Edge computing can greatly improve the efficiency of gathering, processing and analyzing data gathered by arrays of IoT devices, but it\u2019s also an essential place to inject security between these inherently vulnerable devices and the rest of the corporate network.\nFirst designed for the industrial IoT (IIoT), edge computing refers places placing an edge router or gateway locally with a group of IIoT endpoints, such as an arrangement of connected valves, actuators and other equipment on a factory floor.\n\nBecause the lifespan of industrial equipment is frequently measured in decades, the connectivity features of those endpoints either date back to their first installation or they\u2019ve been grafted on after the fact. In either case, the ability of those endpoints to secure themselves is seriously limited, since they\u2019re probably not particularly powerful computing devices. Encryption is hard to cram into a system-on-a-chip designed to open and close a valve and relay status back to a central control pane.\nIIoT can be a security blind spot\nAs a result, IIoT is a rich new target opportunity for malicious hackers, thanks in large part to the difficulty of organizing and gaining visibility into what\u2019s happening on an IIoT, according to Eddie Habibi, CEO of PAS Global, an industrial cybersecurity company who has been working in the industrial control and automation for about 15 years.\nA lot of connected IIoT devices have known, exploitable vulnerabilities, but operators might not have the ability to know for certain what systems they have on their networks. \u201cThe hardest thing about these older systems that have been connected over the past 25 years is that you can\u2019t easily do discovery on them,\u201d he said. Operators don\u2019t know all the devices they have, so they don\u2019t know what vulnerabilities to patch.\nIt\u2019ll be decades, Habibi said, before many IIoT users \u2013 whose core devices can date back to the 1980s and even the 1970s \u2013 update this important hardware.\n\n\n\n\n\nEdge networks provide security\nThat\u2019s where the edge comes in, say the experts. Placing a gateway between the industrial endpoints and the rest of a company\u2019s computing resources lets businesses implement current security and visibility technology without ripping and replacing expensive and IIoT machinery.\nThe edge model also helps IIoT implementations in an operational sense, by providing a lower-latency management option than would otherwise be possible if those IIoT endpoints were calling back to a cloud or a data center for instructions and to process data.\nMost of the technical tools used to secure an IoT network in an edge configuration are similar to those in use on IT networks \u2013 encryption, network segmentation, and the like. Edge networking creates a space to locate security technologies that limited-capacity endpoints can\u2019t handle on their own.\nMike Mackey is CTO and vice president of engineering at Atonomi, makers of a blockchain-based identity and reputation-tracking framework for IIoT security. He said edge computing adds an important layer of trust between a company\u2019s backend and its potentially vulnerable IIoT devices.\n\u201c[N]ow you\u2019re adding network translation to the end-to-end communication between that IoT device and whatever it\u2019s ultimately communicating with, which, today, is typically the cloud,\u201d he said.\nOther experts, such as Windmill Enterprise CEO Michael Hathaway, also highlighted that widely used cloud-based backends pose problems of their own. Enterprises are losing control over their security policies and access with every new cloud service they subscribe to, he said.\n\u201cEnterprise customers can be very nervous about hooking up an automation system directly to the Internet \u2013 it needs a last layer of intelligence and security,\u201d Hathaway said.\nConsequently, some of the most effective IIoT implementations can be those that leave the existing structures and networks in place \u2013 hence the popularity of the edge architecture, which works both as a buffer and a link between the IT network and a company\u2019s operational technology.\nRuss Dietz, chief product security officer at GE Digital, said that old-yet-irreplaceable technology already on the factory floor plays an enormous role in shaping the IIoT infrastructure laid on top of it.\n\u201cOver time, we might migrate to a fully digital world where we blend those two together, but because industrial is going to live in this very long-tail environment, we have to be able to provide separate trust for both of those,\u201d he said. \u201cSo we may weight how much we trust sensors in a different category than how much we trust a control system.\u201d\nEdge networks must fit unique sets of needs\nAccording to Hathaway, it\u2019s important to recognize that not all edge solutions are created equal, and that different businesses will have different requirements for an edge computing deployment. An automotive manufacturer might need to track a lot of process-oriented data and rate information about productivity, while an oil-production facility is likely to need to track things like pressures and volumes through a vast array of pipelines.\n\u201cYou can\u2019t possibly have provided a cookie-cutter solution,\u201d said Hathaway, adding that, while the tools and approaches used will have commonalities, everyone\u2019s security needs will be different.\nThe eventual hope for most IIoT deployments is that they provide enough machine-generated data to help businesses make smart decisions for the future, according to Simon Dowling, CTO of edge compute vendor ORI.\nProtecting the data those machines send back for analysis \u2013 whether at the edge layer or back in the cloud or data center \u2013 is of paramount importance.\n\u201cAs we\u2019re moving towards a world where there is \u2013 whether it\u2019s industrial IoT or it\u2019s more commercial\/consumer-focused IoT \u2013 a level of expectation that these devices will provide more meaningful action,\u201d he said.\nAnd if businesses want to stay on top of cybersecurity threats, they have to realize that it\u2019s not simply a matter of pushing out updates and getting the latest and greatest technology up and running on their systems, said Aruba\/HPE's vice president of strategic partnerships, Mike Tennefoss. It\u2019s also understanding the way those updates and additions will tie into the operational technology stack.\n\u201cSecurity is the heart and soul of IT, and what you see happening is that IT systems and processes of cybersecurity are pushing down deeper and deeper into the operational technologist\u2019s realm,\u201d he said.