How to Extend Zero Trust to Data at the Edge

With the rise of remote work and the explosion of the Internet of Things (IoT) generating large volumes of data in the field, agencies want to provide staff the ability to analyze and use that data in the field as well. This is the concept of edge computing. But there’s a catch: They also need to secure that data.

“This is where zero-trust architecture (ZTA) comes into play,” said Michael Epley, Chief Architect and Security Strategist with Red Hat. “In this environment, it is critical to move from the castle-and-moat architecture of the past to address the needs of a hybrid cloud, and that includes the edge.”

To extend ZTA to the edge environment, there are three key issues to consider.

Identity and Access Management

Identity and access management, while key to ZTA, present special challenges at the edge, according to Epley. An edge system typically is composed of many independent instances of systems, making it difficult to manage access privileges. Further, user credentials are at higher risk of misuse in the edge environment because there is less centralized control.

The solution? A distributed identity management solution. Such systems rely on multi-part approaches, such as blockchain (an immutable record of digital events) and Merkle trees, data structures that enhance the efficiency in blockchain. “There are a number of distributed identity systems being developed today, and they represent one approach to managing this problem,” according to Epley.

IoT Fleet Management

Another challenge is the high volume and variety of IoT devices, which makes it difficult to implement zero trust effectively, particularly as these devices operate according to automated routines.

Fleet-wide automation of a distributed identity and access management solution would help define allowable interactions and reduce risk across the entire system, according to Kenny Peeples, Principal Cybersecurity Architect at Red Hat. “With automation, Red Hat can implement the configuration-as-code across all those diverse devices, and be able to track the configuration drift.”

Integration With Cloud Infrastructure

In extending ZTA to the edge, planners need to consider the role of cloud in supporting those widely deployed endpoints. That requires a different mindset.

“We have to stop thinking of edge and cloud and IoT as separate,” Peeples said. “The practical reality is that these systems are going to be interoperating with each other. That means we will be making the zero-trust access-control decisions across our cloud infrastructure, as well as our IoT and edge systems.”

And with edge data increasingly tied to the cloud, security efforts also will help ensure the validity of that vital information.

There’s an urgent need to bring ZTA to the edge, where systems are subject to physical and network compromise to a much higher degree than non-edge-based systems. Applied at the edge, ZTA offers “a holistic security framework that addresses many pillars and capabilities of security” Peeples said.

This article appears in our guide, “A Fresh Look at Data.” For more ideas about how to use data in important and innovative ways, download it here:



Photo by Anastasia Shuraeva at pexels.com

Leave a Comment

Leave a comment

Leave a Reply