agsandrew - Fotolia
Fortinet: 5G to present new edge computing security concerns
Although the rollout of 5G connectivity will enable new edge computing opportunities, John Maddison, executive VP at Fortinet, said it will also require new security considerations.
The rollout of 5G wireless technology is expected to enable many new technologies to thrive, but it will also lead to new edge computing security challenges and competition with cloud providers.
John Maddison, executive vice president of products and solutions at Fortinet Inc., said that although the rollout of 5G may take a while, the benefits are apparent, including more data capacity, faster speeds and lower latency, which will enable more edge computing options.
In this Q&A, Maddison says this will also present challenges for edge computing security, as attack surfaces will grow larger and more decentralized, which will present the need to rethink how edge computing security is handled by enterprises. Additionally, the rise of edge computing could lead to competition between ISPs and cloud providers.
Editor's note: this interview has been edited for length and clarity.
Can you walk through how the 5G infrastructure is set up and how it could change enterprise connectivity?
John Maddison: I think a lot of the 5G applications will be IoT-oriented because a lot of those IoT applications need low latency, and I think edge compute will be a key component of 5G.
Today, we think about data centers all becoming mega-data centers around cloud, and we'll still see that trend happening. But we're also going to see compute move to the edge, and 5G will be a big platform to allow that to happen.
At edge compute, we'll empower these low-latency applications that require a very rapid compute and low latency for a small amount of compute.
At some point, because of the capacity and throughput, 5G will take over more of the traditional fixed-line connectivity where you've probably got more capacity. For example, today, we've got some products that are called SD-WAN, which have built-in 4G and 3G LTE capability and, often, the customer uses that as a backup.
5G is going to be a very important component of that because when it rolls out properly, it won't be used as backup like 4G is today. It'll be used as a primary connection for a lot of businesses, and they will use that as part of their SD-WAN 5G.
The move to more edge computing applications can decentralize the structure of the network. What does that mean if there's an edge computing security concern, like a malicious device on the network?
Maddison: Security people are always concerned about the attack surface, and the attack surface definitely changes when we've got networks and applications which are much broader and, sometimes, not under your control. Once that attack surface becomes so large, it is a big risk.
The security then needs to be deployed in a different way. And whether it's deployed in the car itself, in the application, the IoT devices -- it'll be security deployed in the edge compute.
And edge compute has to be much more efficient than centralized data centers, so you'll see custom silicon for edge compute deployed to provide security. You'll see security deployed as virtualized systems in the core networks and you'll see connectivity deployed at the internet gateway. You'll see a much more distributed model of security versus the current model today where it assumes everything goes through a secure gateway; that's just not going to be true.
But you're going to see a hybrid way of deploying that security through custom silicon, off-the-shelf virtual systems. And then, because of the serious scale, the other component [of] artificial intelligence and machine learning will be essential. It'll actually be mandatory.
There's no way you can provide security without deploying some AI and machine learning just because of the sheer scale. From a security perspective, you're going to see a much more distributed model, and then you're going to see much more deployment of AI and machine learning as the security component.
With the more distributed idea of edge computing security, how difficult is that going to be to implement?
Maddison: A very simple example is, 5G makes sure everything is encrypted. Even just to provide that encryption, there's a lot of processing power [needed], and if you use the normal, off-the-shelf CPU, that takes a lot of compute resource.
We're talking billions of devices here eventually. That's why we see custom silicon as being an essential part of edge computing going forward because you've just got to get the efficiency right.
Can you expand on the encryption changes coming with 5G?
Maddison: The encryption piece is end to end. If you look at all the applications on the web today, they're definitely encrypted -- 80% of the traffic is encrypted in HTTPS. The majority of the traffic is traveling across the application encrypted, but also they'll provide encryption at the transport layer, as well, so you've got encryption upon encryption upon encryption, which makes it even harder for general purpose CPUs.
Encryption is here to stay across our networks and it's great because that provides things not in clear text [where] people can just tap in and see what it is. But it's a lot more compute to transport it around.
The CEO of AT&T, Randall Stephenson, talked about how things will change because of the low latency of 5G. He said "the storage no longer needs to be [on endpoint devices]. The storage can be back in the network. The compute capacity no longer needs to be there. It can be back in the network." What are the edge computing security concerns of a move like this?
Maddison: What he's talking about is edge compute. Some of the compute might be in the towers. Imagine that, where you've got compute there. But there's no reason why that can't be there at some point. Whether you trust them or not is a different matter. I think they'll have to rethink that security strategy totally, but that's probably the only way it's going to work for some of these apps.
I was watching Sprint doing this 5G example. One of the applications was if you took your eyes off the road [while driving] for more than three seconds, it would send an alarm and buzz you or your phone. It's a very simple application, just to make sure your eyes are on the road all the time.
But it was using a very rapid calculation locally and in the edge compute to do that. If you had to send that information to data centers, [you're] too late. You're done. You've crashed. So some applications will have to work that way with edge compute.
And that necessarily gives a lot more power to the carriers.
Maddison: It's actually what they want. Why do you think they're building 5G? They're absolutely building 5G for that reason.
It's no different in my mind than some of the cloud vendors, like Microsoft and AWS. They're creating monopolies, as well. Data is very powerful going forward, and if you've got lots of data, you can even sell it and use it, to mine it, to kind of promote things. And so I think the carriers want a piece of that action, and they want to say they can do that if they control some of the applications, for sure.
We're here in Silicon Valley; we've got an Apple campus to our right and a Google campus to our left. They're huge campuses. It just gives you the size of the investment these companies make. [Google] is building a new data center every six months. The investment needed for these networks of 5G is enormous. There are going to be large companies that are the only people to build them. A shift from the cloud to edge compute might balance things out a bit.
Today, there are four or five cloud vendors around the world: it's Facebook, Apple, Amazon, Google, Microsoft. There's probably Alibaba in China, as well. If you let those [companies] decide everything going forward, then it's probably not a good thing. If you have maybe 10 carriers also able to offer it to most of us, I think that's a good thing. Would you like it to be more distributed? Probably.
But, coming back to it, this just means, in our mind, a different security challenge, and I think we refer to it as kind of a security-driven networking. Instead of thinking about security last, you think about security first. You think about how the security is going to be building a network first -- [with] privacy, encryption, defense, defense against exploits, social engineering -- and then build your network.