& cplSiteName &

Securing 5G Networks: Making Sense of Security Service Requirements

Jim Hodges
3/28/2019
50%
50%

The commercialization of 5G networks is underway and with it the expectation that 5G will be nothing short of profound from a service innovation perspective. But what shape and which use cases will drive this next innovation cycle are still relatively fluid and subject to market demand from the end user. While this "let the customer decide" approach is appropriate based on industry discussion levels, it's apparent that security and related services must be commercial-grade and available from day one.

Understanding the relationship between 5G services and security requirements was investigated in Heavy Reading's recently completed 5G Security Market Leadership Study (MLS). The study-based survey was developed with F5 Networks, Fortinet, NetNumber and Palo Alto Networks. It attracted 103 global survey respondents and included several questions related to use case-specific business models, technical challenges and preferred commercial architectures.

Addressing pent-up demand for security
In a business model context, one thing is clear. Early on in their cloud services transformation, service providers encountered pent-up demand for security services from their enterprise customers who needed assistance in making sense of their cloud security service requirements. In response, many of these service providers started delivering a broad range of security capabilities utilizing a security as a service (SECaaS) business model.

Given SECaaS is cloud-based, it will only increase in relevance as 5G services ramp. However, one significant challenge will be to decide which new security capabilities must be infused into an existing SECaaS portfolio to enhance service differentiation. Addressing this challenge is complex since 5G networks are inherently "service aware." They will support a broad range of new services ranging from cellular Internet of Things (IoT)-based services (e.g., narrowband IoT [NB-IoT]) to low latency critical services delivered on dedicated slices.

Consequently, 5G SECaaS services will demand a greater focus on application visibility and ultimately threat correlation to infected devices and subscribers. The figure below from the MLS survey illustrates the relative importance of these capabilities in a SECaaS model, including confirming the value threat correlation provides.

A key takeaway is that based on "extremely important" response levels, visibility and threat correlation will demand the implementation of advanced capabilities that execute on both a subscriber and device level across the entire network. As a proof point, 40% of the survey respondents believed that having visibility into and the ability to control IoT services was most important.

But not far behind was utilizing the international mobile subscriber identity (IMSI) correlation to threat capabilities to correlate threats, vulnerabilities, and attacks to a specific infected user and securing applications and services at the edge (both 38%). Integrated automated policy support (36%) and device level threat correlation utilizing the international mobile equipment identity (IMEI; 35%) were also identified as key pieces of the puzzle.

Ranking SECaaS Offerings
Question: How important are the following 5G SECaaS offerings? (N=95-98) 
Source: Heavy Reading
Question: How important are the following 5G SECaaS offerings? (N=95-98)
Source: Heavy Reading

Considering 5G implementation approaches
The implementation of 5G security services will also have to seamlessly manage the shift of traffic from traditional interfaces and protocols to new interfaces and protocols on the both the user plane and the control plane. As illustrated in the figure below, when the respondents were asked to agree or disagree with several 5G implementation considerations, based on "agree" responses, they most identified with the complexity of dealing with signaling security between inter-operator networks (88%). This input reaffirms the findings of other control plane questions in the MLS survey that highlight the additional complexity 5G introduces on the control plane – even though 5G roaming will ramp up gradually. But other areas stood out as well based on the "agree" response levels.

One such consideration was how to deal with the impact of 5G edge cloud implementations (also noted in the first figure) with the inevitable agreed upon decline of traffic on the traditional Gi-LAN interface to the web with the ramp of 5G (84%). But even with this decline, most respondents agreed that if the non-standalone (NSA) option (4G Evolved Packet Core [EPC] with 5G radio access network [RAN]) was implemented, it would still be necessary to invest in the EPC to meet 5G requirements (76%). Finally, as reinforced in several places in the survey, given 5G complexity levels (including the focus on service awareness), 81% of the respondents agreed that the implementation of content inspection on an end-to-end network basis was vital to gain attack insight.

5G Implementation Considerations
Question: Do you agree or disagree with follow statements? (N=98-100)  
Source: Heavy Reading
Question: Do you agree or disagree with follow statements? (N=98-100)
Source: Heavy Reading

The input from these two questions and others from Heavy Reading's MLS survey confirm that 5G security services will be more complex to implement than previous generations. However, the good news is that service providers understand which tools and capabilities they will need to not only successfully implement 5G security services, but also differentiate them.

Looking for additional information? Plan to watch the archived version of a recent Securing 5G Networks: Service Provider Perspectives webinar where Heavy Reading and the study sponsors presented more of the research data from the MLS.

— Jim Hodges, Principal Analyst, Cloud and Security, Heavy Reading

This blog is sponsored by Palo Alto Networks.

(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
More Blogs from Heavy Lifting Analyst Notes
Enterprises and other organizations want to operate private mobile networks, but what are their options for getting the needed spectrum?
For the first time, Light Reading will offer two breakfast roundtables on key tech topics at this fall's SCTE|ISBE Cable-Tec Expo in New Orleans – the first on network virtualization and the second on cable and 5G.
As a keen OSS-BSS observer, I like to parse financial disclosures to gauge the health of the market.
For any operator, revamping an entire business support system (BSS) architecture in just six months and cutting IT opex by 80% as a result is a notable achievement.
Dedicated 5G campus networks, designed to meet the coverage, performance and security requirements of industrial users, are one of the most exciting – and tangible – advanced 5G use-cases under development.
Featured Video
Upcoming Live Events
September 17-19, 2019, Dallas, Texas
October 1-2, 2019, New Orleans, Louisiana
October 10, 2019, New York, New York
October 22, 2019, Los Angeles, CA
November 5, 2019, London, England
November 7, 2019, London, UK
November 14, 2019, Maritim Hotel, Berlin
December 3-5, 2019, Vienna, Austria
December 3, 2019, New York, New York
March 16-18, 2020, Embassy Suites, Denver, Colorado
May 18-20, 2020, Irving Convention Center, Dallas, TX
All Upcoming Live Events