The security issues threatening multi-access edge computing (MEC) are critical. Edge computing users are increasingly vulnerable to security threats as more Internet of Things (IoT) devices and smart cities applications use the edge to transmit information. The heightened exposure of user’s data in edge computing has MEC security experts focusing on detecting the possible ways sensitive data can be breached.
Note that MEC security threats fall into three main categories: Personal Point of View, such as the user, network operator, and third-party app provider; Attribute point of view, such as privacy, integrity, trust, attestation, verification, and measurement; and Compliance, dealing with lawful access to data and local regulations.
Top MEC Security Challenges:
- Cheryl Soderstrom, Americas cybersecurity chief technologist at HPE, points out the possibility of one IoT device betraying the implicit trust of another IoT device. The IoT devices are programmed to automatically trust another connected device and to share data without a validation process. Soderstrom questions that “if all these devices natively trust each other and then share data, how can we know when a device is lying? And if we can’t know when a device is lying, what does that mean for security?”
- Traditional devices use firewalls for security. However, the absence of a perimeter around the network edge prohibits firewalls to block out MEC security threats.
- The back and forth transfer of data from a device to the network edge increases the opportunity for breaching data and hacking devices. OpenFog Consortium wrote that MEC security should be “identifying, authenticating, and authorizing devices and the data they generate from the edge to the cloud and back, [and that] needs to happen with sub-millisecond accuracy.”
- Espionage tactics take advantage of IoT devices. Commonplace items are especially vulnerable to espionage activities, such as an e-cigarette used for obtaining corporate information from one of Aruba’s clients. Germany also banned a doll named My Friend Cayla after discovering the toy sent conversations to a voice recognition company that provides intelligence agencies with information. The company denies allegations that they provided the conversations to their clients.