Get Started
Contact us

If you found this blog post interesting you might also enjoy our regular series of webinars about practical ways to improve the security of people working outside the office.

Upcoming Webinars →

Every so often, cybersecurity guidance from national agencies lands exactly on what organisations quietly struggle with. The NSA, GCHQ, CISA and others have published advice focused on mitigating risks of edge devices. For anyone managing remote or hybrid access, it reads like a checklist of problems you already know are real.

The core message is simple: when you do not control the infrastructure someone connects from, you cannot assume it is secure. That is precisely the definition of the uncontrolled network edge in homes, hotels, serviced offices or client sites, where equipment you did not deploy handles sensitive data flow.

What “Edge Devices” Really Means
The NSA defines network edge devices as those that sit between external and internal networks, such as routers, gateways and VPN concentrators. In an enterprise setting, these are managed and monitored.

But the real risk comes when those same types of devices exist outside your control. A home router, a hotel Wi-Fi access point or a co-working space Wi-Fi all count as edge devices too. When corporate data flows through them, they form part of your security perimeter whether you want them to or not. This is what we call the uncontrolled network edge.

What the Guidance Recommends
Agencies recommend several core strategies for reducing risk at the network edge:

  • Use secure by design devices wherever possible
  • Replace or lock down default credentials and admin access
  • Apply firmware and software updates promptly, ideally automatically
  • Ensure devices boot from a known good state
  • Monitor devices and configurations centrally
  • Prevent lateral movement by isolating connected endpoints

This advice is strong and sensible. The difficulty is that it assumes you have control over the devices. At the uncontrolled network edge in homes, hotels, shared offices or client sites those assumptions often break down.

Why Following the Advice Is Hard in Practice
Even when organisations try, several real-world obstacles arise:

  • If a staff member connects from a serviced office or client site, you cannot enforce the NSA’s advice to patch or monitor their router.
  • Firmware updates are necessary but not sufficient. Many consumer devices are unsupported by vendors, leaving known flaws unpatched even when updates are applied.
  • Staff may reset routers or revert security settings without realising the risk.
  • Other devices on the same network such as family laptops, smart TVs or IoT gadgets can introduce lateral threats that the NSA guidance says should be isolated.
  • Central monitoring, which the NSA recommends, is almost impossible when hundreds of staff are connecting through hundreds of different unmanaged routers.

In short, the NSA is right about what is needed, but the uncontrolled network edge is where those requirements become almost impossible to meet with traditional approaches.

How Loxada Helps Close the Gap
Loxada’s solution is designed to make NSA style controls enforceable at the uncontrolled network edge:

  • Routers are supplied with hardened custom firmware, replacing manufacturer software that may contain flaws.
  • Updates and configuration enforcement happen centrally, not at the whim of the user or the vendor.
  • Business traffic is separated from other local devices to block lateral attacks.
  • Routers boot into a known good state, following the NSA’s recommendation.
  • Everything is visible and manageable through central oversight.

This approach means that even if someone is working from a hotel, a serviced office or their kitchen table, the network edge they use is still hardened, monitored and consistent with agency guidance.

Why This Matters Now More Than Ever
Remote and hybrid access has expanded the attack surface. Attackers increasingly target the edge because routers and gateways outside IT control are easier to compromise than hardened servers or cloud platforms.

That is why the NSA, GCHQ and CISA all continue to warn about edge device risks. Their guidance highlights the danger, but it is the uncontrolled network edge where those dangers are most acute, and where following their advice is hardest in practice.

Bottom Line
The NSA’s guidance is excellent. It outlines a blueprint for securing the edge. But unless you address the uncontrolled network edge in homes, hotels, serviced offices and client sites you are only covering half the problem.

Loxada provides a way to make that blueprint practical. Our secure on-ramp ensures agency guidance can be applied consistently across all connections, even those beyond direct IT oversight.

If you want to turn policy into practice, this is where securing the uncontrolled network edge becomes non-negotiable.

Further reading:
NSA press release on mitigating edge device risks

Contact us to talk about securing your network edge in real-world conditions.

Recent Posts

If you found this blog post interesting you might also enjoy our regular series of webinars about practical ways to improve the security of people working outside the office.

Upcoming Webinars →