The edge: Data anywhere you need to be
Everyone's talking about the edge these days, but what exactly is it? And what happens there?
Put simply, the edge is where data is both created and consumed, explains Simon Wilson, CTO of Aruba, a Hewlett Packard Enterprise company, in the U.K. and Ireland. And the network edge is where we connect to create and consume that data. "Think emails, think pictures, think videos," he says.
The edge is constantly in flux, expanding and moving as we look to instantaneously access both our work data and personal apps―wherever we happen to be, says Wilson. It also encompasses the now billions of IoT devices connecting across a wide range of consumer, healthcare, industrial, and other applications.
But with all the benefits edge computing brings, there are some challenges, namely security. As more and more devices come online, the attack surface grows, introducing more opportunities for bad actors to access corporate networks.
"So, as well as extending that edge to wherever we need to be, we also need to make sure we extend our security to where we need to be," Wilson says.
In this episode of Technology Untangled, Jon Green, chief technologist for security at Aruba, joins Wilson to discuss risks at the network edge and what you can do to mitigate them. Also hear from Jon Rennie, infrastructure services manager at Sainsbury's, on how the British supermarket and retail chain built out its edge infrastructure to support everything from customer-facing applications like its Smart Shop service to in-store systems for smart energy management, inventory replenishment, and video monitoring.
Excerpts from the podcast, hosted by Michael Bird, follow:
Simon Wilson: The edge used to be in the room with the computer. So back in the '50s through the '70s, the mainframe era, as we call it, it was in the basement of the building and you had to sit next to it because, well, one, there were only a few people who know how to use it, but two, you couldn't transmit the data anywhere anyway.
Now, the edge is wherever you are.
Michael Bird: You're at the edge when you and your device, or a device on its own, reaches a network service―say the Wi-Fi you're connecting to or the VPN you're using outside of the office. And crucially, and I guess quite confusingly, it moves.
Over the past 10 years, there has been an absolute boom in the number of devices available, from smartphones and tablets to laptops and smart watches—there are absolutely billions of them. Because of the speed and availability of Wi-Fi and cellular networks, we expect to be able to use our devices on the Internet all of the time, seamlessly, from wherever we are in the world, no questions. However, the scope of the edge is about so much more than just consumer devices.
A new business landscape
Wilson: What the edge means to organizations is their ability to extend their business, both for employees and also for their customers, to wherever they need to be. And I think without the ability to extend virtual private networking services, so that you could get onto your company email, you could get onto your file server, you could share information securely, I think business would have stopped over the past few months.
But it's also where they're starting to add a lot more IoT devices—you know, a lot of sensors, things like temperature sensors to check that we're healthy when we enter a building, a lot more security cameras. We want to automate as much as possible, which means connecting our door locks to the Internet.
In fact, I've even seen a UV robot that's roaming around Heathrow Airport right now, connected via Wi-Fi.
Bird: For IT departments, the way they architect their network has had to change due to this device mobility.
Wilson: The huge growth in mobility as a result of all these portable devices that we now use, and indeed the increased speed in the mobile networks we connect them to, has provided both a challenge and an opportunity.
The challenge has been how do we connect them all back to where our data traditionally sat in the corporate data center? But the opportunity of course is, well, if we free ourselves from that corporate data center and start to move our data into the cloud, then it doesn't matter where we are. We used to be in the building or on campus connecting to the data which would be in the data center on campus.
Now, of course, we're out and about mobile. There's really no reason why that data has to be stored locally. And given that the speed of interconnecting networks has increased so significantly and, of course, the cost of data transmission has reduced so significantly, really, it doesn't matter where we are. It doesn't matter where the data is stored.
Bird: Data at the edge is a hot topic now in computing. But before we dive into that, we want to understand the challenge of this ever-changing edge network. So we spoke to Jon Rennie, infrastructure services manager at Sainsbury's.
