This document describes MobiledgeX’s approach to security standards and guidelines to protect user data and applications.
Section1. Shared Security Responsibility Model
MobiledgeX’s Platform aggregates edge infrastructure across Telecom Operator network locations through one standard interface that application developers can use to design, deploy, and manage their applications. As MobiledgeX’s Platform operates across Telecom Operator infrastructure, security responsibilities become shared between MobiledgeX and the Telecom Operators. Telecom Operators are responsible for securing the underlying infrastructure/IAAS layer. At the same time, MobiledgeX’s Platform Layer is responsible for security as a Tenant inside the Operator’s Network. MobiledgeX’s Service Layer operates on a global level within the Public Cloud and is responsible for securing MobiledgeX’s OperatorUsers. The diagram below illustrates the shared responsibilities and various layers, as described.
MobiledgeX Security Responsibilities
MobiledgeX’s software accesses the Virtualization API endpoint to install the MobiledgeX Platform service referred to as the Cloudlet Resource Manager (CRM). CRM acts as a Tenant of the Operator’s Virtualization Layer. CRM utilizes Virtualization APIs to manage applications and provides infrastructure and application runtime statistics to the MobiledgeX Controller (over the Internet). The credentials to the API endpoint are stored securely by MobiledgeX. Connections between the CRM and API, which are determined by the environment in which they are deployed, may be placed on a separate network. MobiledgeX guarantees that ingress traffic is not permitted into the CRM and the connection from the CRM to the Controller originates from the Cloudlet Resource Manager. Internal communications between the CRM and MobiledgeX are encrypted and use mutual TLS authentication.
DeveloperUsers of the edge cloud infrastructure may access MobiledgeX’s Service Layer to manage and deploy their applications, where the deployments of these applications operate at a global level in the Public Cloud. For this reason, MobiledgeX ensures that security protocols are in place to protect DeveloperUsers data and deployed applications. Subsequent sections describe additional high-level security standards and guidelines.
Operator Security Responsibilities
The Operator is responsible for the protection of their edge cloud infrastructure, which can consist of hardware, networking, storage, and physical facilities. In addition to protecting the facility and Infrastructure Layer, the Operator is responsible for the security components associated with the Virtualization Layer. The Virtualization layer is where the Operator must provide Tenant security, and functionality must be available to provide separation between Tenants. MobiledgeX requires both Admin and Tenant access on the IAAS API level is granted via private and public API endpoints. It is not a requirement to place the IAAS endpoint directly on a public IP; it can reside behind a jumphost or by other security measures.
The Operator must ensure that MobiledgeX’s software is deployed behind the Operator’s firewall and inside DMZ, provide Intrusion detection/prevention (IDS/IPS) systems, and monitor high and critical priority alerts. MobiledgeX relies on the Operator to be responsible for network monitoring and firewall configuration across its infrastructure. Operator provided firewalls, and network monitoring protects MobiledgeX’s services from network attacks. If the Operator requires proper network traffic isolation, it is the Operator’s responsibility to provide the necessary isolated network interfaces to MobiledgeX.
Section 2. End-User Security
a). MobiledgeX restricts access to the MobiledgeX Edge Cloud (“Edge Services”) by using an account approval process for application owners by the MobiledgeX console administrator.
b). MobiledgeX implements processes which require that all users are assigned a unique user identification that must not be shared, and are required to authenticate their identity (e.g., passwords) before accessing Edge Services.
c). MobiledgeX implements processes that require the secure creation, modification, and deletion of Edge Services accounts (both local and remote).
d). MobiledgeX reviews and updates access rights to the Edge Services at a minimum, annually.
e). Support for reCAPTHCA is implemented.
f). Two-Factor Authentication(2FA) can be optionally set.
g). MobiledgeX enforces the following minimum password requirements within the Edge Services account set up:
Passwords are stored hashed.
User account credentials (e.g., passwords) must not be shared.
Strong passwords are enforced, with password strength checks performed during account creation and password change operations.
Default passwords are prohibited.
Session timeouts are enforced.
a) MobiledgeX implements and maintains controls to prevent and detect unauthorized access, intrusions, and malware to MobiledgeX component services, which at a minimum includes:
a process that will install any applicable critical patches or security updates for all production and internet-facing environments within thirty (30) days; or communications with the customer detailing why patches and updates are not required.
ensuring that only licensed software or open-source software with proper attribution is installed in MobiledgeX’s component services. Attribution is not able to be confirmed in third party application developers code.
b) MobiledgeX maintains documented change management procedures that provide a consistent approach for controlling and identifying changes (including high risk and emergency changes) to the Edge Service, which includes segregation of duties and security requirements.
c) Development and testing environments for the Edge Services are physically and/or logically separated from production and internet-facing environments. The appropriate owner approves production changes.
d) MobiledgeX’s test environment has the same controls as the production environment; and
e) MobiledgeX provides physical and/or logical separation from other MobiledgeX customer account information.
All security information processed by the Edge Services are encrypted when in transit and at rest, and MobiledgeX protects customers' information by implementing cryptographic and hashing algorithm types, strength, and key management processes, consistent with or exceeding current security industry standards. MobiledgeX does not transfer customer information to any portable computing device or any portable storage medium unless it is encrypted and compatible with or exceeding current security industry standards.
Application and Device Security
Control-plane communication between a device and MobiledgeX services is encrypted using server-side TLS. An additional optional client authentication process is also provided, which leverages a public key pair provided by the DeveloperUser.
Data-plane communication between a device and its End User backend deployed by MobiledgeX is encrypted using server-side TLS. Any authentication of the device or user of the device is the responsibility of the DeveloperUser's backend.
Cloud Services and Operations Security
All communications between internal MobiledgeX services is encrypted using mutual TLS consistent with or exceeding current industry standards.
All access to MobiledgeX infrastructure, including edge cloud infrastructure deployed within the Operator-managed virtualization layer, is audited.
Software Development Requirements
MobiledgeX implements a documented and validated software development life cycle process, which includes requirements gathering, system design, integration testing, user acceptance testing, and system acceptance. Security requirements are documented throughout the Edge Services life cycle. All confirmed high/critical security vulnerabilities found during testing are remediated and retested before moving to the production phase.
VM Registry: DeveloperUser applications’ VMs for VM-based deployments are stored in MobiledgeX’s Artifactory instance. Access to the VM instances is limited to the least amount of privilege necessary.
MobiledgeX Support will never access private repositories unless required for support reasons, and only when requested by the owner of the repository via a support ticket. When working on a support issue, MobiledgeX strives to respect DeveloperUser privacy as much as practical and will only access files and settings, as required, to resolve the issue. Developers will at all times have access and admin rights to the MobiledgeX GitLab CE registry so they can view, change, or delete the data.
Section 3. OS Security Compliance
Center of Internet (CIS) is a non-profit organization set up to identify, develop, validate, promote, and sustain best practice solutions for cyber defense. CIS employs a closed crowdsourcing model to identify and refine effective security measures, and releases these recommendations as a set of benchmarks for individual operating systems. CIS also publishes a configuration assessment tool (CIS-CAT) that compares the configuration of target systems to the recommended benchmarks.
CIS-CAT certified for MobiledgeX base images
MobiledgeX base images were tested and certified against the following:
CIS Ubuntu Linux 18.04 LTS Benchmark, v1.0.0 with the Level 1-Server profile
*CIS Ubuntu Linux 18.04 LTS Benchmark, v2.0.0 with Level 1-Server profile
*CIS Benchmark for CentOS Linux 7 Benchmark v2.2.0 Level 1 Server