AWS Public Sector Blog
Running government workloads securely at the edge
This is a guest blog article by International Data Corporation (IDC).
With ongoing changes in today’s security landscape, coupled with the rapid pace of technology, organizations are continually evaluating technology options such as edge computing as strategic enablers for transforming existing workflows, processes, and operations.
As government agencies incorporate more edge technology into their operations to help improve application performance and meet mission outcomes, they must be prepared and remain diligent in their approaches for securing data, applications, and devices, including adhering to evolving regulatory requirements.
Edge computing moves data processing and analysis close to endpoints where data is generated to deliver real-time responsiveness, and reduces cost associated with transferring large amounts of data. Edge environments include Internet of Things (IoT) or mobile devices, sensors, video cameras, and other connected resources. For example, aircraft, fighter jets, and submarines process data from sensors located in vehicles, ships, trucks, and drones in real time, with limited or no internet connectivity.
With edge, the usual security principles still apply such as protecting data at rest and in motion, but new considerations emerge. So, how do organizations create a secure environment, from the core cloud to edge devices, and endpoints?
Download the new IDC whitepaper Core Security Principles for Edge Computing in Government.
Deploying security from cloud core to the edge
Government edge systems must be maintained and protected in a unified way. An effective edge security strategy should be implemented. There are three edge protections that secure connection points between the origin infrastructure, edge services, and edge devices or applications. These are secure content delivery, network and application layer protection, and distributed denial-of-service (DDoS) mitigation.
Secure content delivery provides content, such as data, videos, applications, and APIs, quickly and securely to customers. Today, a content delivery network (CDN) is a critical component of nearly any modern web application and can be leveraged for use cases where low-latency, high transfer speeds are a requirement, whether it be for a better customer experience or for supporting mission-critical operations.
Network and application layer protection extends security. Edge networks are architected outside of the security perimeters of traditional cloud. Extending security to edge end devices requires network and application security and continuous monitoring, as well as encryption of data in transit and at rest. Organizations deploying edge should define trust boundaries for networks and accounts and verify secure system configurations and other policy-enforcement points, including web application firewalls (WAFs) and API gateways.
DDoS mitigation as a defense layer is important for organizations operating at the edge with mission-critical operations that cannot afford downtime. DDoS attacks are deliberate attempts to exhaust infrastructure or application resources so they are unavailable to users. DDoS mitigation helps with continued availability of those operations and services.
Work with trusted organizations
Agencies that deploy edge computing need to establish processes to enable constant maintenance and upgrades beyond the initial setup, especially to deal with patching and new security issues. Agencies should automate the patching process as much as possible while also establishing that each patch has been validated by appropriate vendors.
Cloud providers can address the challenges of continuous monitoring, auditing, reporting, and upgrades to stay abreast of the latest requirements. IDC believes edge deployment by agencies will continue to grow.
For more information on how government agencies can create a secure environment, from the core cloud, to edge devices, and to endpoints, download the IDC whitepaper Core Security Principles for Edge Computing in Government.
Read more about Amazon Web Services (AWS) and the edge:
- Enhance operational agility and decision advantage with AWS Snowball Edge
- Create a common operating picture for search and rescue at the edge with AWS
- Amateur radio meets edge computing to keep disaster response teams connected
- Open data helps recovery in the aftermath of devastating weather events
- Lessons in disaster response
- Managing Edge of the Edge deployments with Rancher
Subscribe to the AWS Public Sector Blog newsletter to get the latest in AWS tools, solutions, and innovations from the public sector delivered to your inbox, or contact us.
Please take a few minutes to share insights regarding your experience with the AWS Public Sector Blog in this survey, and we’ll use feedback from the survey to create more content aligned with the preferences of our readers.