Securing IIoT and Edge Computing by means of Confidential Computing
There are clear advantages of Edge Computing solutions in the world of Industrial IoT (IIoT). These transfer part of the data processing to the edges and reduce unnecessary network traffic. Alas, the model is associated with information security challenges.
Confidential Computing is a great candidate for resolving these One of the major essences of industrial IoT (IIoT) is increased productivity and reduced TCO. This is achieved using multi-purpose and multi-capabilities (aka Smart) edge devices and Artificial Intelligence (AI) analytics performed close to the IoT devices. But this has several associated challenges:
- The frequent and bi-directional massive data transmissions to and from the IIoT devices contribute to the technical burden associated
- As many IIoT applications occur in remote sites, one can assume that the networking part (i.e., amount of data and synchronization) demands attention and careful planning.
- The need for prompt actionable information (i.e., real-time analytics leading to actions) is challenging.
Hence, edge computing, as a distributed computing solution aimed at offering localized computing platforms, is frequently used to ease the internet working part.
So what is precisely edge computing?
A simplified description of edge computing is a decentralized cloud environment where distributed storage and data processing is performed closer to the endpoints rather than at the data center or the cloud. Typical IoT endpoints include smart meters, physical phenomenon sensors, metering concentrators, CCTV cameras, traffic monitoring and control units, remote PLC controllers, and other automation-enabled devices, among many others. As stated above, adding scaled-down cloud computing resources (Like AWS, Azure, and Google) to the IIoT gateway at the edge enables local storage and data processing.
This decentralized computing presents fascinating benefits when compared to centralized cloud computing as it allows for the following:
- Higher reliability, as data avoids interrupted communication if the link is down while traversing to a central cloud.
- Reduced latency and consumption of network resources due to localized networking.
- Improved security and compliance with the regulation as data stays local and is not exposed when traveling over public links.
Cyber Security concerns in Edge Computing
Obviously, nothing is perfect. The shift in deployment practices (i.e., decentralization of processing) eliminates the protective physical, access, and network security umbrella the data center provides. Edge Computing deployments are also associated with a shift in the traditional IT and cyber security models most businesses use. For example, machine-to-machine (M2M) applications lack human supervision, and in so many cases, the IoT devices are installed in untrusted custody. Thus, edge security threats can be severe. Furthermore, local computing units process sensitive data needed for actionable decisions. This, in turn, means that they require higher-level protection. Typically, the IoT gateway can be protected, and dedicated solutions are available in the market.
First, however, one should ask himself what will be the most efficient method to mitigate cyber threats on the computing infrastructure on which, in many cases, AI and ML functionalities are performed. “Digital business and edge computing have inverted access requirements, with more users, devices, applications, services, and data located outside of an enterprise than inside” analyst company Gartner wrote. Not surprisingly, edge computing adopters appear to be aware of the potential threats. A survey of over 1,500 companies by US telecommunications giant AT&T’s cybersecurity division found that companies pursuing edge computing use cases typically expect to spend between 11% and 20% of their investment on security.
Can Confidential Computing lower the TCO in new IIoT use cases?
The immediate answer would be, Yes it can. Without confidential computing, enterprises and factories would have to invest tremendous money in deploying traditional cyber security methodologies (Perimeter-based techniques). They will also search for other technologies geared to protect the stand-alone edge computing infrastructure. In IIoT environments, there is a need to secure the external access, a need to secure the IoT gateway and a need to secure the computing infrastructure on which the collected data is analyzed and processed.
The main fear arises from behind the external perimeter breach, a breach that puts the intruder behind the safe zone and within easy access to the local Crown Jewels. Should Confidential Computing solutions be used, they will secure the whole computing stack of the commuting infrastructure (e,g. servers) and hence lower the TCO, eliminating the need to use additional means of Cyber Security. Moreover, such scalable solutions enable a “pay-as-you-grow” approach, which means that the solutions are tailored to the exact expansion of the IIoT use case.