Summary
Highlights
David McIntyre introduces the SNIA 'Storage Life on the Edge' webcast, focused on security challenges. He introduces the distinguished panelists, Thomas Rivera from VMware and Eric Hibbard from Samsung, and provides a brief overview of SNIA's role in the industry, its reach, and the technologies it covers. A disclaimer regarding copyright and usage of the material is also presented.
David McIntyre sets the stage with a visual representation of the 'chaos at the edge,' highlighting the interconnectedness of cloud service providers, edge networks, cloudlets, 5G, and various IoT applications. Eric Hibbard then elaborates on the ISO definition of edge computing, distinguishing between device, edge, and central tiers, and the different planes of data, control, and management. He emphasizes that the definition and hierarchy of these tiers can be fluid depending on the perspective.
Eric Hibbard clarifies the relationships between privacy, data protection, information security, and cybersecurity, explaining that while they overlap, they are not identical. He highlights that privacy often depends on information security, but not vice versa. Thomas Rivera adds that security forms the foundation, with regulatory compliance often driving security priorities, even when those regulations aren't primarily security-focused.
Eric Hibbard outlines the specific characteristics of edge computing, such as massive numbers of nodes, proximity networks, unfiltered data, harsh environments, hardware and software constraints, high latencies, and heterogeneous nodes. He then discusses the resulting challenges, including the inapplicability of traditional security measures like firewalls, difficulties in orchestration and access control, insecure interfaces, susceptibility to distributed denial-of-service attacks, and an expanded attack surface.
The discussion turns to identifying and addressing threats in edge computing. Eric Hibbard emphasizes a risk-based approach, focusing on critical data and systems. He categorizes threats across nodes (physical security, limited capabilities, unmanaged devices, software vulnerabilities, malware), networking (insecure protocols, denial of service, eavesdropping, spoofing), data (disclosure, corruption, destruction, availability), and applications (vulnerabilities, lack of updates, access controls). Thomas Rivera further explains how to contain or isolate attacks, stressing the importance of understanding the ecosystem layer and the availability of security features like encryption at different tiers.
Thomas Rivera introduces the concept of human safety in security, using the example of remotely controlled vehicles and the devastating consequences of malicious attacks. Eric Hibbard reinforces this with examples of vehicle cybersecurity incidents, such as cars being remotely shut off, and highlights the expanded attack surface in increasingly sophisticated vehicles. The panelists underscore the need for security to be incorporated from the outset of product design, rather than being an afterthought, to avoid 'Frankenstein' solutions.
The conversation shifts to privacy, which Eric Hibbard describes as jurisdiction-dependent and complex. He uses the example of indirect data collection leading to privacy breaches, emphasizing the need to understand what data is being collected and how it could be exploited. Thomas Rivera adds that regulations like GDPR are pushing for opt-in consent for data collection. David McIntyre summarizes the key takeaways: security issues permeate the edge, heterogeneity complicates security and privacy, there's no one-size-fits-all solution, privacy needs equal weighting, and safety can dominate security priorities. He thanks the panelists and invites viewers to explore more SNIA resources.