Sainsbury's started life in 1869 as a single shop in Drury Lane, London. Now encompassing its supermarkets and stores, plus Sainsbury's Bank and Argos, it has a 16 percent share of the British supermarket sector. They've had wireless networking for a while, but it was a consumer expectation that pushed them to take another look at the edge of their network.
Sainsbury's: An edge case study
Jon Rennie: So, for about the last 20 years, we've had some form of wireless network in the stores. That has changed almost immeasurably, certainly in the last two or three years.
So there was a wireless network initially covering the back of the store where we receive goods off lorries, eventually rolling out to the rest of the store. We had to play with providing our own guest Wi-Fi service. We built the infrastructure ourselves, and that worked, but quickly it became fairly obvious that people didn't necessarily want to have to sign in to another network. It would be better for us to have a public network, which is what we did. And we entered into an agreement with our network services provider to provide their network into the store.
Bird: Consumers' expectations changed, which lead Sainsbury's to invest heavily in updating their network and Wi-Fi.
Rennie: A few years ago, the most important thing in the store was the till, and the network was really there just to drive the tills. People paid by cash, people paid by credit card, and largely, we could trade offline.
That's changed an awful lot over the last few years. A lot of credit cards now require authorization at the point of use, there's much less use of cash, and certainly in the last few months, you know, cash has become very out of favor and we prefer not to take cash.
So the network has become more and more and more important.
Bird: The way consumers expect to shop and pay has changed quite a lot over the past few years. And as I'm sure you can imagine in 2020, that changed again because of the elephant in the room: COVID-19.
Rennie: So the first signs for us were when panic buying started, we started to have difficulty with certain products.
You know, who would have known the toilet rolls would become such a valued commodity, but they did across the world. And we had to do a lot of things from a business point of view to try and keep up with that. Interestingly, there was plenty of toilet roll in the supply chain at all times, but the problem was getting it to the store and getting it onto the shelves because it was moving so fast.
Bird: When lockdowns were lifted in the U.K., the shopping environment changed again, particularly with regards to health and safety requirements. Now, while some organizations may have struggled with the new restrictions, Sainsbury's edge infrastructure was already primed.
Rennie: We took an opportunity from a technology point of view at that time of really pushing our Smart Shop service.
Agility in a changing environment
Smart Shop is a service that we've been rolling out for a couple of years now. Initially [it] went to a very small number of stores, and again one of the drivers that pushed us to improving our wireless networks in stores was needing to have that always-on available connection for those Smart Shop devices.
But what we found at the beginning of their lockdown was that customers wanted to touch as few things as possible within store. So, if possible, they could not go via a till; if possible, they could go via an unmanned till, scan their own shopping, straight into bags. So they weren't taking them out of bags, put them on a conveyor, and so on. That proved really, really popular with our customers, and we saw a massive uptake in that in Smart Shop.
Bird: Sainsbury's were able to adapt to the changing environment very quickly, thanks to the network they already had in place. But why did they invest in this edge infrastructure to begin with?
Rennie: We spent a lot of money and a lot of time over the last few years updating the infrastructure into our stores, primarily our supermarkets. We've got around 650 supermarkets. We replaced the wide-area network into those sites. What we've done over the last year or so, we ran a project called Swift, which was Sainsbury's Wi-Fi transformation.
[We] replaced the wireless infrastructure in the store, and we took out our legacy infrastructure and replaced that with a set of infrastructure that's basically cloud based. So the hardware is in the stores, but it's managed from the cloud and that's given us an advantage to making it very easy to make changes in store.
So when we open a store, when we convert a store, it's really simple for us to roll that technology in all of the configuration, [which] is based on templates, so we don't have to have engineers going in and configuring devices in stores and the delay that that brings with it. So everything is cloud managed.
Bird: Like many big retailers, Sainsbury's currently runs most of their point-of-sale services and tills from within the store, the thought being that if the network is down, the tills can carry on working. However, the boom of edge devices and the use of cloud computing means that our supermarkets are getting a lot smarter.
