& cplSiteName &

Evolving the Mobile Security Architecture Toward 5G

Patrick Donegan
2/24/2017
100%
0%

The announcement at RSA 2017 of the Cyber Threat Alliance (CTA) -- a non-profit trade association formed by several leading security vendors for sharing cyber threat intelligence -- is timely. It reminds us how much threat intelligence matters. And it reminds us that for large organizations with complex security requirements, such as communications service providers (CSPs), the scope and scale of their security capabilities is increasingly important.

In the mobile network sector, smartphones haven't inflicted attack impacts on the scale inflicted by PCs, servers and workstations. But the momentum in mobile threats is building. Android's vulnerabilities are well known. And with commercial malware discovered in the App Store for the first time in 2015, and a zero-day exploit uncovered in iOS in 2016, even the iPhone's famed security barriers have been found wanting.

As discussed in a new white paper, "Evolving the Mobile Security Architecture Toward 5G," 5G will be the first generation of cellular to launch in an era when the Internet is routinely weaponized. In addition to extending the 2G, 3G and 4G security framework, 5G will generate new security requirements. Think of security within and between different network slices; the threat posed by end devices capable of supporting throughput of up to 100 Mbit/s; and the security controls needed around remote medical procedures.

Operators are heavily reliant on implementing security from within the network. And here, the generally slow pace of network transformation by CSPs compares poorly with the much faster pace of Webscale Internet companies (WICs).

While there are several exceptions among the industry's leaders, most operators haven't made enough progress on virtualizing their networks. As supported by new data in the latest edition of Heavy Reading's Future of Virtualization Indexes -- see "Network Virtualization: The Road Gets Longer" -- most virtual network functions (VNFs) have been implemented in isolation from one another, with very little in the way of infrastructure sharing, automation or orchestration.

From a security standpoint, this matters a lot. Yes, the WICs have a tendency to outpace the CSPs in technology innovation. But so does the attacker community. In addition to being needed for revenue generation and opex reduction in general, the automated network scalability and agility of SDN and NFV are also needed to respond to the threat environment. Network security applications delivered more dynamically and at scale needs to be a primary driver of a more software-programmable approach -- not just an afterthought.

The telecom industry is arriving at a consensus that 5G requires a fully featured NFV Infrastructure (NFVI). The piecemeal virtualization model therefore runs out of road at the 5G inflection point. Given this emerging consensus, operators need to start evolving their networks now in a compatible direction. In that sense, 5G is injecting welcome momentum into software programmability, which can be leveraged to drive a more robust, fit-for-purpose mobile network security architecture as well.

Even as recently as the launch of 4G in 2009, the threat actors lined up against network operators and their customers posed nothing like the risk they posed today. Equally, the type of security artillery needed to protect against those threats has changed in just the last three or four years.

The sharing of threat intelligence by major security vendors in the Cyber Threat Alliance, as previously mentioned, is just one example of how the threat defense landscape is changing. Others include:

  • More software-programmable access controls for allowing differentiated access privileges for employees and partners with respect to corporate applications;

  • Leveraging of anomaly detection, so that malware that has evaded detection by conventional perimeter controls can be identified by its behavior within the network, including by deviations from the norm of a file’s own unique, historical behavior in the network.

  • Intense monitoring, pooling and analysis of DNS-related activity, given how frequently and lethally it is used as an attack vector (including the attacks on Dyn and Deutsche Telekom at the end of last year, leveraging the Mirai botnet).

  • The type of high-end cybersecurity personnel that operators need to design, implement and operate network security are in very short supply.

Convention dictates that operators build out all of their own security infrastructure. Yet changes in the threat and defensive landscapes in upcoming 5G standards, and in cloud networking capabilities, suggest that operators should pause to consider whether self-build is necessarily the right model for the future.

Operators need to reflect on how their own achievements to date compare with state-of-the-art levels of automation and orchestration in the cloud. They need to consider whether their own security resources, supported by multiple third-party security vendors, will be powerful enough to meet emerging security challenges.

Among the options that need to be considered is whether the uniquely critical area of security is one that operators should consider buying in outright from security specialists, by way of an infrastructure-as-a-service (IaaS) model.

IaaS is typically no more controversial to the IT side of an operator's business than it is in the case of any other enterprise. But run IaaS past the network side of the house, and it certainly is controversial. Other than outsourcing backhaul or transport networks to third parties, there isn't much of a precedent for it. However, technology, and technology business models, are evolving rapidly now. The nature of evolving mobile security requirements demands a willingness to think outside the box.

You can learn more about this topic by reading the new white paper, "Evolving the Mobile Security Architecture Toward 5G."

— Patrick Donegan, Contributing Analyst, Heavy Reading

This blog is sponsored by Cisco Systems.

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
More Blogs from Heavy Lifting Analyst Notes
LTE-A Pro as not only valuable on its own terms, but also as part of a network strategy that will accelerate the commercial success of 5G.
Those operators that master NFV service assurance early will be able to reap NFV benefits faster and de-risk VNF-based service launches.
It's time for reluctant telecom carriers to treat video as a core service offering so that it can generate plenty of fresh revenue and growth opportunities for them.
With C-RAN, operators have more tools for shoehorning more customers into spectrum they already own.
To fully benefit from the opportunities of 5G, IoT and NFV, operators must assure their infrastructure, services and processes throughout each stage of their virtualization, automation and DevOps journey.
From The Founder
Following a recent board meeting, the New IP Agency (NIA) has a new strategy to help accelerate the adoption of NFV capabilities, explains the Agency's Founder and Secretary, Steve Saunders.
Flash Poll
Live Streaming Video
Charting the CSP's Future
Six different communications service providers join to debate their visions of the future CSP, following a landmark presentation from AT&T on its massive virtualization efforts and a look back on where the telecom industry has been and where it's going from two industry veterans.
LRTV Interviews
AT&T: Creating Dynamic Networks to Meet Business Needs

