Securing edge computing? It’s time for a new architectural approach
At Spectro Cloud we’ve been working for years with customers across many different industries, validating the notion that edge computing is not just yet another computing paradigm, but truly transformative for businesses.
That belief fueled our creation of Palette Edge, our purpose-built edge Kubernetes management platform, over a year ago. And it fueled our support more than six months ago for the open source project Kairos, pioneering the concept of flexible immutability. Kairos enables enterprises to create their own tamperproof Linux distribution and Kubernetes stack, dramatically raising the bar in edge security.
And indeed security is still a topic that comes up time and again in our conversations with both customers and our ecosystem partners.
That’s why we joined forces with the like-minded engineers at Intel, and set out to build a new vision for what security on the modern edge should look like.
We started shaping a new set of requirements, based on a fundamental rethink of how hardware and software comes together at the edge. The result is today’s announcement of the Secure Edge-Native Architecture (SENA).
Edge-native vs “...can also work at the edge”.
SENA’s premise is simple: conventional hardware and software architecture for the data center and clouds just isn’t enough for the edge.
Edge environments don’t have four solid walls. They have no dedicated teams to monitor everything and everyone that comes in and out — physically or virtually.
Edge computing is all about unsupervised locations, intermittent or no connectivity, sizing constraints and nodes exposed to weather conditions, and hundreds or even thousands of locations to manage.
Couple all that with the complexity of Kubernetes and its ecosystem of hundreds of open source and commercial solutions, and suddenly deploying an AI-based app to process data from a utility grid doesn’t sound like a simple task.
Individual hardware and software security capabilities that are sufficient for conventional locations such as data centers and clouds are not fit for the edge. With such a different environment to secure, we really needed to go back to the drawing board.
What’s required is an architecture that tightly integrates hardware and software, working together in unison. And all this, without compromising on flexibility or cost.
Enter the Secure Edge-Native Architecture (SENA)
Working with Intel, and taking inspiration from its trusted platforms portfolio, we looked across the board in terms of bridging together best-of-breed capabilities and principles.
We worked to address common questions that emerge in real-world projects. How can you:
- Trust and verify a hardware device before you deploy it or onboard it to your Kubernetes environment, where there are no on-site IT skills?
- Verify a complete software stack and only provision what’s intended for that device?
- Protect user data and application workloads, even when the device falls in the wrong hands?
- Perform Over-The-Air (OTA) upgrades without risking application availability?
- Streamline deployment of devices and apps for air-gapped locations or sites with intermittent connectivity?
- Operationalize a true zero-trust security architecture, access controls, and manage at scale hundreds or thousands of locations?
To answer these questions, we brought together cutting-edge concepts and technologies like Trusted Execution Environments (TEEs), immutability, Confidential Computing and zero-trust security principles, complete lifecycle Kubernetes management, and much more.
SENA integrates best-of-edge technologies from Intel, Spectro Cloud and the open source community, with a goal to raise the industry’s standard for securing edge environments. Core ingredients include Intel Smart Edge; Spectro Cloud’s Palette Edge Kubernetes management platform; and the open source Kairos.io project.
But a key principle of SENA is to promote the use of universal and industry-acknowledged frameworks, including open source solutions and tools, as well as providing transparent references to capabilities without mandating specific commercial solutions.
SENA therefore leverages concepts and frameworks such as Software Bill of Materials, Supply Chain Levels for Software Artifacts (SLSA), Trusted Execution Environments (TEEs), Open Container Initiative (OCI), immutable OSes, Fast IDentity Online (FIDO) and Confidential Computing principles, various open-source security tools, and others.
Play your part in SENA
Our shared vision with Intel for this solution architecture is no less than to accelerate the entire edge computing industry. We’re offering providers and enterprises a new reference architecture that provides easy, cost-effective and secure management of edge environments at scale.
To that end, we’re excited to join the Confidential Computing Foundation to continue the great work we’ve started with Intel and other members and continue to support organizations in their edge computing and Kubernetes journeys.
Don’t forget to register for our webinar with Intel where we will be talking more about SENA. In the meantime, download the SENA technical white paper to read what it’s all about.
Run Kubernetes your way, anywhere: Excited to Announce Boldstart’s Investment in Spectro CloudRead our article