For a growing number of companies, the \u201cedge\u201d of the enterprise network is an increasing focal point of IT investments. This is where they are aiming to bolster data storage, processing, and analytics capabilities to generate business insights from data gathered from connected devices and systems.Optical and photonic products manufacturer Lumentum has employed an edge strategy with local compute and storage arrays to deal with the large volume of data generated during the manufacturing and testing process.Tech Spotlight: Edge Computing4 essential edge computing use cases (Network World)Edge computing's epic turf war (CIO)Securing the edge: 5 best practices (CSO)Edge computing and 5G give business apps a boost (Computerworld)Amazon, Google, and Microsoft take their clouds to the edge (InfoWorld)\u201cEdge computing allows us to process and store data coming off the line in real time,\u201d says Ralph Loura, senior vice president and CTO. \u201cWe also employ an aggregation strategy to stream that data into public cloud platforms for data aggregation, processing, long-term storage, and secure partner access.\u201dThe primary security risk is the sensor and tester network and how data gets from those sources to the edge platform, Loura says. \u201cEdge platforms sit in remote locations, and local teams don\u2019t always follow global standards,\u201d he says. \u201cIt takes discipline, and good tools, to ensure that standards are adhered to consistently."Understanding the risksEdge\u2019s promise is a performance increase for connecting many things on the outside to data center or cloud services that are on the inside, creating "a big security challenge and a lucrative target for attackers,\u201d says John Pescatore, director of emerging security trends at the SANS Institute, a provider of technology training programs.Indeed, the edge can be difficult terrain from a data security standpoint for a variety of reasons.\u201cThe obvious risks an organization should consider before embarking on an edge project have to do with the sheer number of devices and supporting infrastructure that populates the edge, and the massive amount of data being generated at the edge,\u201d says Matt Kimball, senior analyst,\u00a0data center, at advisory firm\u00a0Moor Insights & Strategy.\u201cHundreds to thousands of network-connected, data generating devices connected to infrastructure \u2018in the wild\u2019 makes the edge a rich target for bad actors,\u201d Kimball says. \u201cAnd the more important that data becomes to an organization, the more it becomes a target for hackers or groups to exploit for gain.\u201dThe diversity of internet of things (IoT) devices and systems sitting at the edge also creates security challenges, \u201cespecially in the industrial verticals, where decades old machinery and supporting systems that comprise OT [operational technology] are being merged with IT systems,\u201d Kimball says. \u201cThe criticality of many OT environments\u2014power plants, water treatment, refineries\u2014make them targets.\u201dAnother primary concern in edge computing lies in the scale of deployment locations. \u201cInstead of securing a majority of resources in a handful of core locations, the distributed nature of edge computing means that infrastructure, data, and applications could be spread across hundreds or thousands of locations,\u201d says Dave McCarthy, a research director with IDC's worldwide infrastructure practice focusing on edge strategies.\u201cTo amplify this concern, these edge locations often lack local IT staff and do not share the same physical security as their data center counterparts,\u201d McCarthy says. \u201cEdge locations range from remote offices to places like factories, warehouses, retail stores, and schools.\u201dAdding to the security challenge is the breadth and complexity of what the edge entails. Research firm IDC\u00a0is tracking\u00a0edge solutions\u00a0in several categories:\u00a0enterprise IT (such as remote office and branch office systems); industrial\u00a0operational technology (such as systems used in manufacturing); cloud edge offerings (such as Snowcone from Amazon Web Services); and \u201cIT to the carrier edge\u201d offerings from telecommunications providers that might include\u00a05G and multi-access edge computing (MEC).Security immaturityAny of the solutions in any of those categories represents a potential entry point for an attacker, and many of the products and services for edge computing are relatively new, which means they\u2019re somewhat untested.\u201cThe immaturity of the technology and the wide range of vendors providing various forms of edge computing hardware [and] software services is by far the biggest issue,\u201d says John Pescatore, director of emerging security trends at the SANS Institute, a provider of technology training programs.\u201cFor established vendors like Cisco, Google, AWS, Dell, etc., the software is still immature, and we are seeing [a] continuing stream of critical vulnerabilities exposed even in mature products at the edge,\u201d Pescatore says. \u201cThen there are dozens of startup vendors in the market that have no track record in secure products at all.\u201dThe lack of maturity with edge offerings means they are \u201cchock full of vulnerabilities, either via built-in faults or mistakes by [systems administrators] not familiar with the new technology.\u201dFor edge computing to be less of a risk, vendors need to demonstrate extensive security testing of the products and services, Pescatores says. Another step in the right direction: standardization of what an edge server and service really is as well as standards for secure architectures and system configurations from third parties such as the Center for Internet Security. \u201cNone of that has happened yet.