Wilson: The organization that benefits mostly from edge computing has got to be in the retail industry. The idea that you've got instant access to information about what goods are on the shelf, what are in a customer's shopping baskets, what have gone through the checkout, to instruct staff in the back office to replenish shelves or to replace orders.
Rennie: We've sort of moved what we do in store. So we do a lot more work at the moment around energy management, for example. So we're doing smart energy management with lighting controls and refrigeration controls. And we've also done a lot of work with video at the edge as well. So yeah, for many reasons, but mainly for profit protection and protecting our colleagues and customers and stores as well. So a lot of body worn cameras, but a lot of face cameras as well.
Wilson: With infrastructure around computing at the edge is the deployment and management.
Because the edge is so dispersed these days—think of all the branch offices, the coffee shops, everywhere else, you might want to access information—the deployment can be a challenge. How do you send stuff to site? How do you fire up? Do you need to send an expert every time it needs to have a change made to it?
Rennie: The edge network is managed via a cloud-based system that basically manages all of the edge devices, from switches to access points and various other devices as well. We also have a lot of sensors in stores as well, but that gives us real-time data on the performance of the network, the numbers of clients that are using the network, and so on.
A whole lot of data
Bird: Sainsbury's edge network management platform allows them to control and assess their entire network as well as their smart devices—the so-called things on the Internet of Things, or IoT.
This brings us to a particularly interesting point. The edge is where data is created or consumed, and with all of these smart devices around, that is a whole lot of data.
Rennie: There's an awful lot of data around, you know, what we sell and having the right things in the right places, meaning making sure that we can replenish and always have things on the shelves. We also collect a lot of data around our customers' habits as well, and we have to balance that. We have to balance out our customer's privacy requirements and the way they want us to use the data.
So a lot of our customers at the end of last year will have received an email collected through our Nectar data, for example, saying you may have been the number one buyer of shampoo or a particular brand of shampoo in this shop. We had a bit of fun with that data, and that went down really well with our customers, but that's the kind of data that we have in the background.
And yeah, it's not all about having a bit of fun, although that's fantastic, but it's about predicting what our customers want to buy, where they want to buy it, and when they want to buy it. We want to be as convenient as possible.
Bird: The huge amount of data being generated at the edge has also had an effect on the way our devices and networks are set up.
This is the realm of edge computing, where data can be processed right then and there by the device without going back to the data center at all.
Wilson: Data processing at the edge is increasing over the last couple years, and the main reason for this is because we want to make more immediate decisions.
Take video surveillance, for instance. What we're doing is we're applying artificial intelligence or machine learning to video surveillance so that if we find that there's a lost child, we can take a description of what that person's wearing or the child's wearing and have AI scan through that very quickly because the data is local.
Another example might be a safety barrier. If we put our hand through a safety beam that's supposed to stop a machine from working, we need that instruction processed instantly and locally. We want to reduce that latency so that we can take action more quickly—in other words, stop that machine so nobody gets injured.
Bird: Gartner estimates that by 2025, 75 percent of data will be processed outside the traditional data center or cloud. The main driver for data processing at the edge is latency. We're not going to send data back to the cloud for it to be processed and stored and sent back to the machine. We need that barrier to go down instantly.
Wilson: One of the benefits of local processing at the edge is actually the ability to filter the amount of data that's sent back into the cloud for storage. We're seeing a lot of IoT devices to monitor process equipment. So think of monitoring the vibrations on a lift motor.
It's not essential that every millisecond's worth of vibration information gets sent back to the cloud. What we're interested in is identifying anything that's outside parameters and making sure that is stored and acted upon. So by using local processing at the edge, we can not only make a faster decision, but also we filter the amount of data sent back across the networks, reducing the bandwidth requirements and reduce the amount of data stored in the cloud, obviously reducing the cloud storage requirements.
Where data gets processed, stored
Bird: Where we process and store data is an ongoing pendulum swing, and it wholly depends on the type of information that we have to hand.
Rennie: Some of it is processed at the edge and some of it is processed in the center. It goes back to the days of when POS was in store—all of that data was processed at the edge.
