Bob Ferrari’s research and development of multi-cloud solutions has led to increased cloud enablement among federal agencies, and his ability to build cloud environments for future innovation ensures greater adoption. Bob’s expertise in hybrid cloud solutions extends to costing, solution-ing, and architecture. He leads teams that develop cloud architectures including AWS, VMware Cloud on AWS, Azure, Azure Stack, and VMware Cloud Foundation. Under Bob’s leadership, Perspecta became the first public sector IT integrator to achieve managed service provider status for VMware Cloud on AWS.
Edge Computing and the New Security Paradigm
For many years now, moving “to the cloud” has been at the top of the enterprise IT agenda. But priorities are shifting once again, with edge computing now the trend most hotly anticipated in C-suites and boardrooms.
In fact, edge computing has been gaining momentum. Consumers are taking advantage of the technology through products such as the Ring video doorbell or the Nest connected home platform. Self-checkout kiosks at grocery stores and filling stations where drivers can ‘pay at the pump’ are other common examples. That these devices collect data and transmit it back to central hubs via the internet is nothing new; what has changed is that these devices process information on the spot, also known as computing ‘at the edge’.
New capabilities, new challenges
According to Bob Ferrari of Perspecta during a recent SVIC webinar, the range and sophistication of applications in edge computing create new management and security challenges. For example, one of the most exciting use cases—autonomous vehicles—has a large attack surface when it comes to threats. Vehicles receive a continual stream of data about other vehicles, and road and weather conditions, which hackers can exploit. Those risks increase further when companies bring in third-party cloud providers.
“Traditionally, computing architectures required users to reach back into data centers or central remote locations in order for applications to operate,” says Bob Ferrari, senior cloud program manager at Perspecta, a U.S. government systems integrator. “By pushing the computing and data access to the edge, the requirement for high-speed connections is alleviated in lieu of proximity. But this introduces new management challenges where traditional perimeter and other security practices may not be enough.”
Every device at the edge—be it a car, an elevator, or an air conditioning unit—becomes a potential weak spot, requiring companies to balance security and privacy with the opportunities to give customers new products and services.
Countless devices on countless networks
In the past, IT departments could secure the routers and individual devices at the edge of their networks. But with edge computing and the variation among devices accessing a network, there is no perimeter to secure. Each device has its own configuration and vulnerabilities, making security management a tough task. The large and growing number of edge devices, which process large amounts of data and are connected to networks outside a company’s control, only adds to the challenge.
“Only using antivirus and firewalls to keep an organization safe from cyber-attacks likely means the organization is already exposed to a cyberattack, they just don’t know it yet,” says Ferrari. “The organization’s data is no longer flowing through their internet connection or only through their corporate firewalls. So they must secure and protect the edge device today as though it is a unique and single door to their network.”
Building more trust with zero trust
To combat threats in this complex network landscape, many within the cybersecurity industry are advocating for a move toward Zero Trust architecture. Under this model, anything and everything trying to connect to an organization’s systems—from within or from without—has to be verified before access is granted. Authorization comes not because a particular machine or IP address has been whitelisted in advance, but because a given user’s credentials allow them access.
This security model, based on individual users’ roles and their associated level of access, is touted as the way forward in a world where most organizations’ applications exist on-premises, in the cloud, and increasingly at the edge. Customers, employees, or partners access those applications from anywhere through a huge range of devices. A Zero Trust system, including two-factor authentication, encryption, and file-sharing permissions, provides organizations with a way to retain sufficient governance and control in this potentially chaotic environment.
Moving toward a Zero Trust architecture has its challenges, too. It requires the implementation of new technologies and the need to change existing processes. Currently, security and compliance are usually addressed toward the end of the software development cycle, when the design, build, and test phases have already been completed.
However, Ferrari says that in this new world of edge computing and zero trust networks, security needs to be baked into the development cycle. “DevOps becomes DevSecOps because “it’s more difficult to retrofit security with assessing vulnerabilities and hardening security with patches. Considering security early results in faster release cycles for deployments,” he adds.
Companies with heavy legacy systems to support are sure to put up some resistance to the move toward zero trusts. But, as more and more data-rich and connected devices come online— current predictions suggest more than 40 billion will be in operation by 2025—that reluctance is sure to fade, in favor of embracing computing at the edge.
Embrace AI to reinvent your edge computing. Our executive-level online program & speaker series provides actionable insight for digital transformation, artificial intelligence, directly from Silicon Valley innovators with first-hand industry experience.