Edge computing environments should be tailored to meet diverse needs and use cases. They should also be subject to governance controls that align with consistent organizational standards. Unfortunately, these goals often come into conflict.
That’s especially true given the complexity of modern edge environments, which are no longer infrastructures focused primarily on local processing. Instead, the typical modern edge environment integrates deeply with one or more centralized clouds. At the same time, however, edge workloads must operate across disparate locations, with widely varying requirements and capabilities in areas such as data sovereignty, computing capacity, and security features.
The central challenge that these issues present for CIOs is finding ways to maintain a unified security and compliance strategy without compromising the diverse nature of edge devices and workloads.
Hence, the growing importance of distributed governance — an approach that balances decentralizing the enforcement of compliance and security controls across distributed edge environments, while still addressing organization-wide compliance and security mandates.
The Challenge: Cloud-Edge Tension
To understand the need for distributed governance in edge environments, you must first understand why conventional governance strategies don’t work well for modern edge computing.
The core challenge stems from the fact that, by their very nature, edge devices are diverse and heterogenous. The types of data they collect and process, the software they run, the hardware capabilities they boast, and so on tend to vary widely from one device to another. Compliance and data sovereignty rules may also vary depending on the location of a given device or the types of information it manages.
These characteristics distinguish edge infrastructures from cloud environments. In the latter, infrastructure is more or less standardized, apart from potential minor differences in cloud service features between cloud regions and occasional localized compliance requirements. From a compliance and governance perspective, an application hosted on a cloud server running in Ashburn, Virginia, is not likely to be significantly different from one based in Mumbai.
In the cloud, then, centralized governance usually works just fine. A business can define acceptable configurations and apply them to its entire cloud infrastructure. It can also centrally monitor the compliance status of all its cloud workloads, without having to deploy compliance tools directly alongside each one.
But in diverse edge environments, centralized governance and compliance are much more problematic. Different edge workloads often require different governance policies, making it challenging to define a centralized set of rules and apply them uniformly across the edge environment. Plus, variation in the capabilities of edge devices may mean that not all edge workloads can comply with centralized policies. Some may lack the computing power to support a given configuration, for example. Others may connect only intermittently to the network, making it hard to ensure that they’re always up to date with evolving governance policies.
Edge Governance in Practice
To contextualize the challenges of effective governance in distributed edge environments, let’s look at a real-world example.
Imagine an edge network comprising sensors in autonomous vehicles. From a governance perspective, this fleet of devices presents several distinct challenges:
-
Varying locations: There is no way to predict exactly where a vehicle will be at any given point in time, and compliance and security mandates may vary between locations. Rules related to personally identifiable information could change, for instance, when a car moves from one jurisdiction to another.
-
Intermittent connectivity: Vehicles may not be able to report data or receive policy updates continuously because they may sometimes shut down or go out of range of the network.
-
Diverse sensors and data types: Unless the vehicles are all identical — which is unlikely — variation is likely to exist with regard to the types of sensors hosted on each vehicle, as well as the types of data each one reports.
-
Varying local processing capabilities: The extent to which autonomous vehicles can store and process data locally, without moving it to the cloud, can also vary. Some cars are likely to have more processing power than others.
Attempting to implement centralized governance for an edge infrastructure like this is unlikely to succeed. There are too many variables and unique requirements.
The Need for Uniform Edge Governance
This certainly does not mean, however, that CIOs can simply throw up their hands and ignore the need for uniform governance for edge environments.
On the contrary, maintaining uniform standards is just as important with edge computing as it is for traditional cloud environments. Businesses must be able to define core compliance and security requirements and apply them to all corners of their IT estates, including the edge. Otherwise, they risk critical compliance gaps or security oversights.
The difference with the edge is that governance must be implemented and delivered in a distributed way that reflects the diverse nature of edge infrastructures. Centralized policy propagation and monitoring, as we’ve seen, doesn’t work at the edge.
Balance Through Distributed Governance
What does work is a distributed governance approach.
Distributed governance is a strategy that spreads policies and controls across distributed networks, such as edge devices and workloads. Unlike conventional compliance, it doesn’t rely on a central, rigid set of policies or a single process for distributing and enforcing them. Instead, distributed governance offers a diverse set of policies tailored to the varying needs of different workloads or contexts, and it distributes them across devices as needed.
To understand what this looks like in practice, let’s return to the example of a fleet of autonomous vehicles. A distributed governance strategy wouldn’t attempt to enforce a single set of policies across all the vehicles. Instead, it would include a “menu” of varying policies that reflect varying needs, such as:
-
Vehicle location and jurisdiction.
-
Network connectivity status.
Each vehicle would adhere to policies that suit its needs. And it would modify its policy status in the event that variables (like its location) change.
Governance monitoring and enforcement would take place in a distributed fashion, too. Each vehicle would report data to validate its compliance status based on the bespoke policies to which it is subject. To ensure compliance during periods of non-connectivity, governance tools may run locally, rather than being hosted in a centralized location like the cloud.
Ultimately, distributed governance would conform to whichever compliance and security mandates the organization as a whole chooses to meet. But again, enforcement of those mandates would be spread across the distributed network of edge devices.
Conclusion: Evolving governance strategies
Distributed governance isn’t a replacement for traditional governance — which is good news for CIOs, in the sense that it doesn’t require them to rip-and-replace existing governance and compliance solutions.
Instead, think of distributed governance as an extension of conventional approaches. Centralized policy controls and enforcement are still appropriate for environments that are mostly uniform and homogenous, like the cloud. But businesses must complement those strategies with diverse policies and distributed controls that align with the varying needs of edge networks.
Doing so is the only way to take full advantage of edge computing’s ability to support specialized use cases, while simultaneously keeping compliance and security risks in check.
