Securing the Industrial Edge

Realizing the efficiencies without neglecting security concerns.

Edge Computing

Edge compute is springing up in the industrial and manufacturing sector at a fast clip - after all what company doesn’t want to increase its business efficiency or quicken its agility? Everything from managing control over process in real-time to doing quality inspections with AI-based systems, also in real-time, need to compute at the edge - not in the cloud. Likewise, preventing device failure means continuously monitoring systems at the edge using machine learning techniques. 

There are systems today that can spot spills on factory floors and alert someone to clean it up before it becomes a potential accident. In the past computers couldn’t do this sort of identification. However, pairing the massive amount of data being collected with advanced machine learning techniques makes this possible.

Feeding plant floor data into real-time systems allows businesses tighter control over quality and ensures that mistakes can be spotted earlier on in greater numbers with fewer doing the same job in a less efficient manner. Increasing uptime of running systems and reducing maintenance costs are two prime use cases that are being leveraged in greater numbers. 

However even as adoption picks up, questions turn to securing and managing these systems. For example, let’s take a camera looking at a food packing line. Its job is to ensure that if there are sealing failures it can spot them in real-time and alert someone to deal with it. In the past this camera might have been connected to a software application that was off-site, but it didn’t have real-time detection. Now that it’s on-site, it does. The problem is now you’ve shifted the securing and managing of that application on-site. 

As more and more software moves to the edge these problems are going to exacerbate themselves and what used to not be a core competency for your company now becomes one. The job now becomes to secure the edge, but how does one go about doing that?

A new form of server is becoming the de-facto operating system for edge compute - unikernels. Unikernels are specialized single purpose systems that deny hackers the capability of running arbitrary third-party programs on them, simultaneously running faster than their comparable systems, such as Windows or Linux.

This emerging style of software provisioning also takes the concept of immutability to its logical core, making managing these systems much easier. That helps if you have many locations or many nodes that all need to be dealt with at scale. One of the more unique aspects of unikernel technology are its security characteristics. They come with a four-point security model:

  1. They have a dramatically reduced attack surface - many orders of magnitude less than Windows or Linux.
  2. They don’t have the notion of usernames or passwords.
  3. They don’t come with a shell/terminal that hackers utilize.
  4. They are single process systems deployed as virtual machines, making it impossible to run other software on the same virtual machine. 

These security guarantees are what makes them ideal for edge deployments as edge deployments tend not to have all the engineering/IT resources that more traditional cloud deployments would contain. This is the case even though they still have to deal with all the same concerns of patch management, endpoint protection, application hardening, etc. 

So, whether you are getting your feet wet with edge or your organization is already dealing with managing the massive scope of running at the edge, consider looking at unikernel technology to manage it as well.


Ian Eyberg is the CEO of NanoVMs. For more information about the San Francisco-based company, visit www.nanovms.com.

More