Making the Leap to 5G without CompromisesDecember 21, 2020 No Comments
Featured article by Brian Trzupek, SVP of Emerging Markets at DigiCert
After years of anticipation, 5G is coming of age in 2020. Gartner anticipates total investment in 5G is expected to nearly double in this year, reaching a total of about $8.1 billion. Even with headwinds from the pandemic, the growth is expected to continue, especially among communications service providers (CSPs).
“Early 5G adopters are driving greater competition among CSPs,” said Kosei Takiishi, senior research director at Gartner. “In addition, governments and regulators are fostering mobile network development and betting that it will be a catalyst and multiplier for widespread economic growth across many industries.”
Changing mindsets for changing architectures
To differentiate themselves and take advantage of improved performance, innovation, and flexibility, CSPs are moving toward more 5G architectures built around nimble DevOps principles. However, migrating from 4G technologies to 5G requires some fundamental changes and strong, scalable, flexible security, such as that provided by Public Key Infrastructure (PKI) and modern platforms to manage digital certificates in large volumes.
4G architectures are primarily physical environments with primitive authentication techniques, minimal use of cryptography, and, in some cases, pre-shared keys. These traditional infrastructures are capital-intensive to scale and are inefficient and inflexible, slowing delivery of new services and time to market.
In contrast, 5G infrastructures were created with a highly flexible approach in mind. These 5G environments are virtualized, dynamically scalable, and enable unparalleled business agility and smooth scalability. However, although 4G and 5G architectures have important differences, security and compliance remain a constant concern.
Emerging threats and familiar challenges
One of the most attractive qualities of 5G is its enhanced bandwidth and ability to accommodate massive numbers of devices for IoT and other use cases. However, more connected devices also mean additional attack vectors. According to Nokia, IoT devices are one of the most-attacked types of hardware, with more than 78 percent of malware events on CSP networks focusing on these devices.
Compliance is another driver for security. Maintaining the integrity of their data and operations is always top of mind for any organization, and any breach can not only put a CSP’s infrastructure at risk but jeopardize customer communications and data as well. Service providers also face specific government compliance requirements. For example, under a lawful intercept decree, a CSP must be prepared to provide data to law enforcement if served with a Foreign Intelligence Surveillance Act (“FISA”) order or other legal requests. That means they need to be certain that the system capturing the relevant information must maintain data integrity. They require strong authentication, integrity of operation and secure transport. Because 5G environments will be heavily software-based, its foundation creates distinct challenges as well.
“Because of the cyber vulnerabilities of software, the tougher part of the real 5G ‘race’ is to retool how we secure the most important network of the 21st century and the ecosystem of devices and applications that sprout from the network,” said Tom Wheeler, Visiting Fellow, Governance Studies at the Center for Technology Innovation.
To support their 5G transformation, telecommunications providers require security solutions and platforms built from the ground up for modern, dynamic business models. Their security must ensure operational integrity to help CSPs meet compliance requirements and legal mandates. They also require robust authentication across on-premises and cloud environments, and the ability to perform at scale on some of the most expansive networks in the world.
Securing through identity at scale
Establishing identity is fundamental to trust and effective security and PKI is a proven technology that enables large-scale device authentication, integrity and reliable encryption for an extremely high level of trust.
PKI certificates also provide a significant level of control. Administrators can set expiration dates or revoke access to users and devices at any time. With a robust device manager, organizations can provision and embed device identity at any stage of the device lifecycle, across a wide range of environments. They can handle device identity, authentication, encryption and integrity with a single click, and marry device data visualization with cryptographic, manufacturing and factory process data. An effective management platform for modern PKI should offer:
- Robust IoT security, establishing a root of trust through PKI for authentication, encryption, and data integrity. An effective identity management tool will enable organizations to assign and manage device identity in large or small volumes at any stage of the lifecycle. It should also deliver thorough visibility over certificates issued to devices.
- Support for broad operational integrity to meet compliance requirements and legal mandates. An effective management platform can support a rich integration of tools that may have been unable to integrate or share information with one another under earlier architectures. This provides an opportunity for organizations to gain additional insight and value to support device management bringing together disparate metadata from a variety of sources.
- Scalability for 5G environments, supporting a wide of certificate management protocols including RESTful API, EST, CMPv2, and EST.
There’s no question that the 5G revolution is here to stay. For CSPs that can successfully migrate their environments to the new standard, 5G is setting the stage for ongoing market opportunity for years to come. Now is the time to ensure that organizations making the leap will minimize risks to stay secure and compliant, to take full advantage of the potential of 5G without compromises. Using a modern PKI platform is essential to ensuring this security can occur with the scalability, trust and speed to deployment needed for the 5G cloud.
About the Author
Brian Trzupek is SVP of Emerging Markets at DigiCert. A crypto and security tech by day and night, Brian brings nearly two decades of expertise on many security subjects to the team. He’s constantly innovating use cases for enterprise PKI.DATA and ANALYTICS , SECURITY