Securing 5G Networks: Do You Want Automation With That Slice?

Jim Hodges
3/7/2019
50%
50%

I have been covering 5G security for more than two years. From the outset, I was concerned about the wide-ranging security implications that 5G commercialization would have. That's not to downplay the success and progress that standards bodies, vendors, and even service providers have achieved in dealing with 5G security issues. It's simply a reflection that the scope of 5G security changes is so broad that it is a tall order to address all the resulting challenges in lockstep.

Consequently, I have wanted to undertake a comprehensive 5G security research project to understand how service providers are responding to the challenges, their 5G managed security service plans, investment priorities, and network evolution strategies. This recently came to fruition with the 5G Security Market Leadership Study (MLS) that Heavy Reading launched in early January of this year. Working with sponsors F5 Networks, Fortinet, NetNumber, and Palo Alto Networks, we created a comprehensive survey designed to provide both trend data and granular insights. The survey attracted 103 global respondents who worked for a cross-section of carriers of various sizes. The survey itself contained 28 questions and provided insightful data related to a broad spectrum of topics.

Scale and security are key
Many key areas stood out in terms of how service providers planned to differentiate managed security services (scale emerged as a key differentiator). Also significant were service providers' thoughts on launching 5G with a new 5G next-generation core (NGC) core or relying on their existing 4G core. The latter issue is important since it directly affects timelines to invest in and deploy 5G security slicing capabilities.

Without question, the security implications and architecture changes necessary to effectively secure 5G slices are extensive since slicing supports a myriad of use cases. Each one has unique security requirements, ranging from validating users in the slice and slice life-cycle management to the all-important security policy enforcement.

Consequently, as illustrated in the figure below, an interesting data point from the survey input was that less than a third of respondents (23% to 30%) plan to invest in specific slice security capabilities before launch to minimize the security impacts. This input dovetails with their launch core network architecture preference we will address in a future blog. But it is clear that most service providers recognize that slicing is important and must be secured. Thus, they plan to plan to invest in security capabilities "soon after launch."

5G Security Slice Investment
Question: When will you invest in the following 5G slice security capabilities? (N=98-101) 
(Source: Heavy Reading)
Question: When will you invest in the following 5G slice security capabilities? (N=98-101)
(Source: Heavy Reading)

A key takeaway here is that service providers are committed to investing in the security measures to secure 5G slices. Pragmatically, however, the investment will start to ramp up only after commercial launch. Heavy Reading also looked at differences in the investment strategies service providers would adopt based on geographical market location, which we will address in the upcoming Securing 5G Networks: Service Provider Perspectives webinar.

Automation is a complex topic
A second notable data point of the many the survey produced relates to automating 5G security policy. Automation is an interesting topic in that conceptually it is extremely powerful, but implementation on a granular use case level, including slice-based use cases, will be complex. Therefore, like any other network capability that hopes to exit the hype cycle, automation must possess a financially sound business case. To this end, automation is often positioned as driving a meaningful reduction in opex associated with securing 5G networks. Survey responses captured in the figure below reinforce this sentiment.

For instance, essentially half the respondents (49% to 53%) believe that automated policy will reduce opex at a level of 10% to 25% for all the use cases listed, including distributed denial-of-service (DDoS) attack detection (53%), security for both public and private cloud applications and services (49% and 50%), and slice-related security (end-customer portal, 50%, and traffic security in a slice, 49%).

At the other end are two groups. The slightly larger group (27% to 31%) gauges opex savings in the less than 10% range, while the third most aggressive group (20% to 24%) forecasts an opex reduction of more than 25%. Combining the two upper scoring groups results in about 70% of respondents forecasting at least a 10% opex reduction. While a positive trend overall, this reduction will have to be tracked carefully to the additional capex -- if any -- that automation will drive.

Automation & Opex
Question: What is the opex reduction potential for the following automated 5G security policy focus areas? (N=96-100)
(Source: Heavy Reading)
Question: What is the opex reduction potential for the following automated 5G security policy focus areas? (N=96-100)
(Source: Heavy Reading)

More to come
This blog is the first in a series of four Heavy Reading will publish over the next few weeks. Future blogs will present additional service provider thoughts associated with security implications of the new 5G control plane and fraud mitigation strategies, as well as 5G security service differentiation and use case-level implementation priorities.

Looking for more information? Plan to attend the Securing 5G Networks: Service Provider Perspectives webinar on March 19 or view the archived version, where we will present more of the research data from this survey.

This blog is sponsored by F5 Networks.

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT