Why 5G security is a business imperative - GSMA Mobile 360 Series

Why 5G security is a business imperative

By Anu Puhakainen, Director Product Management Security Solutions, Ericsson

Ericsson is a Supporting Sponsor of Mobile 360 – Security for 5G, which will be held in the Hague, 28-29 May 2019.

5G is transforming the world. Some see challenges, others see opportunities. Whether your 5G glass is half empty or half full, you must protect your assets and adapt to a rapidly changing world. 5G is driving the digital transformation of industries, changing the business landscape. The communication service providers and enterprise customers that will survive are those that understand the risks of the new interconnected world and take the right measures to protect their assets, whether people, places and things.

Coping in a changing world
Networks are becoming more dynamic to handle the surge in demand for more data faster, better, whenever and wherever. As the demand grows, the security challenges increase. Next-generation virtual networks are taking hold, including cloud, radio access and core networks. Software updates are continuously being rolled out. New infrastructure, including network slicing with edge computing, is introducing increased levels of complexity as well as new threat vectors alongside new opportunities. All this contributes to an increasingly complex environment, which only amplifies the challenges of maintaining and securing your assets from potential threats.

Addressing 5G security challenges
What lies ahead for those who want to leverage the power of 5G to gain competitive advantage? To be successful, there are several factors that must be taken into consideration.

A critical factor to address is the lack of end-to-end visibility for security in telecom and IoT networks. With increased network dynamics and the explosion of connected devices, it has become difficult if not impossible to handle the amount of manual work. This not only increases the risk of human error, but also isolates threat intelligence and increases the risk of security breaches.

Data privacy and security are critical. This is especially true due to the importance of compliance to standards like ISO 27001, NIST and EU GDPR.1

To become the next-gen platform and fundamental enabler of the Networked Society and Industry 4.0, 5G networks must be built with data privacy and security as the cornerstones.

Towards more intelligent security management
To address these challenges, there is demand for security management solutions that are multi-layered, intelligent and automated. These solutions provide integrated security management functionality to protect, detect and respond. The journey towards intelligent security management involves these steps:

  1. Supporting dynamic networks through defined and repeatable processes for security policy automation and monitoring.
  2. Providing enhanced visibility for known and unknown threats via security analytics, enabling cognitive security.
  3. Combining dynamic and cognitive security and augmenting it with threat intelligence to create intelligent security management.

Making security management more intelligent
Intelligent security management contributes to the NIST Cybersecurity Framework by providing well-defined solutions for the most important functions:

  • Provide end-to-end visibility for business-related security risks and focus on the risks that matter.
  • Protect the business with automated security configuration of nodes based on industry standards and continuously monitor to ensure data privacy and security compliance.
  • Detect known and unknown threats through security analytics aided by machine learning and artificial intelligence.
  • Respond to threats effectively and efficiently with automated security workflows for faster incident response.

5G increases the importance of intelligent security management
Developed with security in mind from start, 5G will enable completely new use cases that will involve critical infrastructures and new actors. This drives up risk exposure. It therefore is important that communication service providers and enterprise customers can be assured that the infrastructure and services are trustworthy.

5G security standardization puts extensive security requirements on hardware and software. However, this alone is not sufficient to ensure that 5G services are trusted and secure. Communication service providers must also deploy and operate the services in a secure manner and put security management solutions in place to manage and monitor the trustworthiness of their networks. This ensures trust and security­ all the way from the hardware and software to the security functions themselves, and on through to security deployment and management.

Trust enabled by automated security management
Trust is fast becoming valuable currency in our interconnected world. Security management is all about trust, especially in the interconnected 5G world. Communication service providers and enterprise customers who want to succeed must address the lack of visibility and lack of control. Automation is paramount in overcoming these challenges and simplifying the management of security.

Securing a critical global infrastructure
5G is changing the world, and the world is changing quickly. Developing and implementing a sound 5G security management strategy is a business imperative. Communication service providers and enterprise customers who embrace adaptive, intelligent and automated security management solutions will be able to unlock the full potential of 5G while safeguarding their assets.

It’s time to get your house in order. There is no better time than the present.

The views and opinions expressed in this piece belong to the author and do not necessarily reflect those of the GSMA.

[1] ISO 27001 – International Standards Organization standard for information security management systems. It specifies requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization.
NIST – National Institute of Standards and Technology and its voluntary Cybersecurity Framework to manage standards, guidelines, and best practices to manage cybersecurity-related risk.
EU GDPR – The European Union General Data Protection Regulation support the right of EU citizens to protect of their personal data.

Related posts