Securing 5G Networks: Making Sense of Security Service Requirements
Jim Hodges, Principal Analyst – Cloud and Security, Heavy Reading
The commercialization of 5G networks is underway and with it the expectation that 5G will be nothing short of profound from a service innovation perspective. But what shape and which use cases will drive this next innovation cycle are still relatively fluid and subject to market demand from the end user. While this "let the customer decide" approach is appropriate based on industry discussion levels, it's apparent that security and related services must be commercial-grade and available from day one.
Understanding the relationship between 5G services and security requirements was investigated in Heavy Reading's recently completed 5G Security Market Leadership Study (MLS). The study-based survey was developed with F5 Networks, Fortinet, NetNumber and Palo Alto Networks. It attracted 103 global survey respondents and included several questions related to use case-specific business models, technical challenges and preferred commercial architectures.
Addressing pent-up demand for security
In a business model context, one thing is clear. Early on in their cloud services transformation, service providers encountered pent-up demand for security services from their enterprise customers who needed assistance in making sense of their cloud security service requirements. In response, many of these service providers started delivering a broad range of security capabilities utilizing a security as a service (SECaaS) business model.
Given SECaaS is cloud-based, it will only increase in relevance as 5G services ramp. However, one significant challenge will be to decide which new security capabilities must be infused into an existing SECaaS portfolio to enhance service differentiation. Addressing this challenge is complex since 5G networks are inherently "service aware." They will support a broad range of new services ranging from cellular Internet of Things (IoT)-based services (e.g., narrowband IoT [NB-IoT]) to low latency critical services delivered on dedicated slices.
Consequently, 5G SECaaS services will demand a greater focus on application visibility and ultimately threat correlation to infected devices and subscribers. The figure below from the MLS survey illustrates the relative importance of these capabilities in a SECaaS model, including confirming the value threat correlation provides.
A key takeaway is that based on "extremely important" response levels, visibility and threat correlation will demand the implementation of advanced capabilities that execute on both a subscriber and device level across the entire network. As a proof point, 40% of the survey respondents believed that having visibility into and the ability to control IoT services was most important.
But not far behind was utilizing the international mobile subscriber identity (IMSI) correlation to threat capabilities to correlate threats, vulnerabilities, and attacks to a specific infected user and securing applications and services at the edge (both 38%). Integrated automated policy support (36%) and device level threat correlation utilizing the international mobile equipment identity (IMEI; 35%) were also identified as key pieces of the puzzle.
Considering 5G implementation approaches
The implementation of 5G security services will also have to seamlessly manage the shift of traffic from traditional interfaces and protocols to new interfaces and protocols on the both the user plane and the control plane. As illustrated in the figure below, when the respondents were asked to agree or disagree with several 5G implementation considerations, based on "agree" responses, they most identified with the complexity of dealing with signaling security between inter-operator networks (88%). This input reaffirms the findings of other control plane questions in the MLS survey that highlight the additional complexity 5G introduces on the control plane – even though 5G roaming will ramp up gradually. But other areas stood out as well based on the "agree" response levels.
One such consideration was how to deal with the impact of 5G edge cloud implementations (also noted in the first figure) with the inevitable agreed upon decline of traffic on the traditional Gi-LAN interface to the web with the ramp of 5G (84%). But even with this decline, most respondents agreed that if the non-standalone (NSA) option (4G Evolved Packet Core [EPC] with 5G radio access network [RAN]) was implemented, it would still be necessary to invest in the EPC to meet 5G requirements (76%). Finally, as reinforced in several places in the survey, given 5G complexity levels (including the focus on service awareness), 81% of the respondents agreed that the implementation of content inspection on an end-to-end network basis was vital to gain attack insight.
The input from these two questions and others from Heavy Reading's MLS survey confirm that 5G security services will be more complex to implement than previous generations. However, the good news is that service providers understand which tools and capabilities they will need to not only successfully implement 5G security services, but also differentiate them.
Looking for additional information? Plan to watch the archived version of a recent Securing 5G Networks: Service Provider Perspectives webinar where Heavy Reading and the study sponsors presented more of the research data from the MLS.
— Jim Hodges, Principal Analyst, Cloud and Security, Heavy Reading
This blog is sponsored by Palo Alto Networks.