Sunday, June 5, 2022

Are We Pushing It To The Societal Limits With Edge Computing? 5 Realisms To Consider

 


Whenever you open up an account on either the AWS or Microsoft Azure, you get a whole, wide world open to you that were once thought to be unfathomable.  In fact, I was just talking about this with an old professor of mine last night. 

I did my thesis with him when I was doing my MBA, and back then Windows NT and Netscape were some of the biggest technology platforms out there.  I asked him point blank:  Did we ever think that technology would evolve to the point where it has today?

Of course, his answer was no, as mine would be as well. Back then, creating an Oracle database On Premises would have easily cost around $30k.  Not to mention that their licensing was almost impossible to understand.  But now, with just a few clicks of a mouse, and five minutes, you can create a hosted Oracle Enterprise Database server for just around $70.00 a month or so.

Now with these Cloud juggernauts, you can access shared resources and datasets whenever and wherever you may be at the world.  Heck, you can even create your own Virtual Datacenter and have that stored across different regions in the world as well. 

But as all of this advancing is forward, so do our needs and wants.  In other words, we can’t be happy with what we have, we always want more and more, which is simply human nature.

A perfect example of this is what is known as “Edge Computing”.  There is no doubt that the AWS and Azure can handle gargantuan amounts of data (we are talking about Petabytes here), and they are very quick in processing.  But now, we want this to happen even faster. 

The basic premise behind Edge Computing is that the Virtual Machine (VM) that stores and processes your data will actually be closer to the sources of data that is being fed into it.

The idea with this is that the transaction times for your data queries will be even faster, and you will get what you need even quicker as well.  The concept sounds relatively simple, but it can be complex to deploy, given whatever your requirements are.  The technology to do all of this is still relatively new, so along with that, comes the security risks.

I came across an article that actually addresses these fears, so I wanted to share that along, in case your company has either implemented it, is planning to do so.  Here we go:

1)     Malicious payloads can be inserted easier:

Web applications have always been a favored target for the Cyberattacker, especially when it comes to the backend, primarily the database.  From here, the hacker can then inject and launch SQL Injection Attacks, in an effort to capture the PII datasets that are stored in them.

2)     The attack surface is increased:

This line of thinking is normally associated with IoT devices, because as you add more devices, the interconnectivity grows even more.  Although with Edge computing the gap between the VM and the data feed has actually become narrower, in some respects, it has also been widened as well.  This also makes it just as vulnerable to Cyberattacks, if not more than with IoT devices.

3)     Routing Attacks could increase:

When the data source is close to the server which is processing it, this makes it even mor tempting for the Cyberattacker to try to conquer.  The primary case for this is that many businesses still neglect to fortify their endpoints even in the most traditional of deployment models, so the chances are even greater of unprotected endpoints with Edge Computing.  Not only will it be easier to capture the PII datasets, but there are even greater probabilities that further tampering with the network flow of communications will occur due to the close proximity of the data source to the VM.

4)     DDoS attacks will still occur:

This is an acronym that stands for “Distributed Denial of Service”.  This is where a server is bombarded with malformed data packets and web requests where it totally drains it of its processing power, and the server crashes as a result.  These are probably some of the oldest threat variants in the book, but they are still widely used by the Cyberattacker in different flavors. But once again, by having the data source so close to the VM, it will be far easier to launch these kinds of attacks, but in a rapid-fire succession.

My Thoughts On This:

So now you might be asking, how can you mitigate the chances of happening to you?  Well actually, there is some good news here, believe it or not.  If you have a Cloud based deployment in which you plan to deploy Edge Computing, your provider will already have a great set of tools that you can use. 

I know may be sounding a little biased here, but my hats go off to Microsoft Azure in this regard.  Although the number of security tools they have in stock may overwhelm at you first, they are quick to install and will keep an eye on your Edge Computing setup on a daily, real-time basis. 

But you should probably consult with a Cloud Services Provider first to make sure that you are planning to use the right tools.

Second, follow an established frameworks available from the Cloud Security Alliance (CSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Institute of Standards and Technology (NIST). 

This will help you set up the right set of controls that you need in order to come into compliance with the data privacy laws of the CCPA, GDPR, HIPAA, etc., as it relates to Edge Computing.  The very last thing you want is to face an audit and steep financial penalties.

But now all of this comes to an interesting question:  As a digital society, are we moving way too fast?  Yes, and I will be blunt, I think we are moving too fast.  We need some time to settle down, especially with what we have been through the last two years with COVID-19 and the emergence of the permanent Remote Workforce. 

Really in the end, does getting answers to data queries a few seconds faster really mean anything in the end by using Edge Computing?  Not, it does not. As long as we can access it safely and securely within a reasonable quick timeframe is all that should matter.  We are now even pushing it with the adoption of the Metaverse. 

Is it really needed now?  No it is not.  Let us take some time, slow down, and enjoy the great stuff in technological advancements that we have right now before rushing off to find the new, next great thing.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...