Securing the Edge: How to Keep Your Internal Network Secure with Edge Computing Systems
Best Practices for Safe Edge Computing for AV Management
Many of you reading this already understand edge computing, although it probably means different things to different people. By definition, edge computing is done at the edge of the network, close to the data source. In cloud computing, data is sent back to the cloud for processing. So is it just a fancy way of differentiating between distributed and centralized computing, some older terms for similar concepts? Perhaps, as the computer and software industries excel at developing new terminology for old concepts applied to new platforms.
We joke a little here, but let's look at an example. Apple's fancy term for software-enhanced photography and computational photography is taking advantage of the considerable processing power of today's iPhones to do some serious editing, enhancement, and tricks with images. Could that be done in the cloud? Yes, as Google Photos does with any browser-equipped device. So what are the advantages of doing this at the edge? If you have the computational power, edge computing can enable faster, more responsive applications. And the less potentially sensitive information that has to travel back and forth from the cloud, the more secure the application.
Security is important in edge computing. And edge computing is important in network monitoring and management of AV devices in internal networks. You don't want all those inherently insecure devices directly connected to the internet, as they present many attack points into your network for would-be hackers. Instead, an edge appliance or computer sits at the "edge" of your network, monitoring and collecting information and sending it back to the cloud to aggregate into other management systems. But how do you ensure the security of the edge appliance sitting in your Scottsdale, AZ offices from the wild and woolly internet? That’s what we explore further in this blog post.
SEE ALSO: What is IoT Security, and How Does It Affect Your AV Systems?
Why Use Edge Computing for AV Device Management?
It’s worth defining edge computing here for the purposes of this discussion. In this case, edge computing monitors, patches, remotely accesses, and updates software on an appliance that sits on the edge of your private network, having access to your AV devices like displays, cameras, room control systems, and more. Why do it this way? The protocols these devices support are inherently insecure for the general internet, be they unencrypted HTTP, Telnet, or unencrypted socket methods. Your network firewall should not open up a port to enable these to connect directly to the internet, as that opens a security risk. Once an attacker gets inside your network firewall, there are many ways to exploit other things inside your network. The edge device can talk to your AV devices inside the secure network, collect the information, and then encapsulate and encrypt it for safe transmission to cloud-based applications.
Protecting the Edge Computing Appliance
OK, so you're inherently insecure devices only talk to the edge appliance. How do you protect the edge appliance from hacking? Some of the same principles apply here. If the device supports inherently insecure protocols, don't open up a port to use them. From an administrative standpoint, eliminate any back door capability like Linux standard administrator passwords, and update access passwords regularly. Don't allow SSH interfaces into the appliance. While SSH has inherent encryption security compared to Telnet but can have potential issues with accumulated key storage and management.
Aside from protocols, edge appliances can be protected using encrypted disks. Even if someone physically removes the disk, the key to access it still sits within the appliance hardware itself. Trusted hardware security is another measure of protection. These methods can ensure that disks can only be accessed through a key exchange controlled by a chip on the device hardware. The operating system on the device can also be secured by checking that it is booting with the trusted chip; the machine won't let the OS boot without this check. Further on the OS integrity spectrum, immutable operating systems are read-only, and the device pulls down an image securely from a host and boots that. There are no methods to update the root otherwise to install or attach malicious software to the device.
How Does This Help IT and AV Organizations?
Using safe edge computing methods allows you to run modern remote monitoring and management solutions securely, keeping your AV devices off the internet while gaining all the advantages of remote management. Edge computing also keeps your internal network safe with no-exception firewalls that minimize attack points for would-be hackers.
Want to learn more about edge security best practices and solutions for your AV infrastructure? Get started by reaching out to Level 3 Audiovisual or clicking the chatbox below to connect instantly. We look forward to working with you.