April 2019 | SansSQL

Tuesday, April 9, 2019

Best Security Practice In An Era of 5G and Cloud Platforms - A guest Post by Ralf Llanasas

Greater potential brings greater security responsibilities

The real world application of 5G is bound to trigger security issues that might not be evident in labs and test beds. As 5G promises customers, businesses, and service providers unparalleled potentials, so too does it hold unparalleled security lapses that will give way to cyber-attacks.

5G will envelop a vast array of technology platforms, from mobile devices to WiFi, Bluetooth, IoT infrastructures, etc., and security provisions need to cater to all of these. The technology’s low to zero latency also improves cloud performance, driving more industries, devices, and applications to become even more cloud dependent, if not completely.

An increasing number of functionalities across various industries are migrating to the cloud
More applications, more loopholes

A number of studies have recently raised red flags over 5G security gaps yet to be resolved. One such is the UK Government’s 5G Testbeds and Trials program conducted in collaboration with the University of Surrey’s 5G Innovation Center and three ongoing testbed programs -- AutoAir, 5G RuralFirst, and Worchestershire 5G.

Peter Claydon, project director of AutoAir, states that, “Since the age of 2G, mobile networks have been some of the most secure things on the planet, helped by the fact that each one is controlled by a single network operator.” He points out that this is different with 5G because the technology “opens up mobile networks allowing network operators to provide ‘slices’ of their networks to customers.” The result of such a scenario is therefore more open entry points for attacks.

In another similar study conducted by a team of researchers from the Technical University in Berlin, ETH Zurich, and SINTEF Digital Norway, it was found that 5G opens up glaring security lapses in Authentication and Key Agreement (AKA). AKA provides a security protocol used by phones to securely communicate with mobile networks. These security lapses in AKA over the 5G airwaves can allow cybercriminals to intercept calls and text messages on phones, as well as steal other sensitive data.

These studies, along with many others, have led to insights on the best security practices in an era of 5G and cloud computing. Before determining solutions, however, its best to zero in on what exactly the key challenges of 5G are.

Key security challenges

5G introduces a fundamental change in the relationship between networks, human machine interface, and end users. The key security challenges that attend such a reconfiguration include:
  • Exposure of critical facilities: With IoT networks woven through facilities such as power grids, elevators, door locks, water systems, autonomous vehicles, etc., 5G exposes our critical infrastructures to unprecedented risks.
  • Workload migration: Migration of workloads to 5G edge-computing exposes businesses to the combined risks of endpoint computing and cloud computing, given that the businesses need to monitor thousands of computing nodes in the process.
  • Hybrid computing eroding perimeters: With 5G, the idea of the perimeter as IT professionals know it, has been turned on its head. On 5G, different wireless networks will converge, and several aspects of business processes, health care, and the everyday lives of individuals will be locked into a system of hybrid computing where massive amounts of data are harvested to monitor and optimize odds and ends functionality.

Best Security Practices for the New Industrial Era


Some key target areas for security solutions
5G applications

The best way to address these security challenges is through unrelenting efforts from the onset, rather than waiting until these issues snowball into serious problems. With the lessons learned from the implementation of previous generations of wireless networks, businesses can put adequate preemptive measures in place to tackle these challenges. 

The difference, though, lies in what’s going to be increasing reliance on cloud platforms and 5G’s ‘slices’ of networks phenomenon. These expose loopholes, but they can be plugged to some extent with the right security practices.

The following is a rundown of some best practices for the new industrial era, where cloud platforms have become so significant:
  • Threat intelligence upgrades: This can serve both in risk mitigation and damage control. It can help prevent new attacks from recurring, and can also help prepare for threats as they evolve. It entails leveraging on Machine Learning and AI, and replacing traditional security architectures with more advanced security products.
  • Segmenting networks: Businesses can mitigate the cyber security risks which their critical resources are exposed to by using effective strategies to segment devices, apps, workflow and transactions.
  • Deploying compatible solutions: Putting together only solutions that are compatible with each other not only helps avoid further complications down the line, but also allows for the collection of data that can easily be used to identify and address risks across various parts of an organization.
  • Reinforcing access control: With more people and devices accessing 5G airwaves, businesses need to deploy a zero-trust principle where every single request for network access is thoroughly validated and authenticated.
  • Deploying MSSPs: Managed Security Service Providers (MSSP) give businesses a highly efficient and cost-effective option for outsourcing their 5G security responsibilities.
Final Words
5G and cloud computing is set to generate a new wave of innovation, taking productivity to new dimensions across various industries. The low to zero latency of the fifth generation mobile network technology enables a wide range of devices to stand alone, where previous networks caused them to remain tethered to other devices. This standalone capability is a result of cloud platforms, as most applications will be cloud dependent. 

However, this also takes cyber security threats to new heights, and businesses need to embrace the prospects of 5G with cautious optimism. By implementing the best security practices outlined above, businesses can position themselves to reap the tremendous benefits of 5G without exposing their assets to a slew of cyber threats.

About Ralf Llanasas
Ralf is a technology blogger, he writes about the latest mobile phones and technology news. He currently works at Whatphone.com.au as a content manager and his writings can be seen on various technology blogs. He also loves taking pictures when free.

Ads