I think moving forward, that kind of data will be less important to process itself at the edge. But maybe the customer data will be processed more and more at the edge. You know, we're doing real-time analytics on what's being sold and when. We've done some trials on location tracking as well to see where people dwell in stores, where they stand in front of the shelf and look at items, rather than just picking items up. An awful lot experimentation about what we put on the end of our aisles, what we call our plinths.
CCTV traditionally was kept in the store, you know, originally on tapes but, later on, on digital devices. But we found that having that data available centrally is really important as well. So we still process it at the edge, but we now increasingly have a way of transferring that data, or at least viewing that data. Moving all of that data into the center is not always practical.
Bird: We'll be taking a deeper dive into edge computing and data in our next episode, on the Internet of Things.
The network edge is always in flux, expanding and growing and moving with us, and customers and employees expect to be able to connect quickly and, more importantly, securely.
Security at the edge
Wilson: The more devices we connect, the more we extend what we call the attack surface. And of course these types of attacks are getting more sophisticated and more plentiful every year. So, as well as extending that edge to wherever we need to be, we also need to make sure we extend our security to where we need to be as well, so that we can connect in a secure and efficient manner.
Bird: So how should organizations tackle the mammoth task of security at the edge? For some top tips, we asked Jon Green, chief technologist for security at Aruba, to talk about edge network risks and what you can do to mitigate them.
Jon Green: The edge could be in a lot of different places. Now, typically we're talking about inside the four walls of an enterprise facility, it's going to be the network that's outfacing the users. So it's going to be the place where if you connect into Wi-Fi, if you're connecting to a wired part of the network, but it could extend out further than that to branch offices and remote offices [and] it could extend out to teleworkers in their homes. You know, when we can go back to airports and hotels and places like that, there are users sitting out there who need to access enterprise resources.
In all of those places, we have similar requirements and that is number one—finding out who the users or the devices that are connecting to that edge network. Without that information, there's very little we can do. So what we'd like to have people do is, instead, try to figure out what's out there, and that could be through strong forms of authentication. We use protocols like 802.1X, which is wired port authentication.
It's also embedded within Wi-Fi, and so we kind of naturally get authentication and identity as part of a Wi-Fi connection. You may have older devices, you know, printers that have been around for 15 years—if it's still working. We don't have good ways to authenticate those devices, and so we need to find some way to attach an identity to those sorts of devices as they come into that edge portion of the network.
That's really the fundamental piece of the architecture, that you can't go much further in terms of securing that edge if you don't have that, because we don't want to treat an executive on a laptop that's run by corporate IT the same as a security camera or a television screen that's mounted on the wall.
Bird: Attaching identities to users and devices on the edge is the key first step in creating a more secure architecture. We want to reduce the risk first and then respond.
What are the risks?
Green: From a risk standpoint, we kind of have to look at all things as being of equal risk, but maybe risks of different things. Attaching identity to a corporate user on a laptop doesn't do anything to address that user stealing data or clicking on a phishing link. But what it does let us do is, if we detect that that's happened, we now have a means through the network to either cut that user off, redirect their traffic rate, limit them so that the damage can be limited, quarantine, send a notification. There are lots of different ways to address that from a response standpoint, and that can be a way of lowering the overall risk there.
Now, people listen to this and say, that's really difficult to do, to apply all this identity. But you can take a default policy and say all ports in my building unless otherwise configured are going to have Internet access only, and they don't touch anything on the internal network. And that's a starting point to say if I have services on the internal part of the network that are not well secured, at least I'm protecting those from all these devices that people are connecting.
Bird: Users connecting nefarious or simply insecure devices to a network is a huge concern for organizations because sometimes, quite literally, they just walk in through the front door.
Green: People have realized it's not difficult to get inside of somebody's building. And once you do, there are very inconspicuous devices that can be connected to an internal network.
