Edge computing moves computation to where data is generated. The latency gains are real. The governance problem that follows is harder than most enterprise IT teams planned for.
The argument for edge computing is about physics. The speed of light is a real constraint. When a sensor on a factory floor generates data, sending that data to a cloud data center, processing it, and sending back a decision takes time. The round trip might be fifty milliseconds, or two hundred, depending on network conditions and distance. For some applications, that is fine. For others, it is not. A quality control camera inspecting products at high speed, making accept-or-reject decisions on a moving production line, cannot wait for a cloud round trip. A collision avoidance system in an autonomous vehicle cannot either. These applications need computation at or very close to the source of the data, which is what edge computing provides.
The use cases have expanded well beyond manufacturing. Retail stores run computer vision at the shelf edge to detect inventory gaps without relying on store wifi to route video to a central server. Hospitals deploy edge processing on patient monitoring devices to run inference locally without requiring every patient's vital signs to traverse a hospital network. Energy infrastructure uses edge intelligence on grid equipment to make real-time switching decisions faster than centralized systems can respond. The IoT connection is direct: when you have large numbers of devices generating data in time-sensitive applications, and when those devices operate in environments where network connectivity is intermittent or expensive, you move computation to the device or to a nearby compute cluster rather than routing everything to a central cloud.
Gartner has consistently placed edge computing among its top strategic technology trends, and its Hype Cycle work has tracked edge as it moves from peak expectation toward more realistic assessment (see Gartner Hype Cycle methodology and the Gartner newsroom for current commentary). I hedge any specific positioning Gartner assigns because hype cycle placements change, and I am not working from a verified current report. The directional observation, that edge computing is a real and growing infrastructure pattern in enterprise IT, is well supported by what large technology vendors are building and what enterprise customers are deploying.
The OT/IT convergence dimension is where edge computing becomes most complicated for large enterprises. OT stands for operational technology: the systems that control physical industrial processes. SCADA systems, PLCs, distributed control systems. These were designed to be isolated, proprietary, and long-lived. An industrial control system might be in service for twenty years, running on a vendor-specific operating system with firmware that cannot be updated without a formal change control process and, in some cases, a vendor service visit. IT systems, by contrast, are designed to be updated continuously, to communicate over standard protocols, and to be monitored and managed centrally. Edge computing brings these two worlds into contact. You are now running cloud-native software, containers, Kubernetes, standard Linux, on infrastructure that lives on the factory floor or the utility substation, next to OT systems that were never designed to coexist with that kind of environment.
The governance problem that follows is the one I see underestimated most consistently. In a cloud environment, governance is centralized. You have a cloud account with billing and IAM visibility. You have centralized logging through CloudTrail or equivalent. You have a limited number of access patterns and a manageable attack surface. Patching is managed either by the cloud provider for managed services or by your operations team for workloads you run yourself. The cloud, for all its complexity, is at least a known environment.
Edge devices are not a known environment in the same way. A large organization deploying edge compute for industrial IoT might have hundreds or thousands of edge nodes distributed across factories, warehouses, retail locations, or field sites. Each one is a computer running software that needs to be patched. Each one is a network endpoint that could be physically accessed by someone in that location. Each one has credentials, certificates, and configuration that need to be managed and rotated. Central IT departments are typically not staffed or structured to manage this kind of distributed endpoint estate at scale. The tooling that exists for cloud management, the infrastructure-as-code tooling, the CI/CD pipelines, the monitoring stacks, assumes that your compute is in a data center or cloud region with reliable network connectivity and physical security. An edge node on a factory floor in a remote location has none of those assumptions.
Software updates on edge devices deserve special attention because they are where the security risk is most acute and the operational risk is highest simultaneously. You want to patch edge devices promptly when vulnerabilities are discovered, because unpatched edge devices on OT networks are attractive targets and because a compromise of an edge node near operational technology can have physical consequences. But you cannot update edge software with the same cadence as cloud software, because the edge device is running software that controls a physical process, and an update that introduces a regression in behavior is not a service disruption, it is potentially an equipment failure or a safety incident. The validation requirements for OT-adjacent software updates are different from the validation requirements for a web application. This creates a situation where the security team wants faster patching and the OT team wants slower patching, and both are right within their own risk frame.
Structurally, this is the same problem Trist and Bamforth documented in the coal mines, technical optimization creating friction with the social and operational systems surrounding it. I wrote about how STS theory applies to edge AI in edge AI and physical decision-making, and the broader edge computing context has the same shape. The technical case for edge, lower latency, reduced bandwidth consumption, resilience to cloud connectivity interruption, is well made and well supported. What the technical case does not address is how you govern a distributed estate of devices that need to be patched, secured, monitored, and managed without the centralized control surface that enterprise IT governance has been built around. That is an organizational problem, not a technology problem, and it is one that edge computing vendors have not fully solved in their product offerings, because solving it requires understanding each customer's specific OT environment, security posture, and operational constraints.
The organizations navigating this well tend to be the ones that treat edge computing as a new domain requiring new skills and new governance models, rather than treating it as an extension of either their existing cloud governance or their existing OT governance. The skills required to manage edge infrastructure competently overlap with cloud operations skills and with OT engineering skills, but they are not identical to either. The governance models that work for cloud, centralized control, continuous deployment, infrastructure-as-code, do not port directly to edge, and the governance models that work for OT, formal change control, extended stability windows, physical isolation, cannot accommodate the update velocity that edge security requires.
About the author
Share
More notes
Related notes