What is the security impact of using IoT edge devices to enable business decisions?
In October 2014, the IoT World Forum Architecture Committee published a seven-layer IoT reference model, in which layer three is edge computing.1 This layer is responsible for facilitating connectivity and analysis between physical devices, applications and business processes. As more businesses embrace this framework, securing the edge computing layer will be critical in enabling trustworthy business decisions. Fundamental processes like the ability of edge devices to authenticate, authorize and discover other devices and services will need to be analyzed through the security lens.
For legacy devices, businesses may choose to retrofit them with new capabilities to make them a part of their connected infrastructure. For example, manufacturing companies increasingly integrate their industrial systems in the field to optimize decision making and production. However, this may make it more difficult to implement authentication, authorization or encryption controls on these modified devices. Fully protecting this range of distributed devices will require businesses to emphasize and extend their security footprint far beyond existing borders.
Prioritize protecting edge devices Unlike traditional computing devices, IoT edge devices are typically embedded sensors and controllers with fixed functions and the ability to perform specific tasks. Smart meters, for example, allow two-way information flow between the electricity utility and customers. Traditionally, these devices are deployed outside the security perimeter and, in some cases, directly connected to the Internet. Since many device developers are not security specialists with a thorough understanding of potential threats, physical protections are not universal features of IoT edge devices. As a result, there are numerous ways to physically tamper with them.
Boost security for edge device infrastructure As businesses delegate increased authority to edge devices, they will need to pay even more attention to fundamental security controls like data protection, auditability, privilege management, vulnerability management, device authentication and network segmentation. The Shellshock vulnerability affected not only Linux-based servers and desktops, but also many IoT devices that used some variants of Linux.2 Exacerbating this issue was the lack of patching or anomalous activity detection capabilities in these devices. To avoid similar challenges, businesses must invest in ecosystem hygiene—integrating techniques to patch and securely update IoT devices and their configurations to reduce the impact of vulnerabilities spreading through the environment.
Establishing trust zones, wherein enterprise resources with similar security requirements are placed in the same network segment, has proven to be an effective risk mitigation technique in various enterprise systems. Businesses can extend this practice to edge infrastructure where devices need to be separated by their inherent capabilities and security features. It will be important to allow edge devices to communicate across different trust zones as network topologies are modified. To enable business decisions at the edge, businesses must ensure that edge device interaction is governed by appropriate authentication and algorithms that can take autonomous actions, and that the actions being performed are authorized. Intel’s IoT Gateway is an example of a solution to extend the capabilities of legacy devices and connect them to a next-generation intelligent infrastructure.3 This platform enables businesses to setup secure connections between devices in different trust zones, as well as build custom applications to manage authentication and authorization. The platform includes security management capabilities for resource-constrained devices, enabling cloud connectivity and more. Yet another way for businesses to boost security is to implement on edge devices foundational security controls like immutable identification and whitelisting of allowable agents and applications. Include system context in security planning As more decisions are made at the edge rather than at the core controller, context-awareness capabilities will underpin real-time decision making. Businesses should make sure intrusion detection and mitigation techniques take into account device behavior, its relationship with other devices and the overall context of services being provided. Is the device providing mission-critical data? Is it passively collecting data, or also responding and actuating? Is it part of a cohort of devices that depend on each other for decision making? Security planning needs to be holistic, taking into account the entire context of the system. Context dependence will drive physical and logical security models. To that end, Cisco is developing a distributed computing infrastructure to support edge analytics, which it calls “fog computing.”4 Using Cisco’s IOx capability, businesses can develop, manage and run applications that are closer to where actionable data is generated, and then delegate authority for pre-specified decision making. They can also build security capabilities using the IOx platform and develop use cases that expand security planning to perimeter and edge devices. Solutions like this will help businesses understand the interactions of devices, profile their activities and respond appropriately.
Manage edge intelligence with new governance model Data governance, communication and privacy models must keep pace with new frameworks and architectures being introduced to build end-toend IoT systems. As edge devices communicate and make decisions based off telemetry from various sources, it will be critical for businesses to maintain supervisory control. The nature of control needed will drive ecosystem requirements—such as determining whether cloud or private network solutions are preferred. Businesses need to architect a hierarchical supervisory controls model that optimizes the right security controls for the right business processes to achieve the full benefit of a flexible infrastructure. Unfortunately, security planning must also anticipate the likelihood of a breach—no organization seems immune from attack. During a cyber-attack, the supervisory control model must balance requirements for resiliency and availability—minimizing downtime—for ongoing device operations. Mocana, a company that focuses on securing non-traditional endpoints, has developed an IoT device framework for protecting edge data and enterprise communications. This framework consists of a range of capabilities— including key management, secure wireless and strong encryption—required for management of a distributed IoT infrastructure. Mocana also provides an API for rapid deployment of secure IoT devices that conform to business requirements and governance models. Another option comes from FogHorn Systems, which is developing an IoT application deployment platform that supports delivery and management of host applications embedded in edge devices.5 Businesses can use the platform to distribute applications from platform-as-a-service (PaaS) to onsite sensor networks. The FogHorn Edge Platform delivers service level agreement (SLA)-sensitive security applications to the edge, which can be triggered based on specific conditions. Conclusion Edge devices will have a profound impact on the security infrastructure, as IoT becomes an integral part of business in the digital ecosystem. Accenture recommends that businesses work to understand and proactively address the security implications of decisions being made at the edge. Managing and safeguarding edge devices, as well as the end-toend set of technologies that enable intelligent decisions, will be essential to future operations.