Storage Life on the Edge: Security Challenges

Share

Summary

This video, presented by SNIA, features David McIntyre, Thomas Rivera, and Eric Hibbard discussing security challenges at the edge. It covers the ISO perspective on edge computing, the distinctions between privacy, information security, and cybersecurity, and the unique security concerns posed by edge environments. The panel also delves into managing risk, with a particular focus on the implications for product development and user safety.

Highlights

Introduction to SNIA and Panelists
00:00:08

David McIntyre introduces the SNIA 'Storage Life on the Edge' webcast, focused on security challenges. He introduces the distinguished panelists, Thomas Rivera from VMware and Eric Hibbard from Samsung, and provides a brief overview of SNIA's role in the industry, its reach, and the technologies it covers. A disclaimer regarding copyright and usage of the material is also presented.

Understanding Edge Computing from an ISO Perspective
00:03:22

David McIntyre sets the stage with a visual representation of the 'chaos at the edge,' highlighting the interconnectedness of cloud service providers, edge networks, cloudlets, 5G, and various IoT applications. Eric Hibbard then elaborates on the ISO definition of edge computing, distinguishing between device, edge, and central tiers, and the different planes of data, control, and management. He emphasizes that the definition and hierarchy of these tiers can be fluid depending on the perspective.

Distinguishing Privacy, Information Security, and Cybersecurity
00:11:59

Eric Hibbard clarifies the relationships between privacy, data protection, information security, and cybersecurity, explaining that while they overlap, they are not identical. He highlights that privacy often depends on information security, but not vice versa. Thomas Rivera adds that security forms the foundation, with regulatory compliance often driving security priorities, even when those regulations aren't primarily security-focused.

Unique Security Characteristics and Challenges of Edge Computing
00:19:32

Eric Hibbard outlines the specific characteristics of edge computing, such as massive numbers of nodes, proximity networks, unfiltered data, harsh environments, hardware and software constraints, high latencies, and heterogeneous nodes. He then discusses the resulting challenges, including the inapplicability of traditional security measures like firewalls, difficulties in orchestration and access control, insecure interfaces, susceptibility to distributed denial-of-service attacks, and an expanded attack surface.

Threats and Mitigation in Edge Environments
00:26:06

The discussion turns to identifying and addressing threats in edge computing. Eric Hibbard emphasizes a risk-based approach, focusing on critical data and systems. He categorizes threats across nodes (physical security, limited capabilities, unmanaged devices, software vulnerabilities, malware), networking (insecure protocols, denial of service, eavesdropping, spoofing), data (disclosure, corruption, destruction, availability), and applications (vulnerabilities, lack of updates, access controls). Thomas Rivera further explains how to contain or isolate attacks, stressing the importance of understanding the ecosystem layer and the availability of security features like encryption at different tiers.

Safety and Proactive Security Design
00:41:00

Thomas Rivera introduces the concept of human safety in security, using the example of remotely controlled vehicles and the devastating consequences of malicious attacks. Eric Hibbard reinforces this with examples of vehicle cybersecurity incidents, such as cars being remotely shut off, and highlights the expanded attack surface in increasingly sophisticated vehicles. The panelists underscore the need for security to be incorporated from the outset of product design, rather than being an afterthought, to avoid 'Frankenstein' solutions.

Addressing Privacy Concerns and Key Takeaways
00:53:10

The conversation shifts to privacy, which Eric Hibbard describes as jurisdiction-dependent and complex. He uses the example of indirect data collection leading to privacy breaches, emphasizing the need to understand what data is being collected and how it could be exploited. Thomas Rivera adds that regulations like GDPR are pushing for opt-in consent for data collection. David McIntyre summarizes the key takeaways: security issues permeate the edge, heterogeneity complicates security and privacy, there's no one-size-fits-all solution, privacy needs equal weighting, and safety can dominate security priorities. He thanks the panelists and invites viewers to explore more SNIA resources.

Recently Summarized Articles

Loading...