Sophia Antipolis, France, September 28, 2022: Members of the ETSI Multi-Access Edge Computing Group (ISG MEC) have just released a new white paper, “MEC security; Status of standards support and future developments”.
The white paper focuses on Multi-Access Edge Computing (MEC) technologies and examines security-related use cases and requirements with the aim of identifying security aspects where the nature of edge computing leads to inadequate industry approaches to cloud security. This second edition provides an updated status of standards and industry groups and includes a brief description of selected MEC security aspects not previously included in the first edition (e.g. security aspects for MEC Federation, infrastructure security and physical protection, data protection, user security and data security , network security layer and application security layer).
Edge computing environments are inherently characterized by a complex ecosystem of devices with multiple vendors, suppliers and stakeholders, encompassing both HW and SW devices. Given this overall system heterogeneity, security, trust, and privacy are key issues for the edge environments. Finally, the advent of edge cloud federations and the presence of (remote) edge devices, e.g. B. in Internet-of-Things environments, addressing MEC security with an end-to-end (E2E) approach, leveraging existing standards relevant in this area, carefully selected to be used in edge computing systems to be applicable.
In this heterogeneous scenario, talking about end-to-end MEC security means considering the impact on the elements emanating from all the stakeholders involved in the system. In this regard, MEC should pay attention to the vulnerability and integrity of all third-party elements, and a truly end-to-end approach to MEC security must consider not only the current standards in ETSI ISG MEC, but also the other available standards that are based on MEC environments may be applicable. Against this background, the white paper provides an overview of ETSI MEC standards and current support for security, which is also complemented by a description of other relevant standards in this area (e.g. ETSI TC CYBER, ETSI ISG NFV, 3GPP SA3) and Cybersecurity regulation potentially applicable to edge computing.
In addition to a description of security use cases and requirements for MEC, an analysis of security threats related to the MEC federation is provided, as the standardization work in ETSI MEC (and also in 3GPP) is expected to take this GSMA work into account and initiate necessary actions Place to enable the actual deployment of the MEC Federation, which is very important for operators and service providers. Finally, a general perspective of future developments and standard directions for MEC security completes the work.
This MEC security white paper is therefore a must-read for all ecosystem stakeholders, as the adoption of edge computing technologies brings with it the need for infrastructure owners and application/content providers to adopt a level of security when using edge computing resources ensure to meet these requirements customer requirements.
Providing the necessary clarifications in this white paper, as the first initiative in this area, is a step forward in aligning the edge ecosystem and a means to further encourage the adoption of MEC technologies.
Download the free MEC Security Whitepaper HERE.