The 5G era is brimming with new opportunities, opened up by enabling high throughput ultra-low latency and massive machine type communication use cases. As the networks transition from proprietary to software-centric based on open source and open architecture to meet these needs, new security risks are being introduced.
Almost ten years on from the launch of 4G, 5G will be the first cellular generation to launch in the era of global cybercrime. This cybercrime activity is heavily funded by organised crime and nation states. This is an era in which software that has contributed so much to driving the digital economy over the last ten years, is also routinely being weaponised to steal, expose, compromise or block access to data whether it is at rest or in motion.
So while telecom operators and enterprises certainly look to the 5G ecosystem of network equipment providers, cloud providers, vendors and systems integrators to help realise the opportunities of 5G, they also expect guidance from that same ecosystem around how to understand and mitigate any new risks that the 5G architecture may pose to their data security posture.
1. Core network: with the new Core Network, each network function no longer resides in its own isolated, secure hardware. Instead it now resides in software as a Virtual Network Function (VNF) or Cloud-native Network Function (CNF) running on shared virtualised infrastructure with other VNFs/CNFs and applications.
2. Multi-Access Edge Compute (MEC): brings application hosting from centralised data centres down to the network edge, to address low latency and bandwidth. These new services are expected to address a wide variety of verticals including healthcare, manufacturing, retail and media/entertainment.
3. Backhaul/fronthaul/mid-haul: is the part of the network that links the RAN components, the core network and the small subnetworks at the edge of the network. These now need to support high throughput and low-latency data transfer.
4. Subscriber Authentication and Privacy: with new capabilities such as network slicing, Mobile Network Operators need to provide high assurance subscriber authentication and 5G subscriber privacy (SUPI/SUCI) services.
5. Management layer: OSS / BSS: Operations Support System, covers Order Management, Network Inventory Management and Network Operations, while the Business Support System (BSS) primarily consists of Order Capture, Customer Relationship Management and Billing. These systems managing sensitive data are expected to evolve to support 5G networks.
When the 5 key components are left unprotected, the underlying infrastructure, sensitive operations and copious amounts of sensitive data processed are at risk. Thales security portfolio can help address these risks.
With 5G networks being built on software based paradigms, the need for a Root of Trust (RoT) to ensure security from the infrastructure layer to the application layer is an important factor to consider. Additionally, utilising Luna HSMs for PKI-based infrastructure security can future-proof your deployments with post-quantum crypto-agility.
In parallel, the need for high assurance security for subscriber privacy and authentication is expected to grow along with the adoption of network slices for enterprises/industry verticals. Luna HSMs can be leveraged to ensure high-assurance security & audit compliance for:
Given the need for 5G networks to meet ultra-low latency and high throughput requirements from cell sites to the edge and core, securing data in motion can be quite a challenge. Thales HSE, with its flexible and easy to manage interface, can secure data in motion for the mobile backhaul with the following capabilities:
With 5G, different types of data will be processed at locations from edge to the network core. Ensuring sensitive data security while minimising impact on time to market is key. CipherTrust Transparent Encryption can help as it can ensure granular access control on sensitive data without the need to modify any applications. It can be leveraged to:
While encryption ensures data security, crypto key management is an essential element of the overall solution. Leverage CipherTrust Manager for software-based centralised crypto key lifecycle management. MNOs could benefit from centralised key lifecycle management and visibility to meet internal/external compliance requirements while building out core or edge networks for the following integrations:
Due to the way in which these modern networks are being built, protection need to be baked into the network and made available to enterprises to give them the foundation of trust they need to unlock high levels of investment in new 5G use cases.
Thales Cloud Protection and Licensing is working with Telcos, Solution Integrators and Network Equipment Providers to help build trusted 5G networks. Contact us to discuss how Thales is working collaboratively with its partner ecosystem to enable the value of 5G in trusted architecture.
5G promises to be rich in new business models for users and the ecosystem key players (telecom operators, network & cloud vendors, system integrators…). Some of the requirements that exciting new 5G use cases impose on the storage, compute and network domains introduce...
Today, the volume of enterprise data is exploding across industries. We talk about petabytes, and even exabytes, of data strewn across data centers, file shares, databases, cloud storage and backups. However, few organizations have the necessary visibility into their sensitive...
Secure your sensitive data and critical applications by storing, protecting and managing your cryptographic keys in Thales Luna Network Hardware Security Modules (HSMs) - high-assurance, tamper-resistant, network-attached appliances offering market-leading performance.
CipherTrust Manager enables organizations to centrally manage encryption keys for Thales CipherTrust Data Securiy Platform and third party products. It simplifies key lifecycle management tasks, including secure key generation, backup/restore, clustering, deactivation, and...
In today's digital world, enterprise and government are in a state of flux. Organizations are optimizing by taking workloads to the cloud, or forging ahead transforming, taking advantage of a wide variety of emerging technologies. They are revisiting their strategies due to...
Today’s networks are an interconnected menagerie of diverse mediums. Copper, Fibre, WiFi, Satellite and LTE are just a few examples of the diverse paths that data packets can travel through on the way to their final destination. Beyond these wired and wireless links, there are...
5G networks have unique requirements for both security and performance. From signaling and control plane data to the enduser experience, efficient use of bandwidth, low latency, and low jitter are non-negotiable mandates. 25-year-old security solutions, such as IPsec and VPN,...