5G is a big leap in mobile technology. It presents enterprises and service providers with capabilities for advanced applications, content delivery and digital engagement anywhere. It enables businesses with new use cases and integrated security needs to have a trusted network and application/data delivery function. How does one build a secure 5G network that provides the level of trust required by users today and in the future?

The Benefits of 5G

5G’s new use cases come from:

  1. Customized network slices for business-specific use cases
  2. Edge cloud capabilities with multi-access edge computing (MEC)
  3. Greater bandwidth with ultra-low latency.

This is important because a network built using cloud-native constructs is needed to obtain the promise of 5G performance, scalability, value delivery and optimal spend. Those constructs include network function virtualization with network function components (XNFs) on containers, using a hybrid cloud with infrastructure as code, DevSecOps and integrated security controls. A study by IBM’s Institute of Business Value on Telecom’s 5G Future shows communications service providers can use this to create value and enhance revenue in both the enterprise and consumer spaces.

Challenges to 5G Deployment

While the power of cloud-native network functions in 5G deployment and operations is promising, it also presents several challenges.

First, it makes provisioning and operating the network slices at scale more complex. After all, there are many systems that need to integrate and operate in concert.

Deployment of MEC, the workloads running on MEC and making them securely accessible to clients can also be difficult. It also requires service-level management across the network slice and MEC for meeting the enterprise’s needs.

Threat management across diverse infrastructure and apps can be a challenge, too. You need to be sure 5G deployment doesn’t make it harder for you to protect customer data. It also needs to be compliant with standards and regulations like U.S. customer proprietary network information rules and the European Union’s General Data Protection Regulation.

Lastly, finding staff with the right skills can be difficult.

Keeping the Network Safe

Securing the 5G ecosystem requires security across the environment. The system depends on each component operating securely in a zero trust security environment. How do you ensure hygiene is followed, breaches are contained and the system remains stable?

  1. Security architecture and governance: The security architecture needs to include threat models and controls designed to minimize risk. It needs to ensure governance functions that define strategy, policy and regulatory compliance with CPNI rules, Payment Card Industry (PCI) standards and other requirements.
  2. 5G core network security: 5G core network elements need to be secured against network threats. Distributed denial of service attacks and network-based exploits can affect network slice security.
  3. Cloud control plane security: Resources in the cloud are secured by the cloud control plane. These might be virtual machines, containers, storage and other services. It uses access control lists and identity and access management (IAM) controls to secure them. These services need to be security-hardened to ensure functions can only be accessed by the right users and services. Cloud security posture management provides a consolidated view of posture and remediation.
  4. Data security: Data needs to be secured across the data stores and in transit. Do this by using data classification, control and encryption measures. Be sure to secure client data traversing the network against unwanted access and maintain its integrity.
  5. Identity and Access Management (IAM): Authenticate all access to the components, either services or users, via certificates for services, multifactor authentication (MFA) for users and role-based access controls, preferably controlled via an IAM system (either cloud-native or add-on service). Strictly limit privileged access and control it via other methods, including password vaulting. You should also have a process for identity governance in place.
  6. Encryption and key management: Encryption of all identified data stores and communication is fundamental. Store keys for encryption and certificates for transport layer security are key management systems. A KYOK/BYOK (keep your own key/bring your own key) system is particularly good for this. Don’t forget a robust governance system.
  7. Container security: In order to have a secure 5G environment, you also need to secure the life cycle for XNFs and containers for operations support system/business support system (OSS/BSS) workloads from image registry to runtime. This includes secure configuration of the container orchestration system such as Kubernetes, OpenShift, etc.
  8. DevSecOps: You need security for the entire application development and operations life cycle from secure development practices, secure software supply chain and static and dynamic security testing to a robust application operations practice.
  9. Security Operations Center: This function provides for ongoing threat management by analysis of logs and configuration data provided by cloud services, XNFs, security systems applications across OSS/BSS, etc. Orchestrate controls and remediate incidents with security playbooks to provide insight for security management and reports for governance. Vulnerability management and cyber threat intelligence are integral components of this function.
  10. Cloud infrastructure: Secure the compute, storage and network to protect the confidentiality of data and the integrity of that data. This also protects the availability of cloud systems and cloud resilience.
  11. User endpoint security: Securing the user endpoints (mobile phones, Internet of Things devices and tablets/laptops) that connect to the network is important to ensure they don’t become threat vectors. The controls depend on the type of device and apps on it, but at a minimum, it should have the right vulnerability management, including version control of the operating system, user access control and a mobile device manager to control apps on the device.

It can also help to have a partner in the effort, which can co-create security use cases to meet 5G security needs.

So when making the switch to the 5G network, just like with any other new technology adoption, ensure that you know how to use it safely and keep yourself and your data secure.

More from Mobile Security

Juice jacking: Is it a real issue or media hype?

4 min read - You get off a flight and realize your phone is almost out of battery, which will make getting an Uber at your destination a bit challenging. Then you see it — a public charging station at the next gate like a pot of gold at the end of the rainbow. As you run rom-com style to the USB port, you may briefly wonder if it’s actually safe from a cybersecurity perspective to plug in your phone. The answer is technically…

Third-party app stores could be a red flag for iOS security

4 min read - Even Apple can’t escape change forever. The famously restrictive company will allow third-party app stores for iOS devices, along with allowing users to “sideload” software directly. Spurring the move is the European Union’s (EU) Digital Markets Act (DMA), which looks to ensure open markets by reducing the ability of digital “gatekeepers” to restrict content on devices. While this is good news for app creators and end-users, there is a potential red flag: security. Here’s what the compliance-driven change means for…

A view into Web(View) attacks in Android

9 min read - James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses overlay techniques to steal victims’ credentials. In 2022, IBM Security Trusteer researchers discovered a new trend in financial mobile malware that targets…

How the Mac OS X trojan Flashback changed cybersecurity

4 min read - Not so long ago, the Mac was thought to be impervious to viruses. In fact, Apple once stated on its website that "it doesn't get PC viruses". But that was before the Mac OS X Trojan Flashback malware appeared in 2012. Since then, Mac and iPhone security issues have changed dramatically — and so has the security of the entire world. In this post, we'll revisit how the Flashback incident unfolded and how it changed the security landscape forever. What…