5G: improving network security end to end

The roll-out of 5G across the country could be considered one of the most highly anticipated technology advancements in recent memory. While many are focused on the advantages for consumers, organizations are also poised to reap the benefits. However, despite all the fanfare regarding next-generation cellular performance and low latency, there are still some who are concerned about whether 5G for business will meet all the security requirements of modern enterprise networking.

In actuality, cellular-enabled Wireless WAN (WWAN) has been capable of enterprise-grade security at the network’s edge for many years. Additionally, 5G is perhaps even more secure than 4G has been, given new developments at the network core level.  

Improving security at the network level: from 4G to 5G

The opportunity to improve security arises with each new generation of cellular technology generation. In particular, 5G has brought several key changes:

  • New authentication framework: With the 5G protocol, a new authentication framework has been introduced. This is based upon a well-established and widely used IT protocol called extensible authentication protocol (EAP) that is open, network agnostic, and more secure.
  • Enhanced subscriber privacy: 5G offers privacy improvements against attacks that occur when a false base station pages the user equipment to tell it to come out of idle. In 5G, the International Mobile Subscriber Identity (IMSI) is not used in paging, there is less text exchanged, and the network performs analytics on the radio environment, detecting anomalous base stations. 
  • Improved core network agility and security: The 5G network core moves to a Service-Based Architecture (SBA). This is delivered by a set of interconnected Network Functions (NFs), with authorization to access each other’s services. An SBA allows for plug-and-play software, agile programming and network slicing, which streamline operations and support greater innovation.  
  • Extended roaming security: The 5G standard presents enhanced interconnect security between network operators, centred on a network function called Security Edge Protection Proxy (SEPP). SEPP sits at the edge of each network operator’s 5G network; each operator’s SEPP is authenticated, and application layer security protects traffic. 
  • Advanced integrity protection of the user plane: The 5G standard introduces a new feature that protects the user plane traffic between a device and cellular tower, aiming to alleviate high-level, man-in-the-middle attacks that interfere with unprotected, sensitive over-the-air user plane information. 

Cellular broadband security at the network edge  

While companies will continue using the advanced network security tactics they’ve been using with wired and 4G broadband at the network edge, now is the time for them to consider following 5G-related technologies:

Private 5G networks: Organizations with large areas requiring secure LAN-like connectivity can deploy their own Private Cellular Network (PCN). Companies can control their own  PCNs by implementing localized micro towers and small cells — similar to access points. It’s comparable to a scaled-down version of a public network, except you control quality of service as well as the security. 

5G is the first cellular network specification to truly embrace virtualization, offering significant cost savings for implementing otherwise expensive physical network cores. 

Network slicing: The reliability, speeds and low latency of 5G can only be balanced if the components of the network are sharing the right information with the appropriate Virtual Network Functions (VNFs). This is realized via network slicing within the SBA. 

Consider how cloud computing has shifted to containerization and VNFs; similar to this, the 5G core is moving to this model and building microservices contained within security groups, or slices, that work to achieve the promises made for specific traffic based on its quality of service markings (Single-Network Slice Selection Assistance Information, or S-NSSAI).   

Network slicing allows carriers to offer network services that are tailored to the unique needs of each organization. At the same time, it provides companies with the ability to select the level of security that is right for each use case.

Securing wired and wireless networking  

If network security professionals have not installed new and adapting security protocols to protect their traditional wired network, now’s the time to implement these security architectures to secure both wired and wireless endpoints.

Zero Trust Network Access (ZTNA): ZTNA is a security concept  that assumes anyone who is trying to access either a network or application is a malicious actor — and someone who will need to be verified constantly. It uses an adaptive verification policy on a per-session basis that is able to take into account things including the user’s device, location, identity, time and date of request, as well as any usage patterns that were previously observed.

The rapid growth of the internet of things (IoT) and other connected use cases mean organizations will need to be more diligent and remotely control authentication and identification of devices and the flow of data between them. With that in mind, ZTNA will be a key component of 5G security at the network’s edge.

Secure Access Service Edge (SASE): With so much data now headed to the cloud, most security services reside there, too. Combining network and security functions, SASE is a cloud-delivered security model in which traffic is encrypted and directed to a cloud service where a complex stack of security technologies is applied.  

Canadian companies are poised to roll out 5G connectivity for a range of applications, if they have not already. Mining, retail and foodservice pop-ups, widespread branch offices, vehicles and more – all of these organizations can improve their ability to scale safely and quickly through the deployment of cloud-manageable wireless edge routers and security layers in a cohesive manner. WWAN and SASE fit perfectly at the distributed edge. 

The augmented edge-to-core security capabilities of 5G — in addition to today’s edge-to-cloud security technologies such as SASE and ZTNA — will enable organizations to embrace 5G while improving their end-to-end security posture significantly. 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Jason Falovo
Jason Falovo
Jason Falovo is Vice President and General Manager, Canada at Cradlepoint, a global leader in cloud-delivered LTE and 5G wireless network edge solutions.

Featured Download

IT World Canada in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Latest Blogs

Senior Contributor Spotlight