inputs and provide verifiable output. The classic example of SQL statements that drop tables or add users is still relevant. While it may or may not apply to your device, the idea is the same: Restrict input to only what's expected, and provide output that's strictly scrutinized.
2. Operating system
This one is straightforward:
- What operating system is the device running?
- What support does it have for updates?
- What security policies does it make available to you?
Luckily, many edge devices run open source, such as Linux, BSD, or RTOS, so there's a lot of potential for optimizing settings with features like SELinux. However, through neglect or mismanagement, there's always the possibility that you're not taking advantage of your operating system's built-in features. Get to know your devices' operating system, read the documentation, and implement safeguards.
[ Boost security, flexibility, and scale at the edge with Red Hat Enterprise Linux. ]
3. Firewall
The edge is not synonymous with DMZ. Just because your devices are remote doesn't mean they don't need coverage. Whether you set up a site-specific firewall server or use a device's built-in firewall features, your edge network needs a firewall.
4. Encryption
Some commodity devices have easy modes for quick connectivity. These may be great features for quick setup and testing. However, they are no substitute for establishing dedicated encrypted connections with encryption keys that you oversee and can revoke when necessary.
5. Zero-trust security
Use the zero-trust model:
- Authenticate all connections.
- Verify all devices, users, and applications.
- Route all traffic at the application level.
6. Monitoring
An unmonitored device is an invitation for failure. There are many great monitoring tools out there, like Tripwire, Prometheus, and more. Watch the edge the same as you monitor your local network (if not more).
Welcome to the edge
Edge computing can make your cloud snappier and more efficient, but it requires attention. It's a big and widespread responsibility to compute on the edge, so treat it carefully. Give it the attention it deserves, and treat your edge network with the same care you have for your local users.
저자 소개
유사한 검색 결과
Deploy Confidential Computing on AWS Nitro Enclaves with Red Hat Enterprise Linux
Red Hat OpenShift sandboxed containers 1.11 and Red Hat build of Trustee 1.0 accelerate confidential computing across the hybrid cloud
What Is Product Security? | Compiler
Technically Speaking | Security for the AI supply chain
채널별 검색
오토메이션
기술, 팀, 인프라를 위한 IT 자동화 최신 동향
인공지능
고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트
오픈 하이브리드 클라우드
하이브리드 클라우드로 더욱 유연한 미래를 구축하는 방법을 알아보세요
보안
환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보
엣지 컴퓨팅
엣지에서의 운영을 단순화하는 플랫폼 업데이트
인프라
세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보
애플리케이션
복잡한 애플리케이션에 대한 솔루션 더 보기
가상화
온프레미스와 클라우드 환경에서 워크로드를 유연하게 운영하기 위한 엔터프라이즈 가상화의 미래
