Edge is the concept that moves computing from a centralized model to a decentralized one, away from datacenter consolidation across cloud and infrastructure, applications, and workloads and closer to where data is generated or consumed. According to a new report from AT&T Business, edge network definitions and usage are in a state of flux across industries as organizations search for effective security strategies that address edge-related risks and allow them to explore its opportunities. Secure access service edge (SASE) is on the radar of some businesses seeking to augment traditional security controls, bring the network and security closer together, and allow for broader, more centralized visibility across an edge network attack surface.
Edge use cases differ across industries, cyber risks felt by all
The report showed that while the mechanics of edge network usage differ significantly for businesses across the healthcare, finance, public, manufacturing, retail, and energy sectors, edge cyber risks are being felt by all. The networks chosen for edge use cases included public and private cellular 5G, non-5G cellular such as 4G and LTE, remote office/branch office, cloud, and both industrial and consumer IoT networks.
Private 5G and cloud were cited as the preferred edge network overall, with the former expected to be the leading-edge network environment used to support use cases for the next three years. Almost three-quarters (74%) of companies surveyed said the likelihood of compromise is 4 or 5 (5 being very likely), with retail and energy/utilities having the highest perceived risk across the six industries.
Ransomware was the top cyberthreat concern across all sectors, while attacks against associated cloud workloads, sniffing attacks against user endpoint devices and components, and attacks against servers/data were cited as the most likely attack vectors for the healthcare, finance, and public sectors, respectively. As for manufacturing, retail, and energy/utility companies, attacks against user and endpoint devices and sniffing attacks against the radio access network (RAN) were named as the most likely attacks vectors, respectively.
Edge cybersecurity controls a priority for businesses
AT&T’s report illustrated a clear focus among organizations in investing toward better cybersecurity controls for their maturing edge environments. However, “The decisions about which controls to use where vary and are dependent on several factors, including whether edge is an extension of cloud or on premises, the edge network environment, whether controls are on or in the edge network, familiarity, regulations, and benefit cost,” it read.
SASE was cited as the standout growth engine due to the increasing number of organizations moving to cloud-based solutions and its ability to bring the network and security closer together. “But certain industries may not want to route all of their data through cloud, so on-premises security solutions will continue to exist in areas such as OT,” the report stated.
Cost-benefits key in edge security investments
While edge security decisions are dependent on differing factors, the cost-benefits of controls are integral to decision making around investments, the report found. “Decision makers at all levels and departments of organizations routinely compare benefits with costs.” Overall, firewall at network edge (43.8%), intrusion/threat detection (30.5%), and network access restrictions device-device (25.9%) were cited as providing the most significant cost-benefit for edge security. In contrast, network access control, patching, and DDoS mitigation were considered the least worthwhile. As for individual sectors, the data discovered:
- Intrusion and threat detection, multi-factor authentication (MFA), data encryption at rest, and endpoint and device monitoring are the most efficient and effective security controls for healthcare.
- External traffic encryption at a gateway or proxy, data encryption at rest, firewall at the network edge, and application proxy monitoring are the most efficient and effective security controls for finance.
- Zero-trust network access control, data encryption at rest, traffic encryption (internal to the network and external at a gateway/proxy), MFA, and device authentication are the most efficient and effective security controls for the public sector.
- Intrusion and threat detection, device authentication, and data leakage monitoring are the most efficient and effective security controls for manufacturing.
- Network access restrictions (device to device), intrusion and threat detection, and traffic encryption (both internal to the network and external at a gateway or proxy) are the most efficient and effective security controls for retail.
- Intrusion and threat detection, network access restrictions (device to device), encrypted traffic (internal to the network), and firewall at the edge are the most efficient and effective security controls for energy/utility.
“Decision makers will need to ponder whether cost drives benefit or benefit drives cost,” the report said.
Proactive, preventive approach key to edge security
Edge network security ultimately requires a proactive, preventive approach that considers a hybrid network model that is likely to persist for a long time, AT&T’s report concluded. “5G adoption is increasing, but organizations can leverage legacy networks where it makes sense to do so for specific use cases and as dictated by the realities of existing communications infrastructure, regulations, and location,” it stated.
This is where combining SASE with legacy, on-premises solutions can be particularly advantageous, it added. “When SASE and legacy on-premises solutions are combined, they have capability beyond security.” The security focus of these two together revolves around traditional firewall, VPN, and IDS functionality for general cybersecurity needs; special-purpose functionality like data loss prevention for privacy-oriented data; and application firewalls for more distributed ephemeral application architectures.
Further edge security recommendations AT&T presented include:
- Communicate with and educate stakeholders along a journey that will be both thrilling and challenging.
- Emphasize the importance of security by design throughout all stages of edge network discussions and use case implementation.
- Talk with service providers and network operators prior to making decisions about edge networking.
- Delve into the shared security responsibility model with public-cloud service providers and carriers to clarify roles and responsibilities at every stage of use case implementation.
- Classify data and maintain processes and procedures related to data privacy and data sovereignty.
- Evaluate the benefit cost of security controls before implementing them, keeping in mind the necessity of visibility across the entire attack surface.
- Conduct frequent security control reviews based on data travel routes and storage locations, beyond what’s required for regulatory compliance.
- Use multi-sourced, enriched threat intelligence to keep up with attacker tactics, techniques, and procedures.
“With edge network adoption comes a transition in data accessibility, agility, scale, and user/customer access – a change that can enable innovative use cases and business differentiation,” the report stated. “But new and different risks also are part of the transition, and decision makers need to determine how to address them.”