The Edge Computing endpoints and Defense-in-Depth Network security issues and recent developments

The Edge Computing endpoints and Defense-in-Depth Network security issues and recent developments

SecuX Author : K. Yang, CISO & CIO, SecuX Technology Inc. 安瀚科技股份有限公司

Edge computing utilizes the distributed technology, including distributed networking, computing nodes, storage resources as well as hardware safety control units and technological integration present in devices and equipment. Devices or equipment for edge computing prioritize the processing of data or information from multiple end nodes or equipment and then send the data or information back to the cloud environment. Contrary to the traditional basic cloud computing environment, it uses the concept of the centralized computing environment in which all data are analyzed and processed on the cloud.

The cloud computing framework outperforms the traditional IT (Information Technology) framework in terms of data or information processing and analysis. Being able to centralize and distribute computational resources, it has proved to be a highly-efficient, reliable, and flexible basic information architecture regardless of the amount of financial and time costs invested and the system performance. There are certain differences between edge computing infrastruture and cloud computing infrastructures. But through strategic integration, it can be implemented onto traditional basic cloud infrastructure for new generation products and information for a complementary affect.

Figure 1. Edge Computing Environment Infrastructure

Figure 1 shows the composition of edge computing environment or the corresponding end devices, e.g. Edge CNs (Computing Nodes) that focus on the receiving of data or information from end edge computing devices and send the data or information back to the cloud computing environment. Edge computing uses end devices such as audio source direction detectors, wireless/wired connection and network flow devices, AR/VR physical devices, space temperature sensors, wearables, or devices or sensors that exploit the technology of visual sensing and detection; to incorporate edge computing develop relavant applications.

In addition, the applications of AI, AIoT (AI + IoT) or Artificial Intelligence of Things, IIoT (Industrial Internet of Things) include intelligence environmental sensing devices in factories, households, cities, sensors for smart homes and for medical uses, devices for robotic automation, smart detectors, production line monitoring and quality control system of intermediate products, real-time alert and response systems for manufacturing, unmanned real-time data transmission devices, sensors, I/O devices, machine vision cameras, and other relevant innovative applications.

The Federal Government of the United States began edge computing projects and programs in 2018. In 2020, the Federal Government started promoting information and applications transfer and application technologies on traditional cloud infrastructure. Applications which are transferred to distributed servers or devices using edge computing can decrease the load of applications on the cloud, and therefore, in the local server, the saving process of an application or data can be accelerated, or the execution performance can be improved so that the delays in sending and receiving messages can be reduced, thereby offering faster access and better performance. The size of the global edge computing services market is forecast to grow at a compound annual growth rate (CAGR) of over 30% by 2022, according to Trend Force, a market research company.

Up till April 2020, relevant standards and active working groups in the international community include the European Telecommunications Standards Institute’s (ETSI) Multi-Access Edge Computing, the Telecom Infra Project’s (TIP) Edge Computing, and so on. On the other hand, the current communities and development on edge computing include the LF Edge Foundation of Linux Foundation project, where there are three stages – Stage 1: At Large, Baetyl, and Fledge; Stage 2: Edge Virtualization Engine, Home Edge, Growth, Open Glossary, and so forth; and Stage 3: Impact, EdgeX Foundry, and Akraino Edge Stack. If you want to learn more about edge computing, relevant working communities can help you out in providing a more in-depth understanding of the current research and development status.

Another example is the Open Stack Foundation’s projects, Edge Computing Group, StarlingX, and Airship. Relevant working alliances also exist, for example, the international working group IoT Edge Computing of Kubernetes and its clusters in different countries which are dedicated to developing and integrating new functions and standards.

Currently, the main challenge to edge computing is that it requires higher transmission quality and more advanced technology. In other words, if you were to combine aforementioned innovative applications in a cloud computing traditional environment without enhancing transmission quality, aside from the identified problems mentioned above, the costs will increase with no guarantees that the performance will meet the requirements. For example, if adopting a solution of AR/VR, the need for high-speed transmission of an enormous amount of data will not be fulfilled in terms of transmission capacity and efficiency, even with the current development of 5G and WiFi-6 in 2020.

Edge computing distinguishes itself from the traditional pure cloud computing (public, private, and hybrid clouds) environments in terms of their designs and deployment strategies. Moreover, cloud computing environments are more flexible and pliant than the traditional IT infrastructure. When cloud computing is incorporated into edge computing, despite differences, no one knows what the integration can do, and it is also too early to comment.

Only when 5G and WiFi-6 technology has matured and become truly universal, can they perhaps, satisfy the essence and key elements of ubiquitous computing. To some extent, they will optimize and realize transmission of large amounts of data. More importantly, product or technology integrations with a variety of information equipment or novel applications can be conducted anytime, anywhere, and the performance can be enhanced with a reasonable amount of invested cost and at a good cost-benefit ratio. Therefore, the combination of higher-quality transmission efficiency and fewer network delays and latency can clear up capability and efficiency problems present in the traditional, centralized cloud computing environments.

The integration of edge computing and the cloud computing environments can effectively diversify risk, as well as alleviate or resolve the security issues existing in the traditional centralized cloud computing environments.

The major function and mission of the Defense-in-Depth Network (DDN), also known as the multiple-layer defense network, is to serve as a security defensive mechanism that strengthens the overall structure.

As shown in Figure 2, the defensive mechanism does not create a barrier that may be invadable, but rather divides itself into Zones 1, 2, and 3 as well as defines Security Check Points 1, 2, and 3. Each zone uses different information security technologies and strategies. The DDN is a comprehensive plan with security strategies and technology application integration, featuring the development of security elements and strategies. In Zone 1, there are access control lists (ACL), host-based and network-based firewalls, cluster anti-viruswalls, web application firewalls (WAF), and honeypot systems that lure and trap hackers.

Zones 2 and 3 contains different kinds of defense systems, including network-based intrusion detection/prevention systems, host-based intrusion detection/prevention systems, and real-time counter-intrusion/response systems along with security mechanisms and strategies for the design, content filtering, access to resources, resource management control of relevant SSLs (Secure Sockets Layer), SSHs (Secure Shell), VPNs (Virtual Private Network), and monitoring systems.

Figure 2. Design of a Defense-in-Depth Network

Edge computing environment can adopt an agile and flexible approach in utilizing DDN design concepts. When using the multi-layer infrastructure and defence in depth deployment methods to analyze independent cloud environments, what security issues would likely arise? Therefore, DDN can be used to identify the appropriate security zone in a timely and flexible manner, in addition to upgrading the deployment of corporate-grade advanced security strategies.

In response to the new market and industry trends, how to strategically integrate Information Technology (IT), Operations Technology (OT), and Communication Technology (CT) effectively will be an important reference concerning the development direction for both new product types and the industry.

The integration of edge computing, new industry applications, the development of the 5G, and incorporating edge computing environments into the cloud computing infrustructure for the next generation products, will surely be the new development trend of the future.

The integration of novel technologies and applications will bring about changes in cloud computing infrastructure, which will cause businesses to make changes or shifts in their information security strategies. In comparison to the traditional IT environments or traditional cloud computing environments, security measures; such as node protection and defense in depth, will be new security issues in terms of security technology and management strategies. It is also expected to exert three major challenges – cost, performance, and security, for companies undergoing digital transformation or developing innovative products.