Whenever you open up an account on either the AWS or Microsoft
Azure, you get a whole, wide world open to you that were once thought to be
unfathomable. In fact, I was just talking
about this with an old professor of mine last night.
I did my thesis with him when I was doing my MBA, and back
then Windows NT and Netscape were some of the biggest technology platforms out
there. I asked him point blank: Did we ever think that technology would
evolve to the point where it has today?
Of course, his answer was no, as mine would be as well. Back
then, creating an Oracle database On Premises would have easily cost around $30k. Not to mention that their licensing was
almost impossible to understand. But now,
with just a few clicks of a mouse, and five minutes, you can create a hosted Oracle
Enterprise Database server for just around $70.00 a month or so.
Now with these Cloud juggernauts, you can access shared
resources and datasets whenever and wherever you may be at the world. Heck, you can even create your own Virtual
Datacenter and have that stored across different regions in the world as
well.
But as all of this advancing is forward, so do our needs and
wants. In other words, we can’t be happy
with what we have, we always want more and more, which is simply human nature.
A perfect example of this is what is known as “Edge
Computing”. There is no doubt that the AWS
and Azure can handle gargantuan amounts of data (we are talking about Petabytes
here), and they are very quick in processing.
But now, we want this to happen even faster.
The basic premise behind Edge Computing is that the Virtual
Machine (VM) that stores and processes your data will actually be closer to the
sources of data that is being fed into it.
The idea with this is that the transaction times for your data
queries will be even faster, and you will get what you need even quicker as
well. The concept sounds relatively
simple, but it can be complex to deploy, given whatever your requirements are. The technology to do all of this is still
relatively new, so along with that, comes the security risks.
I came across an article that actually addresses these
fears, so I wanted to share that along, in case your company has either implemented
it, is planning to do so. Here we go:
1)
Malicious payloads can be inserted easier:
Web applications have always been a
favored target for the Cyberattacker, especially when it comes to the backend,
primarily the database. From here, the hacker
can then inject and launch SQL Injection Attacks, in an effort to capture the PII
datasets that are stored in them.
2)
The attack surface is increased:
This line of thinking is normally associated
with IoT devices, because as you add more devices, the interconnectivity grows
even more. Although with Edge computing the
gap between the VM and the data feed has actually become narrower, in some respects,
it has also been widened as well. This also
makes it just as vulnerable to Cyberattacks, if not more than with IoT devices.
3)
Routing Attacks could increase:
When the data source is close to the
server which is processing it, this makes it even mor tempting for the Cyberattacker
to try to conquer. The primary case for
this is that many businesses still neglect to fortify their endpoints even in
the most traditional of deployment models, so the chances are even greater of
unprotected endpoints with Edge Computing.
Not only will it be easier to capture the PII datasets, but there are
even greater probabilities that further tampering with the network flow of
communications will occur due to the close proximity of the data source to the VM.
4)
DDoS attacks will still occur:
This is an acronym that stands for “Distributed
Denial of Service”. This is where a
server is bombarded with malformed data packets and web requests where it totally
drains it of its processing power, and the server crashes as a result. These are probably some of the oldest threat
variants in the book, but they are still widely used by the Cyberattacker in
different flavors. But once again, by having the data source so close to the VM,
it will be far easier to launch these kinds of attacks, but in a rapid-fire succession.
My Thoughts On This:
So now you might be asking, how can you mitigate the chances
of happening to you? Well actually,
there is some good news here, believe it or not. If you have a Cloud based deployment in which
you plan to deploy Edge Computing, your provider will already have a great set
of tools that you can use.
I know may be sounding a little biased here, but my hats go
off to Microsoft Azure in this regard.
Although the number of security tools they have in stock may overwhelm at
you first, they are quick to install and will keep an eye on your Edge
Computing setup on a daily, real-time basis.
But you should probably consult with a Cloud Services
Provider first to make sure that you are planning to use the right tools.
Second, follow an established frameworks available from the Cloud Security Alliance (CSA), the Cybersecurity
and Infrastructure Security Agency (CISA), and the National Institute of
Standards and Technology (NIST).
This will help you set up the right set of controls that you
need in order to come into compliance with the data privacy laws of the CCPA,
GDPR, HIPAA, etc., as it relates to Edge Computing. The very last thing you want is to face an
audit and steep financial penalties.
But now all of this comes to an interesting question: As a digital society, are we moving way too
fast? Yes, and I will be blunt, I think
we are moving too fast. We need some
time to settle down, especially with what we have been through the last two years
with COVID-19 and the emergence of the permanent Remote Workforce.
Really in the end, does getting answers to data queries a
few seconds faster really mean anything in the end by using Edge Computing? Not, it does not. As long as we can access it
safely and securely within a reasonable quick timeframe is all that should
matter. We are now even pushing it with
the adoption of the Metaverse.
Is it really needed now?
No it is not. Let us take some
time, slow down, and enjoy the great stuff in technological advancements that
we have right now before rushing off to find the new, next great thing.
No comments:
Post a Comment