Why should you care about the Edge?
(Photo: Nikhil Maka)
(Spoiler Alert: This blog may not answer all your questions, but may help you ask more questions.)
When Ray O’Farrell appeared before a Congressional committee in Oct 2017, little did he (or the legislators) imagine that our world would turn out the way it did, in just a few years. But he had made some interesting statements about the edge. Read about his testimony here.
The congressional committee quizzed him and a few other industry experts about emerging threats in the Edge/IoT world. The committee had concluded earlier that “The Internet of Things presents an opportunity to improve and enhance nearly every aspect of our society, economy, and day-to-day lives.” But were concerned about “… how to implement needed legislative updates to continue protecting consumers and allowing American creativity to grow …“
Fast forward – c. 2021. A Presidential Executive Order has created an imperative to secure digital assets in your enterprise.
Does this apply to you? Depends. More questions...
Do you have any kind of devices, electronic equipment, computing systems (large to very small) that you use to serve your customers or produce products? If no, you have nothing to worry. But check again. Any surveillance cameras / audio visual equipment on IP network? A sprinkler system on IP?
If yes, have you ever had to apply a software patch, did you have to call the technician to come fix a glitch, and the technician “upgraded” the software as part of the maintenance? The answer to this one could be, (i) yes or (ii) “don’t know” or (iii) no.
Oh, before that, do you know what devices you have in your enterprise, branches, different locations? If no, that’s a place to begin. Whichever your preferred way, a formal system to track your assets or a spreadsheet or a simple online service to track your assets will work depending on how many devices, operators and complexity of what you have.
If you manage to list (a digital ledger) all of your digital assets (and keep them up to date), you need to know what’s running inside of those devices / equipment. Before that, more questions.
Why is the edge so complex?
This is how systems always evolve. Over time, one acquires point solutions that deliver functionalities. Point solutions are great, but eventually, you will end up with many of them. Solutions that are highly specialized and dedicated to the one and one function they are probably good at delivering. And they come up with their own bill-of-materials, hardware and firmware.
Yet another twist? In keeping with Moore’s law, as electronics advanced and more functionality was being controlled through software, needs arose to tweak these functionalities – through configurations settings and profiles.
But you, as the enterprise owner, own and are responsible for the functions that these devices offer. More importantly, you become responsible for thinking of security that spans across all these systems and devices. And if you are delivering to customers in the government or are part of a supply chain that does, you need to know the weaknesses in the components that create your work product. More so, if there is any kind of firmware being shipped.
So, is there a way that one can address all these devices? Well, that depends on what you have and how old they are. Some offer elegant APIs, ways to “speak” to them; ways to upgrade and patch software for, say security holes. To speak to most devices, one needs to know and speak the protocol that is supported, proprietary or standards based.
Where do you begin? There is no absolute starting point for all enterprises. Some have tweaked their existing ERP systems (not easy as they were not built to track and manage edge devices), some have subscribed to online services with tiny subscription models to get started.
Briefly, you need to establish a process to gain visibility and roll from there.
We’re interested in learning more about your challenges at the edge. What specimen do you have at the edge, what are some challenges or solutions you have experimented with?
Please email us your queries or to discuss more - firstname.lastname@example.org