The latest cellular connectivity standard, 5G, has taken wireless performance to the next level. Apart from improving throughput speeds, efficiency and latency, 5G will be able to support a massive scale of devices and simultaneous connections.
The software-defined architecture of 5G, including 5G security, brings forward use cases that were not previously imaginable. 5G is the first generation of cellular technology that is designed with virtualization and cloud-based technology in mind. With cloud-based technologies, software execution can now be disconnected from specific physical hardware by utilizing Software Defined Networking (SDN) and Network Function Virtualization (NFV).
Mobile security has significantly evolved since the 4G days, and today’s 5G standard offers several strong security capabilities, such as features for user authentication, traffic encryption, secure signaling and user privacy. However, as the technology is still new and evolving, the concept of “5G security” lacks an official definition.
While 5G networks are still in the deploy-and-expand mode, the introduction of untested and unverified 5G-enabled products and services has created opportunities for bad actors to exploit the new technology and architecture.
As 5G adoption accelerates, organizations will need higher levels of network security and reliability to protect both their users and their business-critical applications. Here are a few reasons why:
- 5G enables digital transformation, but also enables opportunities for cybercrime.
- The migration of applications and network functions to the cloud, along with network slicing, opens new attack surfaces.
- An ever-increasing number of endpoints and the adoption of distributed or remote work arrangements redefine the network perimeter daily.
- Network and threat visibility challenges lead to an increased attack surface, thus creating new entry points for bad actors.
- This expanded and undefined security perimeter is hard to control and monitor.
5G and Secure Network Access
Security teams have a gigantic task ahead of them when it comes to securing their network for 5G, including implementing the right policies for users, devices and applications. Organizations must adopt models like Zero-Trust Network Access (ZTNA), which allows security teams to set up least-privilege and granular access alongside authentication and authorization of every user and device throughout the network, which substantially lowers the chances of bad actors infiltrating your network.
ZTNA’s emphasis on eliminating implicit trust and requiring validation of each access request is the new secure way to move forward. A Zero Trust framework ensures complete visibility and control of the 5G infrastructure, including connecting devices, networking interfaces, applications and workloads. Zero Trust security can help organizations quickly identify and act against various security threats.
ZTNA is flexible enough to be adapted for various systems. 5G Zero-Trust architecture is end-to-end — including radio access network, transport and core — and consists of multiple layers. Zero-Trust Architecture Logical Elements (as defined in NIST SP 800-207) security establishes trust in user identity and device, enhanced end-to-end visibility, and control of every device accessing the network using any cloud deployment model. Below is the logical Zero-Trust architecture for 5G (as per NIST SP 800-207) that can be employed by 3GPP-based systems:
Together, the Policy Engine (PE) and Policy Administrator (PA) form the Policy Decision Point (PDP), which makes decisions enforced by the Policy Enforcement Point (PEP). Policy frameworks are employed in 3GPP-based systems to manage access to resources in different security domains.
While adopting Zero-Trust principles for 5G security, organizations can improve security from multiple angles:
- Least Privilege: Allows precise access, clubbed with context, to 5G network functions.
- Identity Validation: Defines identity to encompass all users and devices that require access to protected resources.
- Network Segmentation: Protects sensitive data and critical applications by leveraging network segmentation, preventing any lateral movement.
- Security Policies: Implement precise 5G security policies for granular control over data and applications.
- Continuous Validation: Eliminates implicit trust and continuously validates every stage of digital interaction.
- Protection of Cloud-Native Network Function (CNF) Workloads: Protects CNF running on public or private cloud throughout their Continuous Integration / Continuous Deployment lifecycle.
- Monitoring and Auditing: Monitors all interactions between users, devices and network functions at various layers.
The bottom line is this: ZTNA for 5G presents an opportunity for organizations to rethink how users, applications and infrastructure are secured — and ensure that they’re secured in a way that is scalable and sustainable for modern cloud, SDN-based and open-sourced environments while supporting a smoother, more efficient path to digital transformation.