While some enterprises appear to be getting an early jump on the security implications of 5G, many are struggling with the implications to the business and the changing security model.
This is based on a survey AT&T Cybersecurity conducted with 451 Research of 704 cybersecurity professionals in North America, India, Australia and UK in August - September 2019. Participating organizations spanned 13 industry verticals and each had more than 500 employees.
Here are excerpts from those surveyed in the AT&T Cybersecurity Insights on their progress in making security changes required by 5G:
Timeframe to implement security changes
5G is more than an increase in speed – it’s not a “faster 4G". It provides new features such as network slicing, which allows for isolated domains for traffic. 5G service providers can assign slices to users with customizable quality of service and bandwidth.
Sporting innovative built-in security measures, 5G can allow for stronger over-the-air encryption, subscriber identity protection and reduced risk of eavesdropping.
At AT&T, we believe that 5G will encourage a shared security model akin to the public cloud. The beauty of this is it shifts some security functions to the 5G service provider, freeing up enterprises from some concerns. The anticipated shared security model of 5G does require security pros to think differently, which will take time. However, in the end the shifting of some security functions to the 5G service provider may provide great benefits for enterprises.
With the large number of devices associated with 5G, authentication and identity need to be considered in the scope of security, similar to the public cloud. The 5G service provider can help confirm device identity as well, because the network will know a device’s physical location. In a way, the 5G service provider uses the network itself as a security tool.
Introducing 5G networking impacts many technical areas, but also provides an opportunity and motivation to modernize security approaches. Software Defined Network (SDN) and virtualization technologies should be considered by enterprises preparing for 5G due to its sheer scale. In parallel, security should be virtualized and automated.
From the survey we learned the top security concerns cited were due to the increased attack surface. Have a look at what companies had to say:
Top 3 security concerns
Conclusion
5G has the potential to bring significantly more devices onto the network, expanding the attack surfaces and increasing the possibility of new threats. Security organizations relying on manual security approaches likely will have a hard time keeping up. Security that is dynamic and automated will be able to quickly and effectively address the new security threats of 5G networks, and virtualization can help provide flexibility to respond to unknown future threats.
The research in this report reveals that organizations should do more to prepare their cybersecurity practices for 5G. Preparations that should be made include security virtualization, automation, and SDN, enhanced measures for identity and authentication, and planning for a shared security model. Be proactive and improve your security posture now, while 5G is still in its early stages of deployment and adoption.
Read the whole report.
Author Theresa Lanowitz is head of evangelism and communications at AT&T Cybersecurity. Read more AT&T Cybersecurity blogs here.