Sophia Antipolis, France, 28 September 2022: Members from the ETSI Multi-Access Edge Computing group (ISG MEC) have just published a new white paper, “MEC security; Status of standards support and future evolutions”.

The White Paper focuses on MEC (Multi-access Edge Computing) technologies and explores security-related use cases and requirements with the aim of identifying aspects of security where the nature of edge computing results in insufficient industry approaches to cloud security. This second edition offers an updated status from standards and industry groups, and includes a brief description of selected MEC security aspects not previously contained in the first edition (e.g. Security aspects for MEC Federation, Infrastructure security and physical protection, Data protection, User security and Data security, Network Security Layer and Application Security Layer).

Edge computing environments are by nature characterized by a complex multi-vendor, multi-supplier, multi-stakeholder ecosystem of equipment including both HW and SW devices. Given this overall level of system heterogeneity, the areas of security, trust, and privacy are key topics for the edge environments. Finally, the advent of edge cloud federations and the presence of (far) edge devices, e.g. in Internet-of-Things environments, requires tackling MEC security with an end-to-end (E2E) approach by leveraging existing standards relevant in the area, carefully selected to be applicable in edge computing systems.

In this heterogeneous scenario, talking about end-to-end MEC security implies considering the impact on the elements coming from all stakeholders involved in the system. In that perspective, MEC should pay attention to the vulnerability and integrity of any third-party elements, and a truly end-to-end approach to MEC security needs to consider not only the current standards in ETSI ISG MEC, but also the other available standards that can be applicable to MEC environment. With this in mind, the White Paper provides an overview of ETSI MEC standards and current support for security, which is also complemented by a description of other relevant standards in the domain (e.g., ETSI TC CYBER, ETSI ISG NFV, 3GPP SA3) and cybersecurity regulation potentially applicable to edge computing. 

In addition to a description of security use cases and requirements for MEC, an analysis of security threats related to MEC federation is provided, as standardization work in ETSI MEC (and also in 3GPP) is expected to consider this GSMA work and put necessary measures in place to enable the actual deployment of the MEC Federation, which is very critical for operators and service providers. Finally, a general perspective of future evolutions and standard directions on MEC security completes the work.

This MEC Security White Paper is therefore a must-read for all ecosystem stakeholders as the adoption of edge computing technologies introduces a need for infrastructure owners and application/content providers to guarantee a level of security on the use of edge computing assets in order to meet customer demands.

Providing the needed clarifications in this White Paper, as the very first initiative in this domain, is a step forward for the alignment of the edge ecosystem and a means to further encourage the adoption of MEC technologies.

Download the free MEC Security White Paper HERE.