The famous one, I guess, is the Pony Express. That was one of the first ones that was sort of a ready-made, looked like a innocuous [generic box]. And you could plug that into power. You could plug it into a network. It would look to anyone walking by who didn't know better like something that belonged there. And often people would use this, they would actually take a label printer and print "Do not move; contact IT" and stick that on the device. Now, who would look at that and say, oh, this is a security threat. Well, what that device had inside of it was an LTE radio that was connected to the outside mobile phone network and someone basically had remote access inside of that network.
So, if you didn't have services that were secured properly, you had a real security threat, and it takes a matter of seconds to install something like that.
Bird: Jon has worked with many top government agencies in the U.S. and the U.K., where Wi-Fi was a pretty hard sell. If the signal could extend beyond their four walls, how could they be sure who was able to access their network?
Green: They've overcome that. I live in the Washington D.C. area, and there are agencies around here that you would never expect that are operating Wi-Fi networks for enterprise use at very high security levels. And they've been able to find architectures that mitigate the risk effectively. So it's things like transmit power on Wi-Fi access points and making sure that that signal, we know it's going to go outside the building, but can we limit how far it goes outside of the building. Multiple layers of encryption, multiple layers of authentication. There's an entire architecture that's out there publicly for how to do this securely, and a lot of people are following that.
Bird: Now with Wi-Fi itself, most organizations find that the benefits, namely cost saving and productivity improvements, outweigh the risks.
Benefits vs. risks
Green: When this got started, at least within the U.S. government, the director of national intelligence, Mr. Clapper at the time—this is back in the Obama administration—said publicly, "We have a problem with workforce retention."
Now, Wi-Fi and mobility are not going to solve that. It's not like you're saying you can bring in your personal mobile phone and be on Instagram all day long, but people definitely demand this these days. And if they don't get it, they'll still try to find it or they'll try to bring it in themselves, and that creates obviously big security risks itself.
Bird: Devices walking in and accessing networks is also a problem with IoT devices that are sold by an ever-increasing number of vendors with security standards that can, politely put, differ dramatically.
Green: The issue with IoT devices is you don't have somebody necessarily contacting IT and saying, "Hey, I'd like to connect a device to the network."
You have building automations systems and you have air conditioning and heating controls, and you have physical security, like security cameras and proximity sensors. All these sorts of things, those are on the network these days and if you're not controlling that well....
You know, think about Target stores in the U.S., when they got hacked, what six or seven years ago, 40 million credit card numbers [were] lost. That was through the control system for the HVAC, the heating, venting ventilation, air conditioning. That device had no reason to be able to get to the portion of the network where credit card information was being stored, but it was an oversight in the sense that nobody thought about that. Nobody thought of that, and they may not have even known it was there in order to think about it in the first place.
So the invisibility nature of all these IoT devices is part of the problem. If I look even at my home network, there's something like 85 devices connected to my home network. And most of them, I connected myself. My kids know the Wi-Fi password, and so they of course connect things up.
And I see things all the time when I look at the network and say, "well, what is that? Where did that come from? Oh, that was me. I deployed something and just forgot about it." But multiply that by a 1,000 or 10,000 and that's what an average corporation is dealing with.
Securing the network edge
Bird: The network edge is huge. It encompasses so many personal and company devices that organizations can easily forget where a device is and what it's doing, or that they even have it at all. Devices left unchecked are ideal targets for exploitation, but clever networking can help to mitigate that risk.
Green: One of the approaches that some of our healthcare customers have taken there is to say, "Well, I'm going to essentially isolate every device on the network into an enclave or a community where this blood pressure monitor that's connected to the Wi-Fi needs to be able to reach this central monitoring console that's out at a nurses' station. We're going to create this sort of virtual enclave to say, that is the only thing that those devices see. They can't see anything else on the network. They can't talk to the Internet. They can't talk to anything else except each other."
And you create a couple hundred or a couple thousand of those sort of virtual enclaves and now you've kind of solved the problem of, you know, "I've got vulnerable devices out there."
Bird: Security is a hot topic at the moment with quite a few principles being discussed. For Jon, the one to watch for IT departments is zero-trust networking.
