5G is a big leap in mobile technology. It presents enterprises and service providers with capabilities for advanced applications, content delivery and digital engagement anywhere. It enables businesses with new use cases and integrated security needs to have a trusted network and application/data delivery function. How does one build a secure 5G network that provides the level of trust required by users today and in the future?
The Benefits of 5G
5G’s new use cases come from:
- Customized network slices for business-specific use cases
- Edge cloud capabilities with multi-access edge computing (MEC)
- Greater bandwidth with ultra-low latency.
This is important because a network built using cloud-native constructs is needed to obtain the promise of 5G performance, scalability, value delivery and optimal spend. Those constructs include network function virtualization with network function components (XNFs) on containers, using a hybrid cloud with infrastructure as code, DevSecOps and integrated security controls. A study by IBM’s Institute of Business Value on Telecom’s 5G Future shows communications service providers can use this to create value and enhance revenue in both the enterprise and consumer spaces.
Challenges to 5G Deployment
While the power of cloud-native network functions in 5G deployment and operations is promising, it also presents several challenges.
First, it makes provisioning and operating the network slices at scale more complex. After all, there are many systems that need to integrate and operate in concert.
Deployment of MEC, the workloads running on MEC and making them securely accessible to clients can also be difficult. It also requires service-level management across the network slice and MEC for meeting the enterprise’s needs.
Threat management across diverse infrastructure and apps can be a challenge, too. You need to be sure 5G deployment doesn’t make it harder for you to protect customer data. It also needs to be compliant with standards and regulations like U.S. customer proprietary network information rules and the European Union’s General Data Protection Regulation.
Lastly, finding staff with the right skills can be difficult.
Keeping the Network Safe
Securing the 5G ecosystem requires security across the environment. The system depends on each component operating securely in a zero trust security environment. How do you ensure hygiene is followed, breaches are contained and the system remains stable?
- Security architecture and governance: The security architecture needs to include threat models and controls designed to minimize risk. It needs to ensure governance functions that define strategy, policy and regulatory compliance with CPNI rules, Payment Card Industry (PCI) standards and other requirements.
- 5G core network security: 5G core network elements need to be secured against network threats. Distributed denial of service attacks and network-based exploits can affect network slice security.
- Cloud control plane security: Resources in the cloud are secured by the cloud control plane. These might be virtual machines, containers, storage and other services. It uses access control lists and identity and access management (IAM) controls to secure them. These services need to be security-hardened to ensure functions can only be accessed by the right users and services. Cloud security posture management provides a consolidated view of posture and remediation.
- Data security: Data needs to be secured across the data stores and in transit. Do this by using data classification, control and encryption measures. Be sure to secure client data traversing the network against unwanted access and maintain its integrity.
- Identity and Access Management (IAM): Authenticate all access to the components, either services or users, via certificates for services, multifactor authentication (MFA) for users and role-based access controls, preferably controlled via an IAM system (either cloud-native or add-on service). Strictly limit privileged access and control it via other methods, including password vaulting. You should also have a process for identity governance in place.
- Encryption and key management: Encryption of all identified data stores and communication is fundamental. Store keys for encryption and certificates for transport layer security are key management systems. A KYOK/BYOK (keep your own key/bring your own key) system is particularly good for this. Don’t forget a robust governance system.
- Container security: In order to have a secure 5G environment, you also need to secure the life cycle for XNFs and containers for operations support system/business support system (OSS/BSS) workloads from image registry to runtime. This includes secure configuration of the container orchestration system such as Kubernetes, OpenShift, etc.
- DevSecOps: You need security for the entire application development and operations life cycle from secure development practices, secure software supply chain and static and dynamic security testing to a robust application operations practice.
- Security Operations Center: This function provides for ongoing threat management by analysis of logs and configuration data provided by cloud services, XNFs, security systems applications across OSS/BSS, etc. Orchestrate controls and remediate incidents with security playbooks to provide insight for security management and reports for governance. Vulnerability management and cyber threat intelligence are integral components of this function.
- Cloud infrastructure: Secure the compute, storage and network to protect the confidentiality of data and the integrity of that data. This also protects the availability of cloud systems and cloud resilience.
- User endpoint security: Securing the user endpoints (mobile phones, Internet of Things devices and tablets/laptops) that connect to the network is important to ensure they don’t become threat vectors. The controls depend on the type of device and apps on it, but at a minimum, it should have the right vulnerability management, including version control of the operating system, user access control and a mobile device manager to control apps on the device.
It can also help to have a partner in the effort, which can co-create security use cases to meet 5G security needs.
So when making the switch to the 5G network, just like with any other new technology adoption, ensure that you know how to use it safely and keep yourself and your data secure.
Sourav Banerjee is a cybersecurity specialist with IBM. He brings expertise in securing Cloud, network, systems and management of threats, risk and complianc...