Secure IT starts at the edge of the network
Modern business processes continuously generate massive amounts of data — from industrial sensors and connected machines to card readers in retail branches, production lines, or medical practices. If all this information is first sent to data centers or the cloud, it can cause delays, high network load, and additional security risks.
Secure edge computing brings computing power and security mechanisms directly to where the data is created — at the edge of the network. Local firewalls not only handle network protection but also serve as platforms for isolated software applications. This allows time- and information-critical processes to run directly on-site. Companies benefit from higher data sovereignty, can implement real-time applications, and simultaneously reduce network load. The result: higher speed, lower latency, and stronger protection of confidential information.
Secure edge computing extends this approach by combining local data processing with consistent security and data protection mechanisms to make distributed systems reliable, resilient, and trustworthy. This includes measures such as encryption, access controls, and identity management, as well as specialized software running in isolated containers directly at the edge.
As a result, time-critical processes benefit from fast, real-time responses while sensitive data remains protected.
Who benefits from secure edge computing?
Secure edge computing is ideal for organizations that need to process sensitive or time-critical data locally — for reasons of security, compliance, or efficiency. The technical foundation lies in powerful firewalls equipped with integrated software containers.
This enables flexible, secure operation and central management of individual applications, eliminating the need for additional hardware or separate server infrastructures.
Industry & OT
In industrial environments — known as Operational Technology (OT), i.e., the control and monitoring of machines and systems — secure edge computing enables real-time processing of sensor data directly on the production line. Applications such as video analytics, AR/VR-assisted maintenance, or protocol conversion run locally without raw data needing to be sent to the data center. This minimizes latency, stabilizes processes, and ensures compliance with data storage regulations.
Example: An automotive supplier analyzes video data directly at the production line using a local firewall with container technology to detect paint defects in real time and immediately remove faulty parts — without continuously transferring sensitive production data to the cloud. Secure edge computing also securely integrates older machines and legacy interfaces, creating a sealed-off network that gives manufacturers protected access to sensor data for analysis and maintenance.
Retail & POS
In retail — particularly at the Point of Sale (POS) — secure edge computing ensures fast and reliable data processing directly in stores. Video and image analyses for security or customer flow management, real-time pricing and inventory processes, and local authentication or IoT onboarding functions remain fully operational even if the WAN connection is interrupted.
Example: A large supermarket chain locally analyzes video footage via a security device to track customer numbers and dynamically open checkouts. Even if the central connection fails, these functions continue without interruption.
Critical Infrastructures
In critical infrastructures, secure edge computing contributes to autonomous operation and the protection of sensitive network segments. Local firewalls harden the perimeter, securely trace data paths, and enable vulnerability scans directly on-site — independent of a constant connection to central IT systems.
Since operators of critical infrastructures are subject to strict specific regulations, edge security offers a controlled and compliant environment for security processes. Only small workloads are executed decentrally, while the actual analysis of the data takes place centrally in the data center.
Example: An energy provider uses isolated containers for vulnerability scanning on next-generation firewalls at substations to reduce attack surfaces and maintain secure operation even during network outages.
Healthcare
In the healthcare sector, secure edge computing enables the secure and efficient processing of sensitive patient data directly on-site while complying with numerous regulations. Specialized peripheral devices, such as smart card terminals or diagnostic equipment, can be securely connected to the telematics infrastructure without unencrypted data passing through external systems. The main computational workload resides in the data center, while only small workloads are executed decentrally.
Example: A hospital processes health card data locally, checks access rights directly at the edge firewall, and transmits only encrypted and preprocessed information to central systems. For IT service providers managing hundreds or thousands of medical practices, this approach offers significant efficiency gains. Many small local servers in the practices become unnecessary – reducing effort and costs while increasing the security and maintainability of the infrastructure.
In short: Secure edge computing is applicable wherever data sovereignty, real-time capability, and the security of distributed systems are top priorities — from medicine and critical infrastructures to Industry 4.0.
- Cloud layer
In the cloud or data centers, processed data is consolidated. Long-term storage and centralized management take place here.
- Edge layer
Edge nodes or edge servers handle core tasks such as data pre-processing, reduction, caching, and buffering. Only relevant information is forwarded to the cloud or data center. This layer also enables fast response times for control commands, virtualization for flexible workloads, and local enforcement of security and compliance policies. Next-generation UTM firewalls can be used here, capable of running Docker containers directly.
- Device layer
At the bottom are end devices such as sensors and controllers that collect raw data — in industrial plants, vehicles, smart devices, or IoT scenarios. These devices serve as the primary data source.
Organizations increasingly face a strategic decision: should data be processed centrally in the cloud/data center or locally on-site?
- Cloud (central & global): long-term analytics, AI model training, cross-site reporting, centralized management.
- Edge (here & now): pre-processing, real-time decisions, sensitive/location-bound data, IoT/OT integration.
The key is finding the right balance: The more sensitive and time-critical the data, the closer to the source it should be processed — always protected by the edge firewall perimeter. Cloud and edge solutions should complement each other rather than compete.
Unified Firewalls including container management
For secure edge computing, professional container management is essential. Containers enable fast, secure, and consistent integration of industry- and project-specific applications — fully isolated from the operating system and without affecting firewall functionality.
At the same time, containers benefit from the firewall’s comprehensive protection.
Starting with the upcoming firmware version LCOS FX 11.2, Docker containers can run directly on your LANCOM R&S®Unified Firewall or vFirewall with the appropriate licenses. Containers and container networks can be created, monitored, and started in real time; firewall rules defined precisely; and configurations automatically restored from backups during updates.
Secure operation of third-party software on a security device
Running software in Docker containers directly on security devices provides significant benefits: Containers operate in isolated environments with strictly limited permissions and can be flexibly updated or extended without affecting the core system functionality.
All traffic — between containers and external networks — is consistently filtered through the existing firewall rules. Optionally, a reverse proxy with SAML authentication can be used to manage access control, enforce centralized authentication (e.g., via Single Sign-On), and reduce attack surfaces.
While running third-party software on a firewall introduces potential security risks, these can be effectively minimized through environment hardening, strict access control, and regular updates — maintaining the overall security level of the system.
Current network security and Digital Sovereignty according to NIS2 specifications
Network security is constantly evolving and must address new challenges. The EU NIS2 Directive on network and information security now meets this need by establishing clear specifications and sanctions to enhance cybersecurity in EU companies. A positive side effect is that Digital Sovereignty also strengthens with increased security. Are you affected? If so, what does this mean for your company? Take the NIS2 check and learn more on our topic pages.
More about NIS2 and Digital Sovereignty
Ask the AI chatbot!
Do you still have questions? Or maybe you can't find the information you're looking for? From now on, the LANCOM Digital Assistant will answer all your questions about network security, IT security, and LANCOM R&S®Unified Firewalls – at any time, quickly, and without searching! Alternatively, you can of course still use the contact form.
