Zero Trust Reference Architecture for Edge Infrastructure

A comprehensive Zero Trust security solution is the bedrock of IT/OT infrastructure integration. Protecting critical data and meeting regulatory compliance requirements while maximizing uptime and safety requires not just solid planning but also the right technology stack to deliver on all aspects of digital security in distributed edge settings.

EVE-OS developed within the Linux Foundation’s LF Edge organization is optimized to serve as the “Android of the Edge” and is an ideal foundation for a Zero Trust edge security stack. EVE-OS is a lightweight, secure, and universal Linux-based distributed edge operating system with open, vendor-neutral APIs for remote lifecycle management. The OS can run on any hardware (e.g., x86, Arm, GPU) and leverages different hypervisors and container runtimes to ensure policy-based isolation between applications, host hardware, and networks. The Project EVE community is now over 60 unique developers and has become popular as the system of choice for security stakeholders.

Together ZEDEDA, NetFoundry, and Arrow have developed an end-to-end Zero Trust reference platform with EVE-OS as the foundation.  By harnessing the power ZEDEDA’s open orchestration solution and the context-specific nature of NetFoundry’s AppWANs, Enterprise administrators, solution OEMs, and technology providers can easily establish software-defined security infrastructure from edge silicon to the cloud. The joint solution enables Zero Trust, identity-driven networks with application and device specificity at scale.  

The reference design blends capabilities from both ZEDEDA and NetFoundry to offer protection at the edge node (hardware and applications) and network levels based on the Zero Trust framework:

ZEDEDA offers an orchestration system that is simple yet scalable and effectively provides full visibility into the distributed edge network. Orchestration enables customers to deploy and manage any application on any hardware infrastructure across on-premise and cloud-based systems. Beyond managing applications, the orchestrating system also supports a variety of security measures. The ZEDEDA orchestration framework is vendor-agnostic and breaks down silos and provides the needed agility and futureproofing to evolve connected operations to the next stage. Customers can seamlessly manage intelligent applications at the distributed edge to gain access to critical insights, make real-time decisions, and maximize operational efficiency. With ZEDEDA customers can easily deploy and manage any edge compute node to instantly unlock the value of IoT data and make real-time decisions.

NetFoundry is a network as a service (NaaS) infrastructure that enables simple and secure connection of applications via software-only, Zero Trust, SASE  (Secure Access Service Edge) architectures. Without the constraints of MPLS WAN, SD-WAN, or VPN, infrastructure is replaced with code.  Instead of bolting on security and connectivity after building the app, we can secure, performant, programmable, cloud-native, Zero Trust networking as embedded elements of the application.

Overlay networking is implemented using software to create layers of network abstraction that can run multiple separate, discrete virtualized network layers on top of a physical network, providing new security benefits. One major benefit of NetFoundry’s overlays (AppWANs) is that they are completely service-provider agnostic and built on an open-source core (Ziti).

Arrow brings its global distribution and integration services, providing customers with a trusted expert to bring together all aspects of their IoT and edge solutions.

Summary

Securing IoT and edge computing solutions can be quite a challenge for IT and OT stakeholders alike. It is no longer tenable to have two perspectives of IT and OT infrastructure because digital transformation enabled by edge solutions requires a convergence of technologies from each organization. Next-generation security which protects devices, networks, and applications from increasingly sophisticated miscreants requires a holistic approach that implements a very tightly integrated technology stack that can deploy advanced mechanisms for security orchestrations. In addition, an end-to-end security method that systematically deploys best practice approaches across edge devices, networks, and applications will create a framework to detect and tackle threats proactively.

Arrow’s teaming with ZEDEDA and NetFoundry allows customers to take advantage of a state-of-the-art technology stack that can scale to any security need and enterprise, deliver new customer experiences, and business outcomes. Reach out to us today to learn how we can help your organization advance its security infrastructure globally while optimizing costs.

Did you know that Arrow offers a wide range of Edge Cybersecurity Services that can help protect your business from cybersecurity attacks? See our services or get a quote today.

Roland Ducote

Director, Sales Intelligent Solutions, OT + Emerging Accounts

Roland has over 20 years of diverse sales, technical marketing, and alliances experience. He began his career with Arrow in 2000 and has covered a wide range of product lines including FPGA’s, embedded computing, wireless, and storage technologies. Now focused on Arrow’s Operational Technology (OT) Program, he is responsible for developing and operating the Americas program including, sales, business development, and the partner ecosystem.

In addition, he oversees Arrow’s Intel Solutions Aggregator Program which aims to simplify the complexities of the intelligent edge and speed digital transformation projects. Roland holds a B.A. from Macalester College in St. Paul, MN, along with an M.B.A. and M.S. in Marketing from the University of Colorado at Denver.