Securing fleets of Container-based Edge Computing Devices from unauthorized hardware access

Edge computing enables companies to offer faster, more responsive services compared to competitors relying solely on centralized cloud architectures. It is also one of the major sources of data to fulfill big data lakes and enrich AI modeling. The continuous  emergence of pervasive networking technology, ubiquitous computing coupled with the desire to support user mobility, the increasing demand of advanced services (ex. AI) and the view of distributed systems as a utility accelerate the demand for edge computing architectures.

The deployment of a distributed system such as edge computing can be expensive to acquire, install, maintain, and upgrade, especially for large or complex  international deployment. Such solutions can produce a large amount of data that can be useful for decision making, performance evaluation, and optimization. However, this data also needs to be collected, stored, analyzed, and presented in a meaningful and actionable way. The nature of edge computing can expose the operations to various cyber threats, such as hacking, malware, or data breaches, that can compromise the integrity, confidentiality, and availability of the data and devices. Finally, in order to remain competitive and relevant, companies cannot rely on a one-time investment or a static solution but on adaptive solutions enabling continuous process of learning, experimenting, and improving. One of the technologies supporting these business needs is the containerization of services and applications.

Building a complete edge computing solution can be pretty complex and the choice of the applications, tools and hardware must be triggered by the business purpose. In this context, CYSEC Software Security Infrastructure Solution has been designed to support companies looking to protect their fleet of distributed systems against unauthorized access to the infrastructure hosting edge system and to ensure the integrity of their running environments and the confidentiality of their data whatever they are at rest, in transit or in execution. It integrates remote capabilities for update/upgrade and supports edge solutions scalability without impacting the container DevOps activities. At the heart of CYSEC Software Security Infrastructure Solution, there is a hardened Linux-based micro distribution operating system called ARCA Trusted OS designed to only execute containerized applications that enables the creation of an envelope of protection of the execution environments and their data whatever they are collated in the cloud or at the edge (see figure below). 

Typical use cases that can benefits from CYSEC Software Security Infrastructure Solution are:

  • Fleet of drones where the onboarded applications and the data gathered and sent back to the central system are protected.
  • Fleet of medical devices gathering patient data in remote locations meeting the healthcare regulatory standards on data protection and ensuring that physical tampering cannot break patient data confidentiality and the overall system availability.
  • Fleet of cabinets to rule complex machines such as cranes, drillers, telco antenna,… where local applications should remain of integrity meanwhile needs of remote control/diagnosis must be done with respect to company security policies. 

ARCA Trusted OS is a versatile technology able to work on prem, in cloud (public/private) and at the edge that can be deployed in virtual environments, bare metal on large medium or small Intel, AMD and ARM hardware. 

For more detailed information on ARCA Trusted OS, on concrete use cases or on commercial discussion,  please contact us or look at our website




CYSEC is a European data security company providing solutions enabling confidential computing (data protection in use) with remote attestation capabilities to attest the goodness of the IT stack which enables companies to trust their running environment and secure container workloads execution. We ​help companies to securely deploy their application with highly sensitive data in industries such as critical infrastructure, government, healthcare or aerospace & defense. This allows companies to extend their scope of activities thanks to the provision of encrypted enclaves, allowing a broader migration of data and applications on unreliable digital infrastructures such as the cloud (public, private), edge or partner infrastructures.