\u201d5 best practices for better protectionWhen considering a move from a traditional, single-site data center architecture to edge computing technology, \u201cit is critical to understand that you are expanding and dispersing your company\u2019s exposure to cyber attack,\u201d says Steve Maki, executive vice president of IT at AEI Consultants, a property and environmental consulting firm. The following best practices will help mitigate the risks.Integrate edge into your security strategyBusinesses should think of edge security in the same way they think of the rest of their cyber security strategy, McCarthy says. \u201cIt should not feel like a bolted-on appendage but rather an integrated part of overall security processes, procedures, and technology,\u201d he says.\u201cFrom a security standpoint, each edge node will require the same level of security, redundancy, and service visibility that you engineered into your central data center,\u201d Maki says. \u201cUser and device management across a geographically disperse topology of edge nodes will also present a significant challenge if not designed and deployed correctly.\u201dAEI has deployed multiple layers of security to protect its edge business assets, Maki says. This includes multi-factor authentication, malware protection, endpoint protection, end-user training, and others.Think zero trustEdge locations naturally lend themselves to a zero-trust security model, McCarthy says. \u201cIn addition to hardening edge resources from attacks, it is important to enforce encryption of data both in transit and at rest,\u201d he says. \u201cEdge requires a greater emphasis in certificate-based identity management for both users and the endpoints themselves.\u201dKnow what normal looks likeIt\u2019s possible to analyze the flow of communication to establish a baseline of \u201cnormal\u201d and then evaluate future data flows for abnormal behavior, McCarthy says. \u201cThis is an area where machine learning and AI [artificial intelligence] techniques come together to proactively improve the overall security profile.\u201dConsider security in the buying processAnother good practice is to require edge product vendors to demonstrate security capabilities when responding to requests for proposals, Pescatore says.\u201cMicrosoft didn\u2019t pay attention to security in Windows until enterprises started telling them, \u2018we are going to use Netscape and Linux because these internet worms are killing us,\u2019\u201d Pescatore says. \u201cTwenty years later, Zoom\u2019s CEO had to apologize and also say \u2018security is job 1\u2019 when all the lack of security in Zoom got exposed. Products only get more secure when the market demands it.\u201dPrioritize patchingBecause the technology is still immature, Pescatore says, those companies that actually adopt it should develop their own secure configuration standards and prioritize monitoring and patching of the devices or services, until there are more industry standards.For Lumentum, a key to robust security for edge environments is constant updates of security software. \u201cWe are aggressive about patch management,\u201d Loura says. The company uses centralized configuration management and monitoring tools to ensure that systems in the field are configured and managed per the company\u2019s central design.Essential elements of an edge security strategyAn edge security strategy should include what Matt Kimball, senior analyst,\u00a0data center, at advisory firm\u00a0Moor Insights & Strategy, calls the \u201cfive Ps\u201d: people, policy\/procedures, process, product (technology), and proof.From a people perspective there\u2019s a need for individual training and re-enforcement of training, as well as a cultural mindset. \u201cI believe organizations become too reliant on technology to mitigate cyber security risks, forgetting people are the most susceptible assets,\u201d Kimball says.Policies and procedures are the governance that enables and reminds people to maintain vigilance.\u00a0Process includes the things people must do to fully mitigate risks.Products might be the most challenging of the five Ps.\u00a0\u201cIt\u2019s hard for IT organizations to make sense of what an end-to-end cyber security solution looks like,\u201d Kimball says.\u00a0\u201cFrom hardware to software, from device to server, from network access to infrastructure protection, and from OT to IT, there are literally thousands of [offerings] to choose from.\u201dProof involves the regular testing of products, processes, policies and procedures, and people to ensure cyber risk is truly mitigated, or to find vulnerabilities and shore up those weaknesses.\u00a0\u201cWithout this regular cadence of testing and remediation, cyber security strategies can and will quickly become outdated and ineffective,\u201d Kimball says.Looking aheadThe use of edge computing is likely to rise, as organizations look to exploit IoT and other edge-related opportunities. They will continue to face daunting security challenges.\u201cThe edge is becoming more of a security risk for the simple reason that more enterprises are implementing applications at the edge,\u201d says Bob Gill, research vice president at Gartner. \u201cWith greater numbers, the odds of a \u2018failure\u2019 of course rise.\u201dAnother factor in the rising risk of edge computing is that applications are becoming far more ambitious and well connected to other assets in the enterprise, including back-end systems in the cloud and on-premises, Gill says.\u00a0\u201cNot only are the attack surfaces growing in size, but the blast radius in the event of a security failure is growing as well,\u201d he says.But experts see reasons for hope. \u201cAs the concepts surrounding edge continue to mature, technology suppliers, service providers, and enterprises have developed strategies to mitigate most common concerns,\u201d McCarthy says.They will need to continue those efforts if the edge is to become a more secure place to do business.