Addressing the Data Security Conundrum in an Expanding Cloud Universe
By Atos staff
The last decade has witnessed the democratization of computing. Transcending the traditional cost and performance barriers, the cloud computing model makes scalable and productive computing environments available to users on-demand, nullifying the requirements to own and maintain full-scale resources. However, as Industry 4.0 emerges, industrial applications leveraging technologies like the Internet of Things (IoT), artificial intelligence (AI), and 5G calls for real-time and proactive management, otherwise untenable through a traditional client-server approach to data processing.
Edge, fog, and subsequently, swarm computing paradigms seek to address transmission latency over industrial networks by leveraging geolocation proximity and by granting higher degrees of device autonomy. But proprietary information increasingly residing beyond the boundaries of data centers poses a unique set of challenges for the technology decision-makers. Indeed, 66% of the IT teams view the distributed processing architecture as a plausible data-security concern, and over 50% is conservative towards the resilience of edge devices to infiltration. Their skepticism streams from a 300% surge in cyberattacks against IoT devices in 2019.
But decentralization of compute, running on the back of a distributed data-crunching framework, is here to stay. Expanding ‘the edge’ of the cloud and shifting the workloads closer to terminals unleashes new levels of efficiency and operational control for businesses, with positive impacts on their bottom lines. The trend is echoed by Gartner that predicts that by 2025, 75% of the enterprise data will undergo decentralized manipulation. So, successful arbitraging between computing models hinges on intelligent vulnerability remediation tactics.
In an interview with distinguished thought leaders, three of the most prominent voices in the cloud industry examine how companies can adjust their security strategy to minimize exposure, balance risk vs. return, and adapt to the peculiarities of a ubiquitous computing landscape that entails Industry 4.0.
Redesigning data security protocols by factoring in new threat vectors
For some time, the cybersecurity debate has oscillated between bolstering hub-vigilance and deploying perimeter-sentries on the edge of cloud networks. But the progressive decentralization of the industrial data systems is rendering traditional security protocols tasked with the safekeeping of centralized databases, inadequate. Paulo Pereira, Atos North America’s Chief Innovation Officer (CINO), Edge to Cloud Data & Analytics, views the advent of the edge and swarm to be unlike the previous milestones in the computing trajectory; in other words, the advent of mainframe, distributed and traditional cloud networks. “Industrial data networks today have varying levels of connectivitythat happen outside of a data center. This model gives rise to a number of threat vectors, leaving potential windows for malicious actors,” he says.
But rather than spurring an environment of Zero-Trust within the organization, Nicole Catchpole, Senior Analyst, TBR, says “the evolving situation is a clarion call for developing a framework that promotes data-sensitivity consciousness and defines the dimensions of ownership and access to information, from a foundational point.” Geoff Woollacott, Senior Strategy Consultant & Principal Analyst, TBR agrees. While acknowledging that the present situation compels data security best practices to undergo a sea change, he says, “the status quo presents an opportunity to achieve consensus on the business rules, permission to access and develop better encryption standards that can secure the confidentiality of even misplaced data.”
Facilitating progressive OT & IT convergence
Risk arises from system differentials, and in an industrial environment, it emanates from the heterogeneity in departmental perceptions. The scales of network isolations and the inherent nature of data owned and handled by the operations and IT teams are different, and an edge-driven integration of the two worlds tends to leave a lot of loopholes. Absence of human awareness aggravates risks in a connected industrial ecosystem and activities lacking cyber-hygiene like clicking on unverified email attachments, operating unsecured network devices or unmonitored resource downloads can end up compromising the whole IT instances of the enterprise.
With increasing shifts in data and compute to the shop floor, the situation calls for forging continuous IT-led bi-directional knowledge sharing partnerships between the organizational verticals, helping operators to comprehend the consequences of their actions from an enterprise standpoint. Also, says Pereira, “the human factor needs to have a 360-degree grasp on the changing ground realities due to edge-transitions, to preempt mushrooming vulnerabilities in seemingly air-gapped systems. In a connected world, it is imperative to challenge existing assumptions, and harmonize the risk appetites and perceptions of IT and OT.”
