Microsoft announced a series of products within its Azure cloud computing ecosystem that the company said could help open radio access network (RAN) operators better secure their systems. Microsoft's shift into the space comes amid ongoing discussions about the security of open RAN and an increasing emphasis on security in general among network operators.
However, some industry observers are cautioning against broad assertions regarding open RAN and security, mainly because open RAN technologies remain a tiny part of the overall global 5G industry.
Microsoft's interest in open RAN security reflects the software giant's push to become a key supplier to network operators of all kinds, whether large enterprises, commercial telecom operators or others.
"The inherently modular nature of open RAN, alongside recent advancements in Software Defined Networking (SDN) and network functions virtualization (NFV), enables Microsoft to deploy security capabilities and features at scale across the O-RAN ecosystem," the company wrote in a post to its website detailing its new security offerings.
Microsoft argued that it already manages a substantial cloud computing and security operation that spans 140 countries, 180,000 miles of fiber and nearly 600,000 businesses worldwide. The company plans to leverage that security expertise in the open RAN sector, mainly through Azure for Operators Distributed Services (AODS), but also via Azure services such as Active Directory, Azure Container Registry, Azure Arc and Azure Network Function Manager.
The goal, according to the company, is to "provide a foundation for secure and verifiable deployment of RAN components."
Open RAN security is a hot topic for debate. Ericsson, for example, has argued that its traditional, classical RAN architecture can be more secure than networks built on open RAN principles, which allow operators to mix and match components from different vendors. But Dish Network, a leading proponent of open RAN technologies, has put security at the center of its pitch to enterprise customers.
According to Patrick Donegan, founder and principal analyst at security consulting firm HardenStance, open RAN security hinges on scale.
"With scale, you have a decent shot at securing anything to a high standard – whether it's open RAN or anything else," he wrote in response to questions from Light Reading. "With limited deployments, your chances are a lot lower. In my view, this mundane operational reality is a lot more important to which way the needle moves on open RAN security than any of the myriad theoretical or technical arguments – most of which just casually assume large volumes and a dynamic market as a sure thing."
Donegan added: "Given the pretty weak outlook for open RAN adoption over at least the medium term, I would think this requires a much higher profile in discussion about open RAN security than it's currently getting."
Indeed, recent developments in India and the US indicate that open RAN equipment could be relegated to the corners of the 5G industry for the foreseeable future. Strand Consult, a market research firm, estimates that open RAN equipment will sit atop less than 3% of all 5G cell sites in 2030.
Even so, open RAN could eventually pave the way for new vendors to enter the telecom market. That may be what Microsoft is counting on.
Microsoft has been building telecom expertise in an attempt to convince network operators to run their core operations inside its cloud. Microsoft, Amazon, Google and other cloud computing vendors are targeting established, commercial network operators as well as enterprises keen on managing their own corporate networks.
Security as a service
Of course, the topic of security stretches far beyond Microsoft and open RAN. Commercial network operators are increasingly selling network security services directly to enterprises and others.
For example, Lumen Technologies reported that it scrubbed 66% more DDoS attacks from its network in the first quarter of 2022 than in the fourth quarter of last year. In fact, the company said it protected one unnamed organization from more than 1,300 DDoS attacks in the first quarter of this year, which was more than 20% of the total number of attacks it scrubbed during the entire quarter.
Cyberhacking remains a top issue among enterprises of every size. For example, in recent weeks networking giant Cisco admitted that its corporate IT infrastructure was compromised. Separately, communications provider Twilio recently confirmed hackers accessed some of its customer data after successfully tricking employees into providing their login information. And content delivery provider Cloudflare reported that some of its employees fell for a similar phishing attack but that it was able to block the intrusion.
Thus, it's no surprise that research and consulting firm Dell'Oro Group recently forecast that network security sales overall will exceed $150 billion globally over the next five years.
Fighting off hackers
Despite all the attention paid to cybersecurity and hacking prevention, some top telecom companies are reportedly still experiencing threats. According to KrebsOnSecurity, AT&T may have been the subject of a recent hack, based on the findings of cybersecurity firm Hold Security, which said it found a stolen set of data that matched up with current and former customers of AT&T.
AT&T declined to confirm the hack, according to the publication.
The report comes roughly a year after AT&T rival T-Mobile fell victim to a wide-ranging hack involving the data of millions of customers.
Partly in response to such developments, a group of tech and cybersecurity companies – including Amazon and IBM – recently launched the new Open Cybersecurity Schema Framework. The group intends to build a common data standard for sharing cybersecurity information.
At the same time, governments around the world are taking action. In the US, the Biden administration has earned praise for stabilizing and strengthening its approach to cybersecurity, according to an Axios report. A trio of executives, two in newly created posts, are leading the administration's cybersecurity efforts.
But it's not clear whether Biden's approach will result in any major changes. Some other countries have not fared well recently when it comes to cybersecurity. According to Reuters, a hacker claimed to have stolen the personal information of 48.5 million users of a COVID-related mobile app run by the city of Shanghai.
- Ericsson issues warning on open RAN security
- Dish's 5G sales pitch thickens around security
- Network security sales to exceed $150B over the next five years, says Dell'Oro Group