In my previous blogs, I covered some important topics, including how enterprise networks or IT networks could evolve to integrate Private 5G (P5G) network on their premises or hybrid cloud. Moreover, it’s also known that P5G networks have been on roll for past few months, where service providers and enterprises are partnering to solve different business use cases, collaboratively.
It brings forth another important question, how do enterprises ensure security of P5G as well as their existing enterprise network?
Trend-micro has conducted a detailed survey on ‘Expectations of P5G Network Security’ recently and published the findings. Not surprising at all, some of the challenges we already foresaw during our earlier discussions.
Although it’s known that cellular networks (4G/5G) are more secure (compared to Wi-Fi), many enterprises do have concerns regarding data transferred on 5G air interface (devices to cell tower), and attacks on devices connected to network. There are additional concerns about whether 5G network equipment can be compromised, esp. if you are deploying it in hybrid or public cloud setup. These concerns are quite valid ones.
With respect to data transfer on air interface, 5G offers very robust cryptographic encryption process, with the introduction of NEA (New Encryption Algorithm) and NIA (New Integration Algorithm). The details of which are beyond scope of this blog post but interested readers can refer to ITU Workshop for more details. Moreover, with SUPI being encrypted with public key in home network itself, subscriber identity is protected completely.
To address the above security concerns, many enterprises, are either partnering with specialized security partners with 5G domain expertise or relying on existing IT security partners to address those cocerns. In any situation, task at end requires specialized understanding of entire 5G security landscape and there’s no easy route to find possible answers.
Interestingly, the findings from TrendMicro survey shows that many enterprises are intend to connect their existing enterprise network with P5G network in some way. In fact, close of 70% enterprises are going to integrate networks, which brings forth an interesting question, on how to do enterprises ensure seamless security of traffic, integration of devices connectity and policies. Surely, with P5G, enterprises need to take a holistic view of their entire enterprise network security, including P5G networks.
Topic of 5G security does require discussion around open standards. With O-RAN on rise, and many enterprises relying on building cloud-native networks with open source modules, ensuring compliance with open standard is must for enterprises. Issue of vulnerabilities, esp. with adoption of open standards is another major concern.
While there’s no easy route to 5G security, many enhancements with 5G Security from standard perspective are going to help but they aren’t enough. Along with P5G, deployment of MEC (multi-access edge compute) based architecture, integrated with P5G is also on rise. MEC, although a boon to solve business problems in real time, brings many other complexities on-campus. esp. MEC is deployed in data plane path with UPF on N6 interface, many of these MEC apps could be part of Enterprises network deployed on Cloud or in Hybrid model. Securing traffic on N6 interface, as well as ensuring right policies applies to traffic flowing in/out of UPF (service provider’s network) is going to be important. Moreover, how do enterprises integrate their existing network and apps with these policies is interesting to see.
What’s way forward for enterprises adopting P5G and MEC?
TrendMicro recommends enterprises should perform pilot of security operations, integrating their existing enterprise network with P5G before going live with P5G applications. Moreover, in our view, many enterprises, adopting P5G/MEC should gear up to understand 5G security aspects, and build domain expertise early by upskilling their existing IT team or partnering with right partners or hiring such experts from outside. Implementing such pilots won’t be easy, and without skilled resources on-board, it will be an uphill task.