Further, the experts agree that worldwide operational scale down due to COVID-19 presents a breather for cross-team collaboration on the nuances of data security. Smart firms with serious digital transformation postures are utilizing the downtime to prime their workforces with online inputs and training regimes.
Bridging expectations and cultural divides
From an erstwhile boiler-room concern, the profound brand implications and regulatory backlashes of data breaches have elevated cybersecurity issues to the position claiming boardroom attention. In an ultra-competitive environment, businesses are under immense pressure to adopt networked technologies like edge and swarm to enrich service offerings. But does the state of their data-security preparedness meet customer expectations? Catchpole says, “traditionally, the operational mosaics of key sectors like healthcare and financial services are interspaced with daunting vulnerabilities. But that also uniquely positions them to set the ground rules for mitigations.”
Not only physical technology adoptions, but deterrence is also the sum of practices ingrained in the organizational DNA, adhered, and appreciated across the age-continuum of its workforce. Woollacott says, “for eliminating weak links in the enterprise data security chain, a buddy-system must be encouraged, allowing baby boomers to learn from their millennial counterparts, more adept with automated tools and methods. The emergence of such roles of IT trainers and generalists will be crucial in the edge enabled enterprise digital transformation scenarios.”
Paulo Pereira adds on: “In an environment of cumulative process automation, professionals with the required skill sets will be called on to play a pivotal role in setting policies and system interaction logics.”
Driving tangibility through new engagement models
Experience is the prime requisite for the service providers right now to resonate with the requirements of their potential customers looking for edge implementation and management. “The advantage belongs to vendors who can assimilate technological, procedural and policy complexities to present a turn-key solution to the businesses. In the present capital-sparse landscape induced by the COVID-19 episode, as a Service model is gaining traction as it reduces CAPEX requirements and also helps businesses in resolving a lot of liabilities presented by the current situation,” says Pereira.
Also, resource constraints apart, as the security breaches get more prevalent, companies will have to tap into specialized knowledge bases and skillsets through partnership networks for mitigation. Managed services command the one to many relational advantages, executing edge-security projects for different customers. They already have the open-sourced framework in place that can be geared and scaled cost-effectively as per the use cases for their clients.
Driving perception shifts around the edge data security spendings
At times it may be challenging to build a concrete business-case for undertaking significant expenditure in edge security. But considering the ever-expanding horizon of cyber-threat vectors, a robust security mechanism may be the last bastion to protect mission-critical enterprise data and IT resources. Pereira says, “spendings on edge security is an investment and businesses need to consider the viewpoints of its security professionals, dispelling complacencies. Because the incidental cost is going to be much higher.”
Woollacott portrays raised data security awareness as a competitive advantage. He says, “businesses with a higher state of preparedness are not only set to comply with data protection regimes like the European GDPR, but also by incorporating data management and security in a single framework, runs a lower risk of disruptions to events and in turn may avoid facing governmental penalties due to negligence.” Also, such companies are best positioned to enjoy an inclined public perception of their brands and business practices, with direct positive impacts on revenue streams.
Formulating security policies based on the personification of networked devices
In the edge world, the connected devices have assumed the identity of rational actors. The device itself is now an identity to confirm, and security policies and access control measures will have to evolve radically by departing from the earlier models to detect intrusion not just by human agents but also by devices connected into the network.
For Industry 4.0, the development has profound implications. Catchpole says, “technologies like AI and predictive analytics bank heavily on data integrity and sanctity for their performance. Compromised data quality may end up disrupting the digital transformation journey of the companies.” Also, malicious manipulation of data guiding automated systems on the shop floors may end up causing compounding financial losses and endangering lives.
Truly, edge and swarm computation fabrics offer a significant attack surface for malicious actors. But the risk-return tradeoffs are enormous, allowing bespoke product developments, real-time monitoring advantages, cost rationalization, and constructing exceptionally intuitive manufacturing environments. Through ad-hoc protection measures, right investments, creative policy tools, and overall trust, but a verified approach to edge security, enterprises can counter data breaches not only effectively, but also dramatically augment ROI and competitiveness in an expanding cloud universe.