5G is a big leap in mobile technology. It presents enterprises and service providers with capabilities for advanced applications, content delivery and digital engagement anywhere. It enables businesses with new use cases and integrated security needs to have a trusted network and application/data delivery function. How does one build a secure 5G network that provides the level of trust required by users today and in the future?

The benefits of 5G

5G’s new use cases come from:

  1. Customized network slices for business-specific use cases
  2. Edge cloud capabilities with multi-access edge computing (MEC)
  3. Greater bandwidth with ultra-low latency.

This is important because a network built using cloud-native constructs is needed to obtain the promise of 5G performance, scalability, value delivery and optimal spend. Those constructs include network function virtualization with network function components (XNFs) on containers, using a hybrid cloud with infrastructure as code, DevSecOps and integrated security controls. A study by IBM’s Institute of Business Value on Telecom’s 5G Future shows communications service providers can use this to create value and enhance revenue in both the enterprise and consumer spaces.

Challenges to 5G deployment

While the power of cloud-native network functions in 5G deployment and operations is promising, it also presents several challenges.

First, it makes provisioning and operating the network slices at scale more complex. After all, there are many systems that need to integrate and operate in concert.

Deployment of MEC, the workloads running on MEC and making them securely accessible to clients can also be difficult. It also requires service-level management across the network slice and MEC for meeting the enterprise’s needs.

Threat management across diverse infrastructure and apps can be a challenge, too. You need to be sure 5G deployment doesn’t make it harder for you to protect customer data. It also needs to be compliant with standards and regulations like U.S. customer proprietary network information rules and the European Union’s General Data Protection Regulation.

Lastly, finding staff with the right skills can be difficult.

Keeping the network safe

Securing the 5G ecosystem requires security across the environment. The system depends on each component operating securely in a zero trust security environment. How do you ensure hygiene is followed, breaches are contained and the system remains stable?

  1. Security architecture and governance: The security architecture needs to include threat models and controls designed to minimize risk. It needs to ensure governance functions that define strategy, policy and regulatory compliance with CPNI rules, Payment Card Industry (PCI) standards and other requirements.
  2. 5G core network security: 5G core network elements need to be secured against network threats. Distributed denial of service attacks and network-based exploits can affect network slice security.
  3. Cloud control plane security: Resources in the cloud are secured by the cloud control plane. These might be virtual machines, containers, storage and other services. It uses access control lists and identity and access management (IAM) controls to secure them. These services need to be security-hardened to ensure functions can only be accessed by the right users and services. Cloud security posture management provides a consolidated view of posture and remediation.
  4. Data security: Data needs to be secured across the data stores and in transit. Do this by using data classification, control and encryption measures. Be sure to secure client data traversing the network against unwanted access and maintain its integrity.
  5. Identity and Access Management (IAM): Authenticate all access to the components, either services or users, via certificates for services, multifactor authentication (MFA) for users and role-based access controls, preferably controlled via an IAM system (either cloud-native or add-on service). Strictly limit privileged access and control it via other methods, including password vaulting. You should also have a process for identity governance in place.
  6. Encryption and key management: Encryption of all identified data stores and communication is fundamental. Store keys for encryption and certificates for transport layer security are key management systems. A KYOK/BYOK (keep your own key/bring your own key) system is particularly good for this. Don’t forget a robust governance system.
  7. Container security: In order to have a secure 5G environment, you also need to secure the life cycle for XNFs and containers for operations support system/business support system (OSS/BSS) workloads from image registry to runtime. This includes secure configuration of the container orchestration system such as Kubernetes, OpenShift, etc.
  8. DevSecOps: You need security for the entire application development and operations life cycle from secure development practices, secure software supply chain and static and dynamic security testing to a robust application operations practice.
  9. Security Operations Center: This function provides for ongoing threat management by analysis of logs and configuration data provided by cloud services, XNFs, security systems applications across OSS/BSS, etc. Orchestrate controls and remediate incidents with security playbooks to provide insight for security management and reports for governance. Vulnerability management and cyber threat intelligence are integral components of this function.
  10. Cloud infrastructure: Secure the compute, storage and network to protect the confidentiality of data and the integrity of that data. This also protects the availability of cloud systems and cloud resilience.
  11. User endpoint security: Securing the user endpoints (mobile phones, Internet of Things devices and tablets/laptops) that connect to the network is important to ensure they don’t become threat vectors. The controls depend on the type of device and apps on it, but at a minimum, it should have the right vulnerability management, including version control of the operating system, user access control and a mobile device manager to control apps on the device.

It can also help to have a partner in the effort, which can co-create security use cases to meet 5G security needs.

So when making the switch to the 5G network, just like with any other new technology adoption, ensure that you know how to use it safely and keep yourself and your data secure.

More from Risk Management

Are we getting better at quantifying risk management?

4 min read - As cyber threats grow more sophisticated and pervasive, the need for effective risk management has never been greater. The challenge lies not only in defining risk mitigation strategy but also in quantifying risk in ways that resonate with business leaders. The ability to translate complex technical risks into understandable and actionable business terms has become a crucial component of securing the necessary resources for cybersecurity programs.What approach do companies use today for cyber risk quantification? And how has cyber risk…

Cybersecurity Awareness Month: Cybersecurity awareness for developers

3 min read - It's the 21st annual Cybersecurity Awareness Month, and we’re covering many different angles to help organizations manage their cybersecurity challenges. In this mini-series of articles, we’re focusing on specific job roles outside of cybersecurity and how their teams approach security.For developers, cybersecurity has historically been a love-hate issue. The common school of thought is that coders are frustrated with having to tailor their work to fit within cybersecurity rules. However, many companies are embracing a security-first approach, and some developers…

Spooky action: Phantom domains create hijackable hyperlinks

4 min read - According to a recent paper published at the 2024 Web Conference, so-called "phantom domains" make it possible for malicious actors to hijack hyperlinks and exploit users' trust in familiar websites.The research defines phantom domains as active links to dot-com domains that have never been registered.Here's what enterprises need to know about how phantom domains emerge, the potential risks they represent and what they can do to disrupt phantom attacks. There are two common types of phantom domains: Errors and placeholders.Domain errorsErrors…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today