In tandem with the deployment of 5G networks is the emergence of edge computing and edge clouds – placing data processing and storage in close proximity to where it’s needed on the enterprise edge. Moving computing closer to the enterprise edge improves network performance and reduces cost as traffic no longer needs to be routed to central clouds.
5G networks and edge computing are creating new business opportunities and richer consumer experiences. Many mobile service providers are planning to shift their network delivery from a few mega-capacity central clouds to thousands of edge clouds that support more agile, customizable services. Without integration, the new 5G network edges are where the new security challenges will likely occur.
The performance of 5G networks has to be matched by the associated security and computing components. Without strategic security planning, the necessary security solutions could inadvertently create bottlenecks that negate the value of edge computing. Enabling applications to perform at 5G speeds to ensure expected user experience is one thing, but ensuring that this happens securely, across more network access points than ever before, presents an entirely new set of very serious challenges. Organizations need to be prepared today with stronger, broader, integrated and automated security foundations.
5G’s huge momentum
Omdia forecasts that there will be 236 million global 5G subscriptions by the end of 2021. 5G holds the potential for mobile network operators (MNOs) to deliver a whole new slate of value-added enterprise services, generating new revenue streams and driving growth. For medium-to-large enterprises across various industries and verticals, harnessing 5G technology and capabilities will further help to increase efficiency, automation, safety, sustainability and innovation in general.
Understanding the associated 5G risks
Not to be outdone, bad actors will also make the most of 5G capabilities. All of the new network edges potentially pose new security risks, and yet many organizations have focused on performance and digital transformation to the detriment of centralized visibility and unified control. Cybercriminals and other threat actors continually evolve their tactics, techniques and procedures and will no doubt exploit new vulnerabilities while leveraging 5G to accelerate the speed of attacks.
Threat actors are using formal and informal teaming arrangements via the dark web marketplace to leverage the same technologies used by defenders. For instance, cybercriminals are making progress toward developing and deploying swarm-based attacks. These attacks use hijacked devices divided into subgroups, each with specialized skills. They target networks or devices as an integrated system and share intelligence in real time to refine their attack as it is happening. Swarm technologies need large amounts of processing power to enable individual swarmbots and to efficiently share information in a bot swarm. This allows them to rapidly discover, share and correlate vulnerabilities and then switch their attack methods to better exploit their discoveries. This is how they use data analytics to predict countermeasures and proactively adapt their tactics, techniques and procedures.
A new strategy for 5G security
To develop an adaptive security strategy for 5G, organizations must take these five elements into account.
- A detailed evaluation of the security issues: What is the role of security in 5G's adoption and penetration in the business market? Does 5G have an acceptable set of built-in security capabilities to protect itself and the enterprise customers it serves? Or is an additional layer of security required to capture the 5G business market?
- A grasp of the potential impacts: Organizations need to understand 5G's impact on their overall security posture. The use of 5G services and technologies will impact the attack surface, the attack vectors, and the very nature of attacks. They need to understand where the MNO's security responsibility begins and ends and what their part is – akin to the shared model in public clouds. The potential benefits of 5G will overcome the security concerns associated with it if enterprises know what those concerns are and what is required to mitigate them.
- A new set of controls: While it’s true that 5G offers some built-in security capabilities, these alone should not and must not be considered the only line of defense against network infrastructure problems, services misuse, cyber threats and other risks. An integrated layer of network and security visibility and control is necessary.
- Security controls that don't destroy the benefits of 5G: If organizations are unprepared, the ability of applications to access information will slow significantly, driving serious latency issues and negating the user experience for customers and employees alike. That's just the start of the challenge. Adding adequate security that protects users and mission-critical information could easily create bottlenecks within bottlenecks.
- A convergence of networking and security: With security woven into their core, networks will be able to expand and adapt to digital innovations with ease and do so at levels that take full advantage of 5G capabilities. Converging networking and security creates a security strategy that is highly flexible and adaptive.
A firm security foundation
5G is opening up tremendous opportunities, including edge computing, connected platforms, and autonomous systems. With these new opportunities comes new challenges, that if not adequately addressed, can lead to avoidable costs and disruptions. Increasing complexity and the ever-increasing sophistication and effectiveness of cyber threat actors, will seriously challenge unprepared IT teams.
5G networks require networking, security, and compute to work as an integrated solution with tight tolerances – not disaggregated technology stacks and teams. Without built-to-purpose technology, traditional security methods will likely create latency and bottlenecks that undermine the value of these new 5G networks. So, to take full advantage of 5G, organizations should consider the five security elements listed above as the starting point of their 5G journey.
— Jonathan Nguyen-Duy, Vice President, Global Field CISO team, Fortinet
About the author:
Jonathan Nguyen-Duy is vice president, global field CISO team at Fortinet. He has over 20 years of unique global public sector and commercial experience, along with a deep understanding of threats, technology, compliance and business issues. Jonathan holds a bachelor’s degree in international economics and a master’s of business administration in IT marketing and international business from the George Washington University.
Photo by LinkedIn Sales Solutions on Unsplash