November 30, 2018 Unikernels Securing the Edge

Edge compute sacrifices security for efficiency when software applications run Linux, Windows but these problems are solved with unikernels.

November 20, 2018

The convergence of IT and OT is creating a new world of cyber difficulties. Traditionally operational technology and information technology systems have been a world apart however two important trends started to bring them closer. One is that it’s more and more desirable to control your OT systems over IT channels and second data proliferation from OT systems is becoming increasingly necessary to digest on IT systems. These of course are two broad strokes over what’s really going on.

This confluence of traditionally separate technologies is creating the largest buildup of compute outside the traditional datacenter ever. Edge compute is the practice of deploying software applications outside of consolidated datacenters closer to where the data that is consumed, acted upon and produced. Edge compute is forecasted by pretty much everyone to utterly dwarf the mega large datacenters companies like Amazon and Google have installed throughout the country and the world.

One of the bigger shifts that is creating all this edge compute demand is the application of various machine learning algorithms utilizing the data coming off the shop floor. Gauges have been replaced with sensors while sensors are being replaced with smart sensors and finally the smart sensors are being replaced with full blown machine learning driven software applications. Intel’s new Movidius Neural Network Compute stick – the size of an USB stick can now be had for a mere $100. That little stick can now do things that just a few years ago only humans could do. Instead of doing error prone spot checking for defects on an assembly line you can now write a program that will scan each and every single item such as a toy coming down the line looking for defects all the while incorporating things like alerting the appropriate person and running analytics 24/7/365. Other common use-cases involve re-purposing those cameras you have installed throughout the factory. Those cameras can now in real time detect spills on the floor and alert people before they become a hazard.

The advantages are extremely clear and adoption is coming in full force. There’s just one exception. If we are truly going to install all this software in all of our factories and take advantage of its benefits we need a different way to approach the cyber question. When you run operating systems like Windows or Linux on devices like this you are asking for trouble. It’s hard enough to properly secure at scale the servers residing in the large datacenters – especially when you have thousands of software engineers at your beck and call. When you don’t have those engineers and these heterogeneous applications are spread far and wide your cyber exposure skyrockets. Traditional IoT systems like IPTV cameras and gateways are notorious for their improper security posture creating massive botnets that are utilized to inflict damage across the internet. The same mistakes cannot be repeated with edge compute.

The security industry is completely stagnant and not ready to deal with the challenges that edge compute represent. When the best you can do is stand up a SOC and ensure your patch management practices are in place along with vulnerability scanning from the endpoint protection systems you are fighting a losing battle. It’s a non-stop battle of cat and mouse – continuously updating infrastructure and operating systems and applications to combat the non-stop assault on your systems by hacktivists, nation states, insider threats and other ner-do-wells.

Why is that we can drop our phones into the toilet and they are fine? We can even throw some of the ‘rugged’ laptops down the stairs and they are fine yet one tiny little server sitting in an assembly line is completely and utterly exposed through its cyber landscape? What happened to the ruggedness??

Patch management and endpoint protection systems are for the birds.

Many of us in the industry are betting on the adoption of unikernel technology. Unikernel technology comes with a four-point security model designed to severely limit company’s cyber exposure. They don’t have the concept of usernames/passwords – you can’t login to them. They are single process systems meaning they can only run the one application that was intended to run – not things like malware. They don’t have shells and they embrace a dramatically reduced attack surface compared to Linux or Windows – the other commonly deployed operating systems.

Edge compute has the potential to completely transform the industrial world lowering costs, increasing output, and limiting risk and when paired with unikernel technology you can ensure that your software and your plant limit your cyber exposure.

About the Author
Ian Eyberg, CEO of NanoVMs, is a self-taught expert in Computer Science, specifically operating systems and mainstream security, Eyberg is dedicated to initiating a revolution and mass-upgrading of global software infrastructure, which for the most part is based on 40-year-old tired technology. Prior to cracking the code of unikernels and developing a commercial viable solution, Eyberg was an early engineer over at Appthority, an enterprise mobile security company. He also worked for Bluff.com doing poker analytics and studied Computer Science briefly at the University of Missouri-Rolla before pursuing a call to travel the world. For more information about San Francisco based NanoVMs, www.nanovms.com.

Subscribe to Industry Today