11 Nov 2022

Event round-up: Cyber security from the Edge to the Cloud

On 11 November, techUK hosted a webinar exploring the growing convergence of cloud and edge computing and the opportunities and challenges for cybersecurity. This event was part of techUK’s Cloud Week.

The panel included:

Harshad Toke, Chief Architect, Becrypt
Chris Beckett, Sales Engineer, RubrikX
Christopher Jenkins, EMEA Chief Technologist, Redhat
Brad Smith, Managing Director, Edgile

You can watch the full session here, or read our summary of the discussion below:

Please note that the below is a summary of the event, and readers are encouraged to watch the webinar to understand the full details of the discussion.

Distributed infrastructure and workforce

The panel opened with a discussion of the evolving global threat landscape and how the pandemic accelerated digital transformation and challenged assumptions in organisations about what was possible with cloud computing. The shift to hybrid working has forced rapid adaptation in ways that have been positive for productivity and the workforce but pose additional challenges for security.

Increased edge adoption has also contributed to a more distributed computing environment with complex security challenges and less clear network boundaries. Hybrid working, cloud and edge also mean that just as your infrastructure has become more distributed so have your employees - are workers the least secure edge devices on an organisation’s network?

Security and service resilience

The conversation moved to the challenges of a hybrid cloud environment that includes both Cloud, with platform abstracted from infrastructure, and legacy on-prem infrastrucutre with a security posture designed for that on-prem data centre. However, edge makes the old new again, with some of those physical infrastructure considerations returning in new ways.

Harshad referred to the NCSC cloud security principles and zero-trust architecture principles as a good starting point for gripping the fundamentals. It is important not to lose sight of the “Why?” question when organisations feel themselves getting lost in the many different answers to “How?”.

The panel discussed the cultural implications of a zero-trust posture and how the people and process changes are always much harder than implementing the technical solutions. There was a consensus on the panel that challenging your assumptions about your current security posture is key to useful strategic planning that will take you in the right direction.

Benefits and opportunities of cloud and edge

Brad argued that the capabilities of as-a-service compute delivered at scale has accelerate the pace, agility and scale of cyber threats, but organisations using cloud also have a range of tools available to them, including the ability to aggregate data at scale and model behaviours and security threats. This puts pressure on organisations to retire legacy infrastructure and move into cloud platforms.

The panel explored the edge computing environment where devices are holding limited data, reducing and compartmentalising exposure. This does force attackers to target your core infrastructure, but cloud can be leveraged to improve core security - particularly for SMEs and smaller organisations with limited budgets and skillsets.

Responding to questions from the audience, secure by design principles were discussed and the dynamics around application security for cloud and edge nodes, in addition to some of the challenges and opportunities of emerging technologies like artificial intelligence and quantum. Chris Jenkins argued that applications can benefit from edge computing by inheriting security from the edge node which is running a minimal OS with a smaller attack surface.

“Quantum computing is an immediate threat - attackers are stealing data and storing it - you must protect your data now with the assumption that at some point in the near future they will be able to decrypt it.”

People and process - why is a human the weakest edge device?

Chris Beckett argued that humans are still the weak link in the chain and the challenge for the security industry is to engage end-users and enable them to think in a different way.

The panel explored the need to make security usable and consumable for non-technical people with a holistic approach that explains why users should do it not just what they need to do - or they will just find a way around even the best processes.

Brad argued that organisations need to confront the reality that humans are much more adept as a species at exploiting psychological ploys and extracting information through human interactions than we are at undermining the technologies we build. Investing in the skills and knowledge of your human capital - modernising your human edge devices just as you would your physical infrastructure - is key.

Key messages for the boardroom in 2023

“It is not possible to defend your on-prem infrastructure. No matter how much you spend, no matter what products you buy, it is fundamentally flawed around a network perimeter defence model. You must embrace the cloud if you want to defend yourself against emerging threats” - Brad Smith, Managing Director, Edgile

“Security is a process not a product. There are lots of products that can help secure your platform, but these are just enablers. It’s about people and process - get that right and the tech is the easy bit” - Chris Jenkins, EMEA Chief Technologist, Redhat

“Treat it as an organic and ongoing process - make it as inclusive as you can and try and get people to buy into it - that is the key to success” - Chris Beckett, Sales Engineer, RubrikX

“Security can be a scary place, it can be a worrying place - start small, be agile, think of this as a process. This will help improve the culture and your security. This will give you big results in the long run” - Harshad Toke, Chief Architect, Becrypt