The entire telecommunication framework is evolving, as providers shift from appliance-based services and discrete management overlay networks to a common, multi-function and distributed architecture. It’s all being driven by the demand to deliver 5G.
In deploying the next generation of services, communication service providers (CSPs) are creating an infrastructure that will be the bedrock for evolving services over the next few decades. These infrastructures are being developed in ways that fundamentally differ from those of the past. The implications are such that, just as new services are being built to harness new opportunities, so too must new approaches to security be created. So different in fact, that the whole approach to security needs to change.
Why 5G renders traditional security thinking redundant
Why? To answer that, it’s worth looking at where threats will target. In essence, there are three areas of risk – the network itself, the services 5G enables, and customer data. For the former, the introduction of new technologies helping the underlying architecture to evolve must be kept secure. These are software-based and virtualised, bringing the foundations of digital enterprise IT into the telecommunication space.
With services, 5G unlocks the possibilities of autonomous vehicles, or remote surgery, or augmented reality. These use cases get everyone excited, but they come with very high quality of service and reliability challenges.
Customer data is valuable, not least to those that would use it maliciously. That means CSPs must protect it at all costs, whether its private information such as names, addresses and bank details, behavioural data or data in transit.
Because 5G brings these fields together in a complex, interwoven manner, traditional approaches to security are
inadequate and, in many cases, will become redundant.
Services now comprise multiple interconnected and dispersed applications that no longer have discernable boundaries in time or space or consistent attack surfaces. This means security mechanisms must ‘move’ with service deployments.
The traditional approach has involved multiple vendors securing separate parts of the environment in isolation, without an understanding of the real-time operational changes taking place. In today’s environment, this is complex and non-scalable, to the point of becoming ineffective.
With hostile parties looking for ways in, something as simple as a piece of software that hasn’t been updated offers an open window. A system of embedded security is required that can be as dynamic as the environment itself.
A new approach to telco security
This is a challenge regularly faced by enterprise organisations globally. As significant enterprises in their own right, CSPs will have IT teams well versed in the threats that businesses are facing from cyber criminals and other malicious forces on an hourly basis.
Indeed, the expanding digital footprint of the enterprise mirrors the increasingly virtualised and distributed nature of telco networks – meaning that the principles of modern security that apply to the former should be applicable to the latter. Based on this, and reflecting the change taking place in enterprise IT organisations, what is required is a cultural shift away from trying to prevent breaches at all costs using technology in isolation, and towards building intrinsic security into everything that connects and carries data, whether it’s an application or a network.
It starts with this idea of intrinsic security. 5G is driving a new service architecture and, rather than bolting on protection at the end, CSPs have an opportunity to design it in, to build it from the ground up. That requires creating an infrastructure where security is deployed automatically and continuously to match the dynamics of the network. It means ‘knowing’ what is intended to happen, what was created as a result (and whether the two are aligned) and if something changes from what was intended – in real time and without human intervention. This is a fundamental shift in our approach to security, away from chasing bad and focusing on understanding good. It results in lower operational costs, as well as being more effective.
This is only possible using software. Why? Because it is only through software that these new methods can be deployed in dynamic, distributed environments, and are inherently future-proofed.
Once the network knows what is required, CSPs can deploy micro-segmentation – a security enforcement solution that isolates workloads within different environments and secures them based on that known good understanding of how they have been provisioned and expected to operate. Rather than solely relying on a fixed barrier like a firewall, micro-segmentation protects interconnections and data at the virtual level. This significantly mitigate threats such as the hijacking of an application or server to act as a Trojan horse into other parts of the system.
A wider significance of intrinsic security is the consistency of operation across the CSP service and IT landscape. It is as relevant to securing a network slice (to deliver the service level agreement (SLA) and to prevent a slice being hijacked or up-leveled outside of a service contract) as it is to the protection of subscriber data, or the securing of OSS/BSS systems or internal IT services.
Consistency ensures efficiency across the organisation with common procedures, automation and reduced security products to manually manage, while maintaining a high level of security throughout.
Realising the true potential of 5G, safely
5G offers immense opportunity yet the architectural changes it mandates also dictate a new approach to security. CSPs must combine and extend the best practices from IT and network security, through known-good, micro segmentation and security built-in, to defend theirinfrastructures effectively, to protect their services and their customers and, ultimately, to exploit the potential of true 5G, safely.
This article first appeared in the February issue of CommsMEA. to check out the rest of the issue.