Self-Learning Series Part 2: Delivering Zero-Trust Security with NativeEdge
Tue, 17 Oct 2023 13:43:00 -0000
|Read Time: 0 minutes
At the edge, there are security risks where devices are typically deployed in remote and less secure locations, making them vulnerable to physical tampering. Furthermore, when these devices are shipped throughout the supply chain, the device could be exposed to multiple different parties where there could be a malicious actor somewhere throughout the supply chain.
The distributed nature of the edge and lack of technical staff make security and compliance the most business-critical pieces, determining the viability of any edge plan.
Maintaining hardware and software complexity for various form factors, network connections, levels of ruggedization, and configurations is a significant challenge that must be addressed for large-scale edge deployments.
This highlights the importance of ensuring that edge devices are secure, user-friendly, and straightforward to deploy.
The NativeEdge platform is built from the ground up with zero-trust security principles. We alleviate the security fears by delivering a platform that ensures the integrity of edge hardware from design to deployment, and along the supply chain to protect applications and data through hardened blueprints and digitally signed package validation.
Ensuring a Zero-Trust Chain of Custody
Our top priority is ensuring security from design to deployment and all along the supply chain to protect applications, data, and infrastructure across the edge estate using zero-trust security principles.
To address this need, Dell introduces NativeEdge secure device onboard (SDO), a solution that simplifies the deployment of NativeEdge-enabled Devices while ensuring robust security with zero-trust and zero-touch capabilities. Using NativeEdge, anyone can set up a NativeEdge-enabled Device by plugging in a network cable, powering on the device, and stepping away. Devices automatically onboard into the NativeEdge Orchestrator for zero-touch deployment across sites.
After SDO, the NativeEdge Orchestrator securely provisions the NativeEdge Operating Environment onto the NativeEdge-enabled Device. At this point, the device can accept deployment of applications from the NativeEdge Orchestrator.
Every shipment of NativeEdge-enabled Device from the Dell manufacturing plant is secure and locked down. This is accomplished by the following:
- Secure boot is enabled in BIOS, meaning that only Dell NativeEdge images such as Factory OS, NativeEdge Operating Environment, factory reset image, and so on can successfully boot.
- The BIOS password is protected and locked out.
- Boot order is locked down.
- Secure component validation further protects PowerEdge R660 and R760 NativeEdge.
- iDRAC (for PowerEdge models) is disabled during onboarding.
- A single network port is available for onboarding while all other ports are disabled.
Impact Management from Deployment to Onboarding
Secure operations, including the ability to deploy and secure workloads anywhere, and centrally monitor and report on technical and business-level changes, is another critical concern at the edge. Application orchestration solutions designed for edge deployments must be able to deploy these operations workloads to the cloud of their choice.
An important feature of NativeEgde security is the secured component verification (SCV). It ensures that the devices are delivered and ready for deployment exactly as they were built by Dell manufacturing, providing an extension to the Dell Secure Supply Chain assurance process. We leverage a trusted platform module (TPM) chip to secure the hardware with integrated cryptographic keys. TPM stores some security certificates and secrets to encrypt all the management communication. It ensures that, as an edge device is onboarded to NativeEdge, the connection is highly secure, and that edge device cannot be removed from the location and managed through any other means. It can only be managed through NativeEdge.
Additionally, securing with zero trust reinforces the security of applications, data, and infrastructure at every layer:
- By protecting hardware integrity with FDO-enabled devices
- Fortifying data and application, from edge to cloud
- Focusing on authenticating, authorizing, and protecting these individual users, applications, and devices irrespective of their physical or network location
- Allowing administrators to create users and assign role-based access control
Finally, as part of zero trust, we need that tamper-proof edge hardware and software integrity. We need to make sure that something hasn't happened to that device, because at the edge, you may not have the same level of security controls that you have inside your core data center, or even inside a regional data center. These sites typically have fewer access controls than some of the other edge sites we just mentioned. By giving you consistent management and control and the ability to keep your edge infrastructure up to date, you can be assured that your edge state is not increasing the attack surface for your IT infrastructure and operations.
Security Standards that Protect Your Data
Zero-trust security principles are at the core of NativeEdge, ensuring the integrity of edge hardware, applications, and data through hardened blueprints and digitally signed package validation. While onboarding new devices or applications, the platform extends continuous security across all connected resources, providing you with peace of mind.
NativeEdge empowers you to leverage the enormous benefits of edge computing, while ensuring the integrity and safety of your systems and data.
Conclusion
Dell NativeEdge helps businesses secure the data pipeline from data sources to the edge applications running locally, in data centers, or on the cloud. It combines advanced security measures such as encryption, user access control, private app catalog, network segmentation, and security orchestration. The edge platform also uses telemetry and analytics to proactively assess the security posture of the edge estate without relying on experts with audit capabilities to visit every site.
Dell NativeEdge protects your edge estate with zero-trust security principles. The edge operations software platform enables secure zero-touch onboarding coupled with a hardened and secure edge operating system, which is fundamental to the fidelity of your edge estate. With Dell NativeEdge, you can rest assured that the devices, users, network, applications, and data are continually attested and validated across your expanding edge estate.
To learn more about how to secure with zero trust, click here to see an interactive flip-book.
Additional Resources
To learn more about edge security essentials, click on the following links:
This blog is a part of a self-learning series. For more information on NativeEdge, go to: