The expanded attack surface of 5G devices and networks requires native security built on a trusted encryption and access-authentication infrastructure.
When 4G was first introduced in 2008, the technology had simpler security requirements and a more monolithic infrastructure.
Additionally, 4G was built on physical environments, while networks using 5G are transitioning to virtual environments: telecommunications companies (telcos) are deploying 5G infrastructure in the Cloud for the first time.
On top of that, telcos must adapt to the flexibility and scalability of 5G while remaining compliant with industry standards. Amidst these challenges, Mobile Network Operators (MNOs) are looking for an all-inclusive security solution to meet the following needs:
MNOs must meet growing legal and regulatory mandates, all while delivering service at scale. 5G standards are evolving with 5G technology, and MNOs need a solution that can adapt quickly to remain compliant. Additionally, their solution must ensure data privacy, and encryption is a great way to do this. Data privacy has increasingly been top-of-mind and new standards have evolved to protect it, such as the GDPR and the California Consumer Privacy Act.
Finally, MNOs must maintain strong protection of every layer of cloud computing technology to minimize risks and maintain operational integrity.
- Increasing threat landscape
Having more devices connected also increases threat vectors to protect against. Mobile networks are not just for smartphones anymore. MNOs must keep up with requirements for a variety of devices ranging from smartwatches to smart cars connecting to their networks.
Hackers will take advantage of the growing potential of targets. Unfortunately, MNOs do not regulate how software is secured on other devices from third-party vendors. However, they can require strong credentials to authenticate devices which connect to their network. Besides keeping track of device identity, MNOs also need to ensure that the messages they send are authentic and remain untampered. To maintain data integrity and improve security, users and devices must be authenticated and data needs to be encrypted.
- Agility at scale
MNOs’ networks need performance at scale. They must be able to rapidly respond to changing customer demands and enable easy launches for new products or product updates.
Customers expect delivery in minutes or seconds—in some cases requiring an unprecedented speed to create and manage services (faster than what current systems and manual processes can keep up with).
These high-speed, low-latency services must be able to respond across the world’s largest networks with seamless performance. Automation can help MNOs efficiently manage their networks at scale, and we suspect that automation will play a key role in helping MNOs maintain agility while reducing the manual burden of managing demands at scale.
Securing 5G: Public Key Infrastructure
One well-established way of securing traditional websites, remote-work arrangements, documents, code, email, devices and users and even email systems for decades is Public Key Infrastructure (PKI). This paradigm can also secure 5G transformation.
MNOs need to move fast to prepare for the 5G revolution, and planning security into 5G migration now can avoid breaches, financial losses and ultimately lost trust later. With a variety of use cases envisioned for 5G, having a modern PKI platform can protect devices, end users and networks, and it is flexible enough to deploy on-prem, private or hybrid cloud and easily transition between them.
With its ability to authenticate, provide integrity and encrypt, PKI allows MNOs to support 5G networks and build a trusted security system—all in the Cloud and at a huge scale. It can help MNOs secure their web of connected devices, backend applications and services, and backend network infrastructure, to enable high levels of trust in a variety of environments, including 5G.
Unified and native 5G security
A network is only as secure as its most vulnerable connected device. The more connections you have, the more difficult it is to monitor and recognize weaknesses.
Devices connecting to a 5G network need to be authenticated to ensure they are the intended devices. This means security needs to be designed into the identity of the device—from the start. Devices should have a ‘birth certificate’ when first manufactured, to assign a unique identifier that can be verified and used to track its identity throughout its lifecycle.
PKI can authenticate that device identity and ensure that only verified devices connect to the network. PKI can also provide the ability to blacklist devices from services or networks, in just the same way it can authenticate them, so it is very flexible for these use cases.
Most often, when referring to the services behind a device or application on the network, application code is deployed in the cloud and in containers that require encryption. PKI provides the necessary encryption and integrity for securing these types of cloud-deployed applications.
Additionally, when device software and services are upgraded, they also need to be cryptographically signed to preserve trust. This can be done through PKI to ensure that the software deployed to devices is correct, trusted, and not tampered with, to establish a trusted computing environment on these devices.
By implementing a modern PKI solution for 5G transformation, MNOs can gain the visibility, flexibility and operational integrity required for simplified management of a complex and siloed infrastructure—grouped into a single point of control. Finally, PKI allows administrators to assign and manage device identity at every stage of device life-cycles for tight access control.