The cybersecurity issues of the Cloud, Edge and IoT trichotomy are inevitably related to all of these complementary technologies.
Cloud Computing is the delivery of on-demand computing services without direct active management by the user. These services range from applications to storage and processing power obtained from the remote data centres and available large number fo users over the Internet.
The term Cloud Computing emerged in the early 2000s but the concept of computing-as-a-service has been around for much longer. In 1960s computer agencies would allow companies to rent time on their expensive mainframes as it was much cheaper than if a company buys one itself.
Traditional technologies, which Cloud Computing somewhat has become, are no longer addressing the growing needs of modern business as the applications that power the Internet of Things (IoT) often require response times that cannot be fulfilled using traditional models of data transmission and processing.
Increasing speed and cutting on latency lye at the heart of the model of moving data processing closer to the IoT devices, also referred to as ‘Edge Computing’. The latency issue in this type of computing is solved by repositioning the task of initial data processing to the connected devices and using local (edge) data centres instead of central cloud computing servers.
Edge Computing is a distributed computing paradigm that brings computation and data storage closer to the location where it is needed, to improve response times and save bandwidth. In other words, Edge Computing is done at or near the source of the data (usually coming from numerous IoT devices) instead of sending it to the cloud data centres to perform computation.
Many people believe that Edge Computing is the newer technology that will take over Cloud Computing. In fact, Edge Computing does almost the same what Cloud Computing does but closer to the data sources.
It, however, does not mean the Cloud Computing will disappear. As we learn more, we understand that both Cloud and Edge computing serve different but complementary purposes. Implementing Edge in a Cloud computing model ensures optimised data, increased performance, and ease of data access to customers. Organisations would benefit from being able to analyse critical data, particularly those coming from IoT. This happens in near real-time at the source and data latency gets reduced.
Each of the Cloud, Edge and IoT trichotomy constituents, understandably, contributes to the cybersecurity concerns.
Cloud Computing acceptance, particularly acceptance of the public or hybrid clouds, is still hindered by the cybersecurity issues. Having your data stored at an unknown location of various data centres, using the processing power of equally unknown computers or using somebody else’s infrastructure or applications looks insecure to many people.
Some security issues such as data loss, phishing or using your computer as a bot in botnets (aka ‘zombie nets’) pose serious threats to an organisation’s data and applications. Simply, there is no at all or is very little customer’s control of the remote Cloud Computing resources.
Besides, moving from one cloud computing service provider to another can be complicated by the incompatibility issue, which can provoke some cybersecurity issues (e.g. incompatibility of Google and Microsoft cloud).
Another potential security issue is related to the control of physical security as the company using Cloud Computing services does not influence the equipment’s security.
Furthermore, there is still no common industry standard for ensuring the integrity of data or complementary laws between countries of service providers and service users. Not less important is issue of encryption. The encryption and decryption keys are not fully controlled by the service users, as it should be.
‘Shadow Cloud’ is another potential security issue. It happens when employees use ‘Software as a Service’ (SaaS) applications, which are not obtained or approved by the organisational IT department.
In our previous posts, we have pointed out that the Edge Computing is largely associated with the Internet of Things (IoT), hence it inevitably inherits (still) disreputable security of these devices. Although IoT applications expect strong security protection, severe resource constraints and insufficient security design are two major causes of many security problems in many IoT applications.
Many existing security mechanisms, including advanced security algorithms such as Attribute-based Access Control, Group-signature based authentication, homomorphic encryption and Public-key based solutions, demand of the IoT device to have a high level of computation power and memory space to run it. However, the IoT devices, such as smart meters, smart lockers or smart cameras, do not have it.
Moreover, the devices used at the local Cloud Computing data centres are not either designed or made with appropriate cybersecurity in mind. Also, these devices are not diligently updated like those in large data centres. Hence, each of these devices embodies potentially vulnerable endpoint, which enables access to the main networks and big data centres.
Paradoxically, wider spreading of the edge computing device may offer greater security by reducing the distance of the data transmission to the major data centres – thus offering fewer opportunities for the data interception. However, by more data residing at the edges of the networks makes central cloud storages less attractive for hacking but increases the appeal of the local (edge) cloud storages.
The Edge Computing also improves security by encrypting data closer to the network core, while optimising data laying further from the core for performance. However, the vast majority of edge devices do not perform authentication for the third-party Application Programming Interfaces (APIs) and do not encrypt data by default. This makes these devices rather vulnerable as cybercriminals can easily take data from the IoT devices or infect them.
Furthermore, the vulnerability of the IoT devices used in the context of Edge Computing, allows for the distributed denial-of-service (DDoS) attacks, which are becoming larger and more common than ever. The expanding artificial intelligence (AI) and 5G networks can allow attackers to perform these attacks with far greater speed and effectiveness.
A word on remedies
Setting software on automatic update always when possible is, for example, a habit that will reduce a need for remembering this important security task. This is particularly important for cybersecurity applications such as firewalls and antivirus software. Also, introducing advanced cybersecurity technologies, such as artificial intelligence based protection, can significantly reduce the cybersecurity risks.
Personal cybersecurity hygiene can also help when dealing with any or all of our trichotomy constituents. However, the cybersecurity concerns of the Cloud, Edge and IoT trichotomy are very complex and interrelated – and will become even more multifaceted as new devices are added to our digital networks. Addressing these concerns requires complex technology solutions as well as adequate professional knowledge and experience.