Article by Yaniv Hoffman, vice president of technology at Radware.
While the rapid advancement of 5G communications offers comprehensive benefits to communications service providers (CSPs), the new technology also presents challenges in terms of security and cost.
CSPs are entering a new phase of network cloudification to transform their network infrastructure. This technological transformation will capitalize on the virtualization of network functions, software-defined networking and artificial intelligence.
Their strategy for capturing new growth is also evolving. Future growth is driven by the shift to virtualization of mobile core networks in response to the growth of user data, increasing adoption of IoT devices, new 5G activities and complex networks.
Cloudification of the network offers CSPS several important business advantages:
- Capital expenditure benefits from better use of solutions on general-purpose equipment.
- Operating expenses benefit from reduced manpower and operational efficiency through automation, agility and scalability in the cloud.
- Value-added services leverage cloud platforms to enable new services and revenue streams.
The initial goals of the cloud were to decouple growth from costs and quickly deliver new services. CSPs have done this in 4G environments by turning network elements into large virtual network functions.
These functions were too big and not cost effective. Additionally, their use of legacy operations made networks difficult to deploy, scale, and maintain. These challenges will multiply in the 5G environment.
CSPs understand they need to move to cloud native to deliver business agility in new, rapidly integrated applications. The scale of 5G opens the door to more devices and a diverse range of services, making it difficult to track legacy operations.
Benefits of cloud native
More CSPs are partnering with cloud providers to accelerate the 5G transformation journey, which offers benefits such as fully automated deployments, ease of management, and cloud workload orchestration. hybrid. The transformation provides deployment flexibility for demand-driven network growth, reducing manual oversight.
High-level cloud partnerships demonstrate some of the benefits of 5G. These include:
Microsoft Azure – Microsoft acquired Affirmed Networks (network virtualization supplier specializing in vEPC and v5GC). The partnership enabled Microsoft to produce Azure for Operators: a suite of products with Azure network and cloud infrastructure, network virtualization and cloud applications.
AT&T – At the end of June, AT&T announced the move of its 5G mobile network to the Microsoft cloud. This strategic alliance provides a path for all AT&T mobile network traffic to be managed using Microsoft Azure technologies. Both companies will start with AT & T’s 5G core, which connects mobile users and IoT devices to the internet and other services.
Nokia and Google – In January, Google Cloud and Nokia announced that they would jointly develop cloud-native 5G core solutions for CSPs and enterprise customers. The new partnership will provide cloud capabilities at the edge of the network.
Cisco and Altiostar – They have teamed up to create plans to accelerate deployments of OpenRAN 4G / 5G solutions on service provider networks.
Vodafone and Verizon – They have partnered with AWS to explore cutting edge computing opportunities.
VMware has entered the telecommunications industry with more updates to its cloud-based telecommunications platform, including support for Open RAN.
Due to its distributed nature, the deployment of 5G network infrastructure differs significantly from previous generations of mobile networks. CSPs face new challenges in moving from a component-based topology to a service-based network.
For example, before 5G, mobile radio access and core networks consisted of isolable network elements with specific tasks. In 4G networks, a virtual evolved packet core (EPC) in the network has emerged.
5G goes one step further by transforming all network components into software-based virtual microservice elements deployed in various locations.
The software-based microservices architecture enables network slicing. This includes the ability to isolate different services, each with their own settings, configuration, and security policies, all on a single piece of hardware.
The 5G network should be designed to support multiple, slice-separated security policies on individual network components. The more slices, the more microservices in the network that are exposed to the Internet.
Traditional security methods with predefined rules, thresholds, and manual configuration will not work in a 5G environment. Service providers need to automate operations and have a scalable infrastructure to manage policies, which requires DevOps capabilities. All security tools must be automated for integration and deployment.
5G networks introduce new traffic models oriented east / west towards applications. Therefore, it is necessary to inspect the egress traffic. The number of inspection points increases dramatically from peering points and traffic to edge compute points.
CSPs should consider the following unique security threats when planning to protect 5G networks:
- In protecting the edge of the network, several types of edge (breaks) and mesh significantly increase the exposure.
- Outbound attacks include IoT botnets and attacks at the edge of the network.
- Inbound attacks include flooding from the public cloud and the Internet, as well as attacks on basic network services.
- Network Gateway attacks are based on Burst, IoT, BOT, API, DNS and SSL attacks, which increases complexity and impacts infrastructure and API gateways.
- Network slicing occurs when each slice has its own threat risk which requires per slice security policies and a consistent defensive strategy across all slices. The basic security infrastructure of the mobile edge and the assurance of 5G uptime also need to be protected.
- Attacks against multiple access edge computing components include targeting service capacity and mobility management entities. Defenses must prevent failure of network resources.
- Outbound attacks to external servers from IoT devices are also a risk. IT needs to prevent network reputation risk, while infections targeted at narrowband IoT devices also need protection to prevent botnets from infecting IoT devices.
- The edge of the public / private cloud needs to be protected. Shifting some areas of the workload to the public cloud introduces new security concerns for service provider networks with additional changes in microservice environments and cloud native networking functionality.
To counter the ever-evolving attacks from cybercriminals, organizations must include WAF / API protection for their cloud native environments in their defensive arsenal.