How a Zero Trust security model can be applied to 5G networks
5G will provide a significant increase in the number of devices connected to the internet, producing a vast amount of data. But at the same time, new security threats will get introduced along with the attack surface.
In November, AT&T released its most recent Cybersecurity Insights Report (email required), which focused on security aspects in the 5G network. The facts and numbers that came out in the report are highlighted by critical security measures, and how organisations and enterprises are securely utilising 5G.
As the report found, 44% of respondents said major security concerns for organisations could be a larger attack surface created due to increased connectivity. 39% of those polled said another major security issue could be due to the growth in devices, alongside the promised increased speed of the network. More than a third (36%) feel that, with 5G, new types of IoT devices are going to be part of the internet, and that should enable the extension to security policies of IoT devices for organisations.
The Zero Trust network security concept has been widely adopted by many enterprises’ private networks over the past decade. It is identified as one of the options that will address most of the security concerns in the 5G network. A Zero Trust network helps monitor and identify malicious activities by either a user or a machine inside or outside the network.
Generally, after a successful breach inside the internal network, an outside attacker will get all the privileges of an internal user, and will be able to perform malicious activities to steal data or break the infrastructure. With Zero Trust, all users or machines get restricted access to a part of the network to perform a specified set of tasks assigned to it. The Zero Trust model also enables continuous monitoring of user or machine activities inside or outside the network, and reports for glitches.
The Zero Trust concept is adopted by enterprises due to the consolidated identity and authentication mechanism applied to each part of its network. As 5G will involve a huge number of connected devices, Zero Trust may help enterprises to authenticate and identify all connected devices and keep track of all the activities of those devices for any malpractice within the network.
For enterprise organisations, it has been observed that Zero Trust Network Access (ZTNA) is replacing the VPN for protecting business data and applications from attackers. The virtual private network may still work adequately for smaller scale businesses, where security flaws are fixed and data transmission is properly encrypted.
But there might be pitfalls for the Zero Trust approach as well.
Scale: The Zero Trust model was implemented and run successfully in enterprise private networks such as Google infrastructure. But 5G is a telecom network and will connect millions of devices to the public internet. It will be very complex for many enterprises to put down security policies that will be followed on the 5G network. What’s more, a 5G public network will involve Multi-Access Edge Networks and network slices. Having a hybrid policy definition will be a challenge for telecom service providers.
Latency break: There might be the possibility of an adverse effect on latency between network applications. The Zero Trust model involves continuous monitoring and analysis of each device IP connected to the network and tracking activities. This might hamper latency as it involves an intermediately monitoring application taking a bit of time to fetch and send details to the central cloud.
The Zero Trust approach is a sophisticated way of handling identity and authentication mechanisms which can allow 5G telecom service providers to secure the network. It has tested successfully for private networks, but for a public network like 5G, the Zero Trust model needs even more maturity to handle a wide variety of technologies, infrastructures, and policies.
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, Cyber Security & Cloud Expo and 5G Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.
- » Why operators need to be both open and automated in the 5G era
- » BT says the UK gov's decision to limit Huawei gear will cost it £500m
- » Exploring the upside for smart city device management solutions
- » Despite the UK’s decision, Australia is sticking by its Huawei 5G ban
- » US Cellular announces LTE-M network to optimise IoT connectivity