Let’s face it. Regardless of whether you work for a service provider (SP), equipment vendor or analyst firm, very little has gone according to plan during the first half of 2020. And unfortunately, for many of us, the second half of this year doesn’t promise a return to full-on normalcy.
But if there has been one important anecdotal takeaway from all this, it’s that mobile technologies such as 5G that deliver superior connectivity performance are now even more important. And this is why a number of SPs, including Tier 1s such as Verizon, are accelerating 5G rollouts to meet higher network demand.
As a result, there continues to be a sharp focus on deploying 5G core (5GC) networks, which also brings a myriad of security considerations to the forefront. In response, SPs must reconsider how they deliver a complete suite of security services that encompass signaling security, enterprise security services, and even Internet of Things (IoT) and multi-access edge computing (MEC) services. The key question here is: How does this affect SP 5G security strategies that were developed some 18-12 months ago?
To address this question, I looked back at a comprehensive 5G Security Market Leadership Study (MLS) that Heavy Reading conducted in 2019. The first question that needed to be addressed is what SPs’ commercial launch security priorities were before “social distancing.”
APIs, MEC and IoT Move into Focus
As Figure 1 shows, the input from SP respondents confirmed that their initial commercial launch priorities in 2019 were strongly tied to 5GC and New Radio (NR) adoption. Of these, the top three areas of focus were the following:
- Core network signaling (47%)
- Cloud RAN fronthaul and backhaul (44%)
- Core network services (35%)
Looking to 2020, SP priorities were highest around application programming interface (API) exposure and third-party apps (48%), MEC edge services (43%) and IoT (46% and 39%, respectively). This makes sense given SPs’ current focus on driving new revenue from these 5G offerings and partnering with cloud service providers: Telefónica and Google Cloud, Verizon and MS Azure, and AT&T and Amazon Web Services (AWS), to name a few.
Figure 1: Implementing 5G security use cases
Question: When do you expect to support the following 5G security capabilities? (n=99-102)
Source: Heavy Reading
While the initial 5G uses cases from 2019 may have temporarily slowed, other new use cases such as third-party contact tracing apps, M2M automation, healthcare IoT, and others have emerged overnight that are also well-suited to the programmable, low latency performance characteristics of 5GC networks. In return, this means SPs’ managed security services will continue to encounter strong demand from enterprise customers (wherever they work).
This shift in use cases has also reinforced the importance of augmenting managed security services with automation. In some ways, automation is the only practical, repeatable way to secure these applications in real time with the required speed and low latency.
API, MEC and IoT Security is a Gap
In the 2019 MLS, Heavy Reading sampled respondents’ ability to secure the 5G user plane. As Figure 2 illustrates, typically about half of the respondents (42%-55%) are “confident” in their abilities. Traditional network areas, such as core network security-based services, attained the highest level of “extremely confident” responses (29% and 27%). However, response rates for IoT, MEC and API security services were considerably lower, falling into the 13%-9% range.
For these same use cases, the rate of “somewhat confident” and “not confident” responses translated into as many as 4 out of 10 CSPs with limited or zero confidence in their ability to secure strategically important 5G IoT-, MEC- or API-based security use cases that will be supported by a 5GC. These results indicate that there is a gap between confidence levels in the ability to secure key application priorities like IoT, MEC and APIs and current SP capabilities in 2020.
Figure 2: Securing the 5G control plane
Question: How confident are you in your ability to secure the 5G control plane to support the following 5G use cases? (n=98-101)
Source: Heavy Reading
Heavy Reading believes the lower confidence levels for 5G IoT, MEC and API exposure security use cases can be addressed only through the implementation of automated security services.
It is clear that the current world challenges are very much a human struggle. But it’s also clear at this virtual-centric point in time that powerful technologies such as 5G — coupled with automated security services and highly intelligent devices — will be vital components in raising confidence levels that services and networks can be fully secured in the post-pandemic world.
For more information on this topic, watch Light Reading’s archived Current Security Case Studies in 5G/IoT and MSSP webinar.