Jul 01 2021

From the Edge to the Cloud: Securing the Enterprise at Scale with Aruba

As edge computing deployments increase, enterprises need new ways to secure the entirety of edge-to-cloud operations.

Business is moving to the edge. Recent survey data suggests that enterprises will allocate about 30 percent of their IT budgets to edge solutions through 2022, by which time 75 percent of data will be created and processed at the edge, according to Gartner.

The move to the edge is driven by substantive benefits: Moving workloads outside of traditional data centers or clouds and closer to the point of operation reduces latency and increases performance by minimizing the distance that data has to travel.

How Edge Computing Is Evolving

According to Derek Granath, senior director of product and technical marketing at Aruba, an HPE company, “the edge is changing a lot. Part of this stems from the explosive growth of remote work. The continued proliferation of the Internet of Things is also changing the edge, creating networking and security challenges.”

One challenge is quality of service. While service-level agreements have traditionally focused on maximizing uptime, Granath notes that “they’re now centered around the user experience. The network may be up, but if there’s a packet loss or high latency, I can still have a really slow application response time, and that will deliver a poor user experience.”

DISCOVER: Learn more about protecting your organization's endpoints.

This evolving user expectation for high-performing, on-demand applications underpins a larger edge computing concern: security. While apps and services at the edge offer a way to streamline operations and improve the user experience, the growing number of disparate edge endpoints makes it impossible for traditional, perimeter-based authentication and access controls to keep pace.

Edge Security Best Practices

So what do edge security best practices look like in this evolving environment?

“On the connectivity side, an SD-WAN is a more intelligent, application-aware way to steer traffic,” says Granath. “For example, a corporate policy might include two frameworks: one for a user at a branch office who wants to use a trusted edge application, and a more stringent one with increased security inspection for less trusted apps.”

According to Granath, it’s also critical to avoid moving traffic from the edge to the data center before steering it to the cloud and back again. “Back when all apps were hosted in the data center, this made sense,” he says. “For applications hosted in the cloud, backhauling traffic to the data center adds unnecessary delay and slows down applications.” 

To maximize efficiency, companies need to transform network and security architectures to connect users to applications closer to where staff are working, using local internet breakout to deliver a great end-user experience that combines IT efficiencies with robust security policy.

REGISTER: Learn more about securing your organization's infrastructure in the weekly CDW Tech Talk series. Click the banner below to register.

How the Internet of Things Complicates Edge Security

As noted by Granath, however, security at the edge gets more complicated when you introduce disparate IoT devices. “With a mobile phone or laptop, you can install a VPN client or a more modern, zero-trust access agent to apply the right security policies. But you can’t install this type of agent on an IoT device, such as a printer, camera or sensor.”

ClearPass from Aruba provides a way to secure any device at the edge using zero-trust role-based access control. According to Granath, the ClearPass solution lets IT teams “define policies that specifically allow connections by identifying the device and the role it plays in the business, allowing it to reach only those destinations that are consistent with its role.”

As an industry-leading role-based access and network access control solution, ClearPass allows enterprises to automatically identify what a device is, what role it has been assigned and any associated security policies. By combining device ID and role, enterprises can create context-driven security policies and implement fine-grained, dynamic segmentation to both reduce total risk and meet evolving compliance requirements.

In addition, ClearPass works with other security solutions. “It has an ecosystem that integrates with other security tools and can pass information and receive data from other solutions and devices,” says Granath. “It’s managed through Aruba Central, which also has application programming interfaces to applications like Splunk that correlates threat information from multiple sources with analytics to provide edge-to-cloud security insights.”

When it comes to edge security, Granath puts it simply: “This is a journey. By leveraging the Aruba ClearPass Device Insight database and role-based access controls, companies can create common security frameworks that extend from the edge to the cloud.”

Brought to you by:

Geber86/Getty Images