What Are the Key Aspects of Edge Security?
Edge security focuses on the same core risks upon which traditional security focuses: identity, device, and network to protect data. It typically layers on top of traditional security solutions to protect that data outside of what can be thought of as traditional security’s core safeguards.
When it comes to identity, edge security leverages identity management to ensure that the user or device has authenticated appropriately and has the appropriate authorization to access the specific resource. Some would argue that the push to single sign-on (SSO) and federated identity are attempts to create an extended trust fabric to facilitate more straightforward access to disparate systems.
With respect to devices, edge security looks to push data and identity-based protections more heavily to the device. Behavioral monitoring, data tagging, and data management are a few aspects of edge computing that are increasingly being applied and enforced at the device level. That layers on traditional EDR protections, which are also now less reliant on external appliances for operation.
Network safeguards are also key to a comprehensive edge security architecture. Secure access service edge (SASE) solutions provide comprehensive cloud access and perimeter traversal security. These solutions typically layer on top of physical and virtual firewalls to provide seamless user, asset, and data traversal between network segments.
Considerations for Implementing Edge Security Reference Architecture
Much like a more traditional network security architecture, an edge security architecture requires strategic planning and an understanding of the environment being secured. It can be simplified, though, to give an idea of how to implement it.
If it helps, think of the secure edge like the outside of a building. Once inside that building, each room has a secure edge. Those secure edges may be open doors, allowing unfettered access, or locked to limit access. Security cameras observe migration of people and data throughout.
With that analogy in place, there are a few considerations you should think about when implementing an edge security architecture.
- Scalability. The new amorphous and virtual edge is designed to be malleable and scalable. Instead of on-premises appliances and virtualization, think cloud and containers. Those environments are designed to scale rapidly to meet demand. So too does the environment securing them.
- Comprehensive data management. Data doesn’t just reside in a business’s four walls anymore. For businesses with a heavy cloud presence, it’s very likely data largely exists off premises. Consequently, it’s critical to be able to secure that data in the cloud and remote environments in which it lives and is used. That demands an edge security solution as it’s impossible to deploy physical appliance safeguards to that environment.
- Solid identity management. Due to the distributed nature of the virtual edge, it’s important to assure that whoever is entering the virtual edge has the authority to do so. Identity management must include robust authentication to identify the individual and authorization to assure that the individual should be accessing the resources that they are.
- Streamlined access management. Federated identity and single sign-on are critical to assure that seamless transition occurs between assets. Edge security becomes cumbersome and unwieldy when access is stilted and demanded with each different asset.
- Resilience. A secure edge should be able to mitigate certain kinds of attacks, like distributed denial of service (DDoS) attacks. These kinds of attacks are more significant to distributed environments because they can disrupt distributed access to those environments. Making the secure edge resilient promotes business operations.
Related reading: What is a resiliency architecture?
Pure Storage Promotes Security at the Edge
Pure Storage provides multiple solutions to maintain and recover your distributed environment. Solutions like Purity//FA help you seamlessly manage storage whether it’s on premises or in the cloud. Purity//FA provides resilient and scalable management tools to ensure that data is appropriately managed within your secure edge.
If the worst should occur, Pure Protect //DRaaS™ provides an immutable and resilient cloud recovery solution that gets you back on your feet fast. It guarantees clean recovery to anywhere you need it.
Conclusion
The secure edge is a novel concept in the sense that it takes safeguards for more traditional technology infrastructure and expands them to meet more expansive environmental needs. Where computing and business are increasingly distributed, it’s never been more important to be able to secure that environment.
Pure Storage can help. We provide solutions that keep your distributed environment operating and can recover some or all of it at a moment’s notice.