Agencies could pay a steep price, literally, if they do not secure the growing volume of data at the edge of the network.
The problem is that edge computing – in which data is being aggregated, accessed or processed outside the network perimeter – is leaving data exposed to cyber criminals who see an opportunity to make money through ransomware schemes.
According to Gartner, a research and consulting firm, edge computing will grow 75% by 2025. In government, the surge is being fueled both by a growth in end-user devices in mobile and remote computing and in non-traditional devices associated with the Internet of Things (IoT) and operational technology (OT), such as sensors and cameras.
In many cases, agencies support edge computing by moving data into the cloud, rather than requiring end users or devices to go through the data center. This hybrid cloud environment mitigates performance and latency problems but also makes the network perimeter even more porous.
“You’ve got to think, ‘How do I secure that? How do I secure every device on my network?’” said James M.T. Morrison, Distinguished Technologist for Cyber Security in the Office of the North America Chief Technology Officer at Hewlett Packard Enterprise. “How do I make sure that every device has the proper authentication and authorization?”
Ransomware Reality Check
Agencies might think that much of their data would be of little interest to cyber criminals. But when it comes to ransomware, many malicious actors are not necessarily looking for data they can use but rather data that agencies cannot afford to lose or to have exposed – what’s known as dual extortion.
For example, let’s say a cybercriminal steals body camera data from a law enforcement agency. While the agency might be able to restore that data from backup systems, it still might pay to avoid having that data published online.
“Probably 90% of cybercrimes are driven by money,” Morrison said. “That’s a nuance that government agencies really need to understand.”
Zero Trust at the Core
Increasingly, zero trust security is seen as essential to addressing the challenges of edge computing.
“It’s the idea that everything you add to your network needs to be secured,” said Morrison.
In practice, zero trust requires agencies to build a system for authenticating and authorizing every end user and device attempting to access a network resource. This capability provides a “core of security” on which to lay applications and devices, he said.
The Transformation Journey
There are no shortcuts to better security. Instead, agencies should focus on incorporating security into every aspect of their digital transformation. That is the approach HPE brings to its customers when assisting them on their transformation journey.
“Security is built into the core of everything we do,” Morrison said. “We’ve built security into our servers, the core of our network devices, the core of our hybrid cloud models.”
“And we do believe the future is cloud,” he added. “And the future is the edge, and security is going to be part of that.”
This article is an excerpt from GovLoop’s guide, “Conversations With CXOs: Your Crash Course on the Future of Gov.” Download the full guide here.