Close

See How Your Peers Are Moving Forward in the Cloud

New research from CDW can help you build on your success and take the next step.

Nov 27 2024
Security

Physical Security, Hardening and Access Control at the Network’s Edge

Edge computing can enhance citizen services, but equipment must be properly hardened against physical and environmental threats.

Cities and counties have started deploying servers and data centers at the network’s edge in support of everything from water infrastructure to real-time traffic controls, power grid management and more. By moving compute instances close to data sources, they’re able to deliver real-time analytics and other key capabilities.

But those edge servers and edge data centers are vulnerable.

An edge data center may live in a closet, or even a shipping container that can be deployed as needed. Unlike hardened data centers, “these edge environments don’t usually have redundant systems to protect from things like out-of-range temperature, humidity and moisture levels or physical disruption from natural disasters,” says Cameron Walker-Miller, director of standards and technology at the Security Industry Association (SIA).

These devices are also vulnerable to vandalism, intruders and physical manipulation. They typically don’t have the rigorous protections a conventional data center has, yet they must be defended just as carefully.

Click the banner below to explore elements of good cyber resilience for government assets.

 

Hardening Edge Computing Devices Mitigates Threats

Security is a paramount concern for data centers and servers located at the edge.

Bad actors may try to tamper with edge devices, “to change something on them, to get information out of them or just to disable them,” says Shahin Tajik, assistant professor of electrical and computer engineering at Worcester Polytechnic Institute.

Then there’s the weather. “Extreme climate conditions or power outages can cause major disruptions that affect government services,” says Bruce Kornfeld, chief marketing and product officer at StorMagic.

“Hardening edge servers and data centers is key,” he says, especially when one considers “the critical nature of applications running at the edge.”

With storms growing more frequent and more severe, government entities need to be especially sensitive to the resilience of their edge infrastructure.

“During and after natural disasters, hardened data centers enable state and local governments to ensure the reliability and security of their most important applications,” Kornfeld says.

For government IT teams, hardening at the edge helps to ensure they can meet their organizational and statutory obligations. Agencies may have “strong compliance and service-level agreements they must meet,” says Akamai’s Advisory CISO Steve Winterfeld. “This requires the edge servers running operations to be protected from disruption from both natural disasters and active adversaries.”

READ MORE: Penetration testing is important for ensuring compliance.

Securing Edge Devices With Ruggedization and Redundancy

A number of tools can help make edge servers and data centers safe from both environmental impacts and adversarial actions. Temperature and humidity sensors, fire suppression systems and flood sensors all can play a role here.

“In general, any edge computing device that is exposed to harsh environmental conditions must be hardened against the elements to ensure reliable operation and prevent data loss or corruption,” says Eduardo Blanco, executive consultant for platform security at IBM.

“This may involve using ruggedized enclosures, redundant power supplies and other protective measures to ensure that the device can operate reliably in harsh conditions,” Blanco says.

Built-in safeguards can also help keep bad actors at bay in a way that allows maintenance teams to deliver service. “Physical security features, such as intrusion detection systems, are another form of built-in physical hardening,” Kornfeld says.

A variety of tools and features can be added to further secure these resources. For example, IT teams might use ruggedized, lockable enclosures that protect against both physical tampering and environmental risk. “For physical security, edge servers should be in secure cages with cameras for remote monitoring,” Winterfeld says.

And IT can apply the same rigorous approach to security within the servers themselves, with an eye toward defeating any attempt at physical intrusion. For example, “for each motherboard that you use for a data center application, you could protect it by putting it into a secure enclosure with sensors around it,” Tajik says. “As soon as somebody tries to tamper with your system, there is a sensor that raises an alarm.”

EXPLORE: Here’s how good cyber hygiene keeps agencies a step ahead.

Using Access and Identity Control for Secure Management

In addition to physically securing edge servers and data centers, IT teams need to think about the ways in which individuals gain access to these facilities.

“Using proper authentication and identity and access management to secure access to edge facilities and devices ensures that only authorized personnel can access the devices and facilities,” Blanco says. “It helps prevent unauthorized access or data breaches, which can have serious consequences in life-critical or mission-critical applications.”

IAM can also serve as a way to enforce least-privilege access. “You might be able to segment those edge devices into different rooms, depending on the sensitivity of information that they process,” Tajik says. “Not every engineer should have access to every room.”

Cities and counties can go even further, securing the computers themselves against malicious intrusion with data encryption and key management. “The best practice is for organizations to encrypt all sensitive data, both at rest and in transit. Software encryption technology has advanced significantly over the past few years, so that it is much easier and less expensive to deploy encryption algorithms than before,” Kornfeld says.

LEARN MORE: Eight ways to achieve interoperability between zero-trust tools.

Modernized solutions support this approach. “Hyperconverged Infrastructure solutions are typically used at these locations due to their small physical size and ease of management, and most offer built-in data encryption options,” he says.

In addition to data encryption, “a robust key management system that supports full lifecycles for encryption keys is critical,” he says. “These best practices will ensure compliance and security.”

From a strategic point of view, “zero trust is a must for protecting the edge,” Winterfeld says.

Cities and counties can follow the National Institute of Standards and Technology’s SP 800-207, “which calls out network access and microsegmentation,” he adds. “With many breaches resulting from stolen accounts, organizations need to have strong validation and must work to minimize impact through segmentation and rapid detection.”

A zero-trust approach ensures that “anything outside or within the security perimeter is not trusted, and everything attempting to gain access must be verified. Access accounts can be managed, and devices tracked and monitored,” SIA’s Walker-Miller says.

Many states and counties already are putting in place these types of controls in their conventional data centers. By implementing that level of cyber protection in their edge infrastructure, they will be better able to secure those devices, keeping sensitive data safe and mission-critical processes up and running.

South_agency/Getty Images