Green: One of the popular frameworks that people have began discussing in the last few years is something you would call zero-trust networking. The idea is essentially don't give access to services without authenticating users and having authentication encryption.
So think of it like a web services; think about it like I've got a browser. I've got a web server on the other side that has the data I need to access, and I have to do mutual authentication between that browser back to the application. If I've done that, if I've gone to that step of having that sort of secure, authentication and encryption, do I really need VPN anymore? Do I really need to worry about the distinction between what's inside the enterprise four walls and what's on the outside?
And if you have services like that, potentially you can say, well, no, it doesn't really matter. And so now, if I can do that for a 100 percent of my services, I can say, well, now I really don't care where employees are connecting from as long as they have IP connectivity and they're on a trusted device, they can have access to those types of servers.
Bird: When it comes to edge network security, it's clear that organizations need to be agile and adapt to new technology as soon as possible. Looming on the horizon is the proliferation of 5G—potentially, for organizations, another spanner in the works.
Green: You're going to end up with edge-connected devices that you don't know necessarily are connected. So instead of saying that flat-panel television screen that I need to put on the wall in the conference room, it needs to be connected to an Ethernet port. Instead, that television will just ship with a 5G radio inside of it, and it will try to find its own network connection.
You may or may not know that it has that. Where's that data going? If it's going on a 5G network to some cloud service, is somebody listening to your conversations in that conference room? And how can you detect that's something that's happening when it's not going over a network that you own or control?
That's a little bit scary, and people are really going to have to pay attention to what's connected and what's not. And if it's connected, what can it do? And what kind of threats does it have that I might need to counter?
Bird: Regardless of where the data is processed or stored, locally or in the cloud, the extended attack surface of edge technology means organizations will need to enforce strict security standards to mitigate risks.
Despite those security concerns, 5G has a very important part to play in our edge networks now and in the future.
Network access where you want it
Wilson: When we're consuming this content, when we're getting these experiences, we want to everywhere. We want it when we're out on the road, when we're walking down the street, but we also want it when we're in the basement meeting room at our office. And the different wireless technologies, both 5G and Wi-Fi 6 absolutely have the optimal place.
As I'm in my car driving down the road and I've got the mapping technology giving me directions on where to go at the moment, 4G, 5G is the best technology for that.
But if I'm in a meeting room in my office and I want to upload a PowerPoint presentation to One Drive, Wi-Fi is absolutely the best technology.
Bird: So connectivity isn't going anywhere, and networks will need to keep up with their employee and user expectations.
Wilson: So what's next for the edge? Well certainly our mission is to make it faster and easier and cheaper and to be able to deliver more and more use cases. We want to support more devices connected, both the devices people carry and of course the IoT. And to speed up the process of deploying that. I think from an edge compute perspective, it's about deployment. It's about making it as easy to deploy remote compute technology as it is to deploy an application in the traditional data center.
Bird: The future is certainly going to be pretty "edgy." Advances in edge networks, connectivity and cloud computing allow organizations to offer streamlined data-driven experiences for customers and employees alike and how they rise to the security challenges of these new innovations will be vital to their success.
And as for the impact of the Internet of Things? Well, you'll have to join us next time to find out.
You've been listening to Technology Untangled. A big thanks to today's guests Simon Wilson, Jon Rennie, and Jon Green.
You can find out more about today's episode in the show notes. Be sure to hit subscribe in your podcast app and join us next time when we'll be exploring the Internet of Things: devices on the edge ushering in a new age of efficiency.
Today's episode was written and produced by Isobel Pollard and hosted by me, Michael Bird, with sound design and editing by Alex Bennett and production support from Harry Morton and Alex Podmore. Technology Untangled is a Lower Street production for Hewlett Packard in the U.K. and the Ireland. Thanks for tuning in and we'll see you next time.
Listen to other episodes:
This article/content was written by the individual writer identified and does not necessarily reflect the view of Hewlett Packard Enterprise Company.