5|26|17   |   4:24   |   (0) comments


As enterprises need more dynamic networks, service providers need to deliver on-demand, virtual services to meet those needs. AT&T is creating a networking fabric to mix-and-match SDN technologies for enterprise customers, says Roman Pacewicz, AT&T senior vice president for offer management and service integration, in an interview at Light Reading's
LRTV Interviews
EdgeConneX on Industry Headwinds & Tailwinds

5|26|17   |   2:41   |   (0) comments


At Light Reading's Big Communications Event 2017, EdgeConneX CTO Don MacNeil discussed the value of partnerships in the digital world.
LRTV Documentaries
4 Steps Toward a Higher Network IQ

5|26|17   |     |   (0) comments


At the Big Communications Event in Austin, Texas, EXFO CEO Philippe Morin explains how sensors and analytics can boost a network's intelligence and enable on-demand customer experiences. Find more BCE 2017 coverage here.
LRTV Interviews
BT's McRae Sheds Light on 4K Strategy

5|25|17   |   4:45   |   (0) comments


At Light Reading's Big Communications Event 2017 in Austin, Texas, BT Group's Chief Network Architect Neil McRae talks about what it took for BT to broadcast live sports in 4K. Catch up with all our BCE coverage at http://www.lightreading.com/bce.asp.
From the Founder
How the NIA Aims to Advance NFV

5|25|17   |   08:07   |   (1) comment


Following a recent board meeting, the New IP Agency (NIA) has a new strategy to help accelerate the adoption of NFV capabilities, explains the Agency's Founder and Secretary, Steve Saunders.
LRTV Custom TV
Better Solutions That Address Growing Scale

5|25|17   |     |   (0) comments


For Comcast, the X1 rollout and 17-fold increases in broadband speeds in the past 16 years are among factors driving the need for Energy 2020 solutions that reduce cost and consumption, says Mark Hess.
LRTV Custom TV
Ethernity Network Delivers Instant Offloading of Network Functions With All-Programmable Intelligent NIC

5|25|17   |     |   (0) comments


David Levi, CEO of Ethernity Networks, explains that programmability of the hardware makes the company's All-Programmable Intelligent NIC uniquely beneficial for communications service providers that need advanced data appliances with agile support of virtualization. Utilizing the company's patented network processing technology, Ethernity offers data path ...
LRTV Documentaries
BCE 2017: Vodafone Gets Obsessed With Cloud-Native

5|25|17   |     |   (0) comments


Vodafone's Matt Beal updates us on Project Ocean and explains why simple virtualization isn't enough of a goal for network transformation. Catch up with other BCE 2017 keynotes and news at http://www.lightreading.com/bce.asp.
LRTV Documentaries
BCE 2017: Intel's Take on Network Transformation

5|24|17   |     |   (0) comments


In this BCE 2017 keynote, Lynn Comp discusses Intel's vision for areas such as analytics, automation and service assurance. For more videos and BCE coverage, see http://www.lightreading.com/bce.asp.
LRTV Documentaries
Order From Chaos: The Steve Saunders BCE Keynote

5|24|17   |   17:27   |   (0) comments


Kicking off BCE 2017, Light Reading founder Steve Saunders lays blame for NFV's slow ramp-up and urges telecom to return to old-fashioned standards building and interoperability testing.
Think of this as the video sequel to the recent columns he's written about NFV and the prospect of a telecom app store. (See

LRTV Documentaries
Service Provider Panel: Partnering in the Digital Era

5|22|17   |     |   (0) comments


Coopetition has always been part of telecom, but the ecosphere now includes data centers, vendors, apps developers, cloud service providers and Internet content providers. This BCE 2017 panel explores the new attitudes among network operators as to the value and variety of ...
LRTV Interviews
Site Demo: AT&T's IoT Flow Platform

5|19|17   |   04:25   |   (0) comments


At AT&T's R&D center in Tel Aviv, Israel, project leader Eyal Segev talks about the operator's Flow platform and how it helps to prototype IoT applications.
Infographics
With the mobile ecosystem becoming increasingly vulnerable to security threats, AdaptiveMobile has laid out some of the key considerations for the wireless community.
Hot Topics
Cities Clamor for More Clout at FCC
Mari Silbey, Senior Editor, Cable/Video, 5/23/2017
What's Blocking 4K TV Today
Alan Breznick, Cable/Video Practice Leader, Light Reading, 5/22/2017
Sonus & Genband Finally Combine to Form $745M Company
Dan Jones, Mobile Editor, 5/23/2017
Like Us on Facebook
Twitter Feed
BETWEEN THE CEOs - Executive Interviews
One of the nice bits of my job (other than the teeny tiny salary, obviously) is that I get to pick and choose who I interview for this slot on the Light Reading home ...
TEOCO Founder and CEO Atul Jain talks to Light Reading Founder and CEO Steve Saunders about the challenges around cost control and service monetization in the mobile and IoT sectors.
Animals with Phones
What Brogrammers Look Like to the Rest of Us Click Here
Live Digital Audio

Playing it safe can only get you so far. Sometimes the biggest bets have the biggest payouts, and that is true in your career as well. For this radio show, Caroline Chan, general manager of the 5G Infrastructure Division of the Network Platform Group at Intel, will share her own personal story of how she successfully took big bets to build a successful career, as well as offer advice on how you can do the same. We’ll cover everything from how to overcome fear and manage risk, how to be prepared for where technology is going in the future and how to structure your career in a way to ensure you keep progressing. Chan, a seasoned telecom veteran and effective risk taker herself, will also leave plenty of time to answer all your questions live on the air.