The 5G opportunity is unprecedented, but it will also be the ultimate test of securing networks at speed and scale. For digital infrastructure to support business objectives and enhanced experiences, security must keep pace with 5G's accelerated networking capabilities. CIOs, CISOs, architects and operators designing for 5G needs should consider five key elements: scalability, performance coupled with security, secure SD-WAN, segmentation and VNF/PNF.
1. Scalability at a whole new level
5G provides a ten-fold increase in mobile broadband (eMBB), the support for a super-high density of connected devices – up to 1 million devices per square kilometer (mMTC) – and the ability to deliver ultra-reliability with ultra-low latency (URLLC).
5G requires hyperscalability, which goes far beyond simply providing 4G services that go faster. If done right, the end result will be a set of services and use cases that not only meet, but exceed customers' expectations. But this won't be achievable without the right investments because a hyperscale data center architecture supporting 5G networks must be ready for staggering amounts of connected devices and massive volumes of data generated, communicated, stored and analyzed across distributed compute, storage and network resources.
2. Achieve both performance and security
This hyperscale data center architecture needs the ability to successfully secure all of the above without sacrificing performance. Securing 5G goes well beyond Secure SD-WAN or any one aspect of the technology that underpins 5G architecture. There's the safeguarding of the mobile infrastructure itself from cyberattacks, misuse and related consequences, and also the safeguarding of the services powered by the infrastructure.
To operate effectively at 5G speed, cybersecurity tools will need to provide inspection, prevention and detection at speeds that no security product has previously been able to deliver. But without the ability to protect hyperscale environments at the required speeds security becomes a bottleneck that will slow the benefits that 5G promises. Otherwise, organizations will have to forego critical security in order to deliver performance and meet business objectives. Neither of these is an acceptable option.
3. Looking to secure SD-WAN
SD-WAN offers a helpful underpinning for ushering in 5G, as Verizon has pointed out. 5G isn't as simple as just having another choice for connectivity; adding more options to a system built on multiple moving parts can exponentially aggravate the challenge of selecting, monitoring and managing connections—ultimately outstripping the capacity and management capabilities of typical edge-based routers.
Organizations must be able to make quick connectivity changes without affecting performance or causing interruptions. They must not only provide the right kind of connection to a specific device using a certain application, but they must also recognize when connectivity requirements change or if a connection starts to break down.
For these reasons, carriers are focusing on SD-WAN as a critical technology for WAN management. Secure SD-WAN solutions are designed to support and manage 5G connections, and can automatically determine the requirements needed to establish the optimal connection for any given application or service. This ability provides significant flexibility and lower total cost of ownership compared with MPLS or other traditional connectivity options, and crucially, combines security and networking into one easy-to-manage offering.
4. Embrace segmentation
Digital transformation, the acceleration of data driven decision making, and the adoption of 5G are just some of the reasons driving growth of hyperscale data centers. Synergy Research Group notes the use and development of hyperscale data centers has more than doubled since 2015. Like their predecessors, hyperscale data centers must balance segmentation and performance requirements. Services need to be segmented and interoperate among a massive number of physical and virtual assets. Most current software-based solutions have high latency and low performance, which increases time to service and harms the overall user experience.
In this new frontier of 5G, organizations will need to use segmentation techniques that dynamically extend from the edge to the core and negotiate secure access across network segments that organizations may or may not own. The right technology will ensure that dynamic and granular access control is in place to continuously monitor trust levels and adapt security policy accordingly.
5. Use VNF and PNF as a team
The evolution of 5G will require hybrid infrastructure models that include a blend of Virtual Network Functions (VNF) and Physical Network Functions (PNF) security. Cloud technologies used throughout the 5G infrastructure – including New RAN [NR], 5G Core [5GC], Telco cloud and Multi-Tenant Edge Computing [MEC] – can be well served by security VNFs that protect different infrastructure components in the control and user planes, as well as secure various use cases.
But VNFs will be inefficient, and therefore inadequate, in situations where the constant availability of hyperscale security services is required throughout the 5G infrastructure. PNFs deliver more effectively when it comes to cost/performance, energy efficiency, physical footprint and ease of implementation. These areas may include, but are not limited to: Security Gateways (SecGW) for backhaul connectivity (N3), massive Carrier Grade NAT (CGNAT), 5G Core to PDN security and roaming security. For the foreseeable future, especially as 5G scales and develops, hybrid security will need to be implemented with a mix of security VNFs (virtual machines and containers) and PNFs.
Looking to the future
At the end of last year, there were approximately 10 million 5G wireless connections worldwide. That number is growing at break-beck speed, and is expected to top 1.01 billion by 2023, according to IDC. But with all of this potential comes the requisite caveats. By carefully examining the five key elements laid out above, organizations can make sure they're entering the world of 5G with security top of mind.
—Jonathan Nguyen-Duy, Vice President, Global Field CISO Team, Fortinet
About the author
Jonathan Nguyen-Duy is vice president, global field CISO team at Fortinet. He has unique global government and commercial experience with a deep understanding of threats, technology, compliance and business issues. Nguyen-Duy holds a BA in International Economics and an MBA in IT Marketing and International Business from the George Washington University.
Photo by Dan Nelson on Unsplash