Why zero trust must live on the edge

Edge Computing’s diverse platforms defy easy consolidation into a single security stack. This leaves networks vulnerable to attacks from endpoints they never see coming. Yet edge and IoT platform vendors have only recently moved away from the “trust but verify” philosophy and instead started to “design in” technology that treats every endpoint and every identity as a new security perimeter. .

The truth is, most Edge and IoT platforms in use today weren’t designed with enough security to withstand endpoint attacks. CISOs struggle to integrate these platforms into a single security stack because legacy edge and IoT platforms are designed to rely on server and operating system security. Cross-domain trust relationships that do not enforce least-privileged access per account or per resource leave large swathes of endpoints vulnerable to intrusion and breach attempts.

To avoid devastating breaches, CISOs must secure edge computing and IoT platforms across the entire stack they rely on. Hardware, operating system, application platform, data, network security – enterprises need to consider how zero trust can meet the challenge of securing full technology stacks for edge computing and IoT networks.

Hyperscalers Compete to Secure Edge and IoT Computing

Amazon Web Services (AWS) for the Edge, Microsoft Azure Stack Edge, and Google Cloud Platform (GCP) Distributed Cloud each focus their R&D on helping businesses solve edge computing, IoT, and cybersecurity challenges. Of the three, AWS is the market leader in defining how the IoT can contribute to a Zero Trust Network Access (ZTNA) framework by prioritizing machine identities as the core zero trust security strategy of any organization.

At AWS re:Invent 2022 last year, AWS launched IoT ExpressLink. AWS designed this remarkable cloud service to accelerate new IoT devices through development cycles and then release them with built-in AWS IoT Device Defender. AWS also continues to make enhancements to AWS IoT Greengrass, adding features requested by customers who want to automate large-scale patch management across fleets of IoT and network devices. AWS says standardizing its cloud platform for managing and securing Edge and IoT devices brings CISOs and security teams closer to their single goal of securing all devices.

One of the main reasons AWS has such a strong leadership position in securing edge and IoT devices is the complementarity of Amazon’s zero-trust vision with the NIST 800-207 architecture standard. As a result, AWS customers using ExpressLink and Greengrass as part of their ZTNA infrastructure can secure the machine identities of each Edge, IoT, and IIoT sensor at the operating system level and, if necessary, at the kernel level.

Start designing zero trust in edge and IoT networks

“Zero trust is being considered or deployed by most enterprises, so the debate over whether zero trust is necessary is over; however, well over half will not see the benefits,” Kapil Raina, vice president of zero trust marketing, identity and data security at CrowdStrike told VentureBeat in a recent interview. “To overcome these challenges, enterprises must operationalize and make zero trust frictionless with a single platform and sensor architecture – and that means endpoints, workloads and other technology areas.”

Gartner’s 2022 Market Guide for Zero-Trust Network Access is a valuable reference for learning more about Zero-Trust security and considerations in creating a ZTNA framework.

Hyperscalers have the advantage of providing an integrated platform that includes Edge, IoT, and Zero-Trust applications and security tools. However, many organizations still face the challenge of securing edge and IoT devices on legacy technology stacks. Here are areas where organizations struggling with multiple Edge and IoT technology stacks can start.

Prioritize IAM and PAM on the ZTNA roadmap

Most, if not all, edge and legacy IoT platforms were not designed to support Identity Access Management (IAM) and Privileged Access Management (PAM) systems, including securing administrative credentials and passwords. As a result, there was a 34% increase in IoT security vulnerabilities in the second half of last year alone. With cyberattackers focusing on how to take control of IAM and PAM servers, securing these two systems should be a priority.

Edge and IoT sensor identities: moving targets to protect

As Edge, IoT, and IIoT sensors and their supporting networks become more complex, it’s increasingly difficult to have a unified IAM strategy for all human and machine identities. 25% of security managers say the number of identities they manage has increased 10 times or more in the past year. In addition, 84% of security managers say the scope of identities they manage has doubled over the past year. Forrester’s estimate is that machine identities (including bots, robots, and IoT) grow twice as fast as human identities on organizational networks.

Design zero-trust frameworks to authenticate mobile edge, IoT, and IIoT devices

Mobile devices that are critical to logistics, supply chains, warehouse management, and strategic sourcing are one of the fastest growing threat vectors. Gaining visibility and control over mobile devices starts with a unified endpoint management (UEM) platform that can provide device management capabilities that can support device-neutral requirements. location. These requirements include cloud operating system delivery, peer-to-peer patch management, and remote support.

CISOs are exploring how a UEM platform can help solve their technology stack challenges while improving the user experience with endpoint detection and response (EDR). Gartner’s latest Magic Quadrant for Unified Endpoint Management tools defines IBM, Ivanti and VMWare as market leaders. Gartner observed, “Ivanti Neurons for Unified Endpoint Management is the only solution in this research that provides active and passive discovery of all devices on the network, using several advanced techniques to discover and inventory unmanaged devices. It also applies machine learning (ML) to collected data and produces actionable insights that can inform or be used to automate anomaly remediation.

Zero-trust “design in” must be continuous to be successful

Amazon continues to drive a rapid pace of innovation by extending its AWS platform to edge and IoT management, zero-trust security, and device monitoring. For enterprises looking to migrate workloads to the cloud and launch edge and IoT-based strategies, hyperscalers are compelling evidence that their approaches provide the necessary visibility and control.

For companies that aren’t ready to move to a fully cloud-based platform, or are deeply invested in their current technology stacks, pursuing a zero-trust strategy must start with securing IAM endpoints and PAM. Getting IAM and PAM upfront when building a ZTNA framework is critical to enforcing least-privileged access at the device and resource level.

Another point to note: Edge and IoT networks are becoming self-healing, further extending their ability to enforce least privileged access.

Srinivas Mukkamala, chief product officer of Ivanti, told VentureBeat that “automation and self-healing improve employee productivity, simplify device management and improve security by providing complete visibility across all assets. of an organization and providing automation across a wide range of devices”.