Securing Thin Edge Locations Doesn’t Need to be Complicated

Most organizations have thin edge locations, primarily as a result of digital acceleration initiatives and the growing hybrid workforce. A thin edge site is one in which on-site hardware is minimized in favor of leveraging off-site or cloud-based resources for as many IT solutions as possible. Thin edge locations can be kiosks, ATMs, and satellite and home offices, although the size of thin edge deployments is not necessarily limited. Thin edge sites exist in organizations of all sizes across all industries. IoT devices, sensors, and home office equipment like computers, printers, and phones are commonly found at thin edge locations. Bad actors can use the small networks in these locations as an entry point for malware or other threats, therefore, these sites need the same level of security as the corporate network.

Securing the Thin Edge

Thin edge deployments are particularly important as digital acceleration has increased the numbers and types of IoT devices installed in many networks. IoT devices are typically incapable of supporting a software agent and need to be protected in another manner. It is usually unnecessary, impossible, or cost-prohibitive for organizations to deploy a dedicated on-premises network firewall appliance at each thin edge location. There are often limited budgets and no local IT staff to deploy and manage IT infrastructure on-premises at small remote sites. In addition, it may not be possible to install agents to secure all IoT devices and endpoints, such as security cameras, office printers, and bring-your-own-device (BYOD) devices. In those situations, security can be extended to the site in question from a centralized location, leaving only a "thin edge" of networking equipment at the site, while security actions are performed elsewhere.

Types of Thin Edge Deployments

Thin edge deployments can come in several forms, but they are usually part of a microbranch, home office, or temporary location.

• A microbranch is a small, fixed site or kiosk without a large network stack but with devices on-site that can't leverage a software client, such as badge swipers, printers, and displays.
• Home offices refer to locations where the company provides an employee with a phone, printer, and possibly more, in addition to a laptop computer.
• Temporary locations are installations often found at events, emergencies, or mobile sites where networks need to be small and transportable.

As thin edge deployments grow in popularity, additional site types and larger sites may be converted to a thin edge architecture.

How Fortinet Protects the Thin Edge

Fortinet offers easy solutions to secure the thin edge that can be leveraged as appropriate for the situation. Fortinet networking equipment can be remotely controlled and managed by one of our security solutions. In these cases, an Ethernet switch or Wi-Fi access point acts as a secure endpoint that routes traffic back to a remote location for security inspection.

Fortinet solutions are centered on our FortiOS operating system, which unifies our security platform and ensures consistent security policy across the network. This enables a great deal of flexibility in how a thin edge is deployed because there are a number of FortiOS-based solutions that can be used to apply remote security.

Remote FortiGate: Whether a hardware appliance is installed in an on-premises data center or a virtual machine (VM) is deployed in a private or public cloud, FortiGate Next-Generation Firewalls can control, configure, and manage remotely deployed thin edge networking devices. FortiGates deliver consistent, real-time protection against even the newest and most sophisticated threats.

FortiGate-as-a-Service: With FGaaS, there is no need to purchase a FortiGate appliance. Fortinet offers FortiGate hardware appliances as a service, delivering the same high-performance ASIC-based security as user-owned FortiGate appliances. As with any remote FortiGate, thin edge networking devices can be centrally managed and secured using an as-a-service FortiGate.

FortiSASE: The Fortinet secure access service edge (SASE) solution integrates with the Fortinet WLAN portfolio to secure thin edges and related devices. FortiAP wireless access points intelligently offload traffic from microbranches to a SASE POP for comprehensive inspection at scale for all devices. FortiSASE is easy to deploy and secures all client devices at thin edge locations without requiring any endpoint agents.

Conclusion

Thin edge locations will continue to grow as the way we work continues to change. These locations will also become more vulnerable if effective, easy-to-manage security is not put into place at rollout. Fortinet offers multiple technology solutions for secure wired and wireless networking to fit any thin edge type and location. Flexible deployment options for the management layer are available so you can choose the setup that best suits your environment and needs.