Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How to Secure Edge Compute

How to Secure Edge Compute

In this talk, I share lessons learned about protecting edge compute, and why the focus must be squarely on process and people.

This version of the talk was given at devopsdays Vilnius in September 2023.

Kerim Satirli

September 07, 2023

More Decks by Kerim Satirli

Other Decks in Technology

Transcript

  1. HOW TO SECURE
    EDGE COMPUTE
    A PRIMER ON

    View full-size slide

  2. Sr. Developer Advocate at HashiCorp
    he / him
    @ksatirli
    Kerim
    Satirli

    View full-size slide

  3. Cloud
    Edge

    View full-size slide

  4. edge com·put·ing
    noun
    computing that takes place at or
    near the physical location of the
    producer or consumer of data.
    point of presence mobile datacenter
    Similar:

    View full-size slide

  5. Challenges
    trackers must be easy to enroll
    trackers can break
    rogue trackers lead to bad data
    trackers identify people

    View full-size slide

  6. Challenges
    instances must be easy to enroll
    instances can break
    rogue instances lead to bad data
    instances identify services

    View full-size slide

  7. Off-shore
    Challenge: Enrollment
    On-shore
    ▪ establish trust between
    network and device
    ▪ ensure device works
    ▪ disable (without removing)
    device in network gateway
    ▪ establish allowlist
    ▪ re-enable previously
    activated device
    ▪ ensure device works

    View full-size slide

  8. Challenge: Enrollment
    device_id 11569343838664
    device_rev v1
    device_key vault:v1:Ajxr/3+mxye8d0tQWoGMlBkf3XW5aDjz+Pobt0Y2uzmfs6E=
    device_activated TRUE
    device_state 2x5

    View full-size slide

  9. =
    Challenge: Identification

    View full-size slide

  10. Challenge: Replacement
    employee_id A.643838.X3
    employee_team_id A.589
    device_id 11569343838664
    device_link_date 1691514302
    previous_device_id 11569343838663

    View full-size slide

  11. mutual TLS for gateway-to-cloud
    transform sanitized data to make it actionable
    inspect payload for rogue tracker data
    Ingress Protection

    View full-size slide

  12. Data Visualization
    https://tracking-maps.svcs.dev/#/overview
    # "
    "
    "
    "
    "
    "

    View full-size slide

  13. (Network) Security
    is a Team Sport.

    View full-size slide

  14. speakerdeck.com/ksatirli

    View full-size slide