Security and Cloud-Native Telco Transformation – It’s Not an Either/Or…

In telco operations and technology decision making, do you sometimes feel like you have to choose between security or a flexible, cloud-native 5G core? At times the debate and market messages can make you think that. But I would say it is quite the opposite, and here is why.

Cloud migration has been widely discussed as a technology foundation for telco transformation, often assuming it will go hand in hand with the introduction of 5G. Part of the discussion has concerned the security of cloud-native 5G core networks. “Hacking 5G is too easy” is something you hear people say from time to time, and they conclude that it is better to postpone migration to the cloud and instead keep using legacy infrastructure.

However, if you dig into what their criticism is really about, you will find that it is not 5G itself that is the problem. Cloud deployments and how attack surfaces increase with new use cases enabled by 5G are what cause concern. I fully confess these are worries that should be taken seriously, but they are addressable. More data, more applications, and a massive upswing in connected devices (think IoT use cases, for example) add complexity. As we all know, complexity tends to increase the risk of misconfiguration and, consequently, security holes. Many operators also lack thorough experience with cloud deployments which could further increase the risk of making mistakes -a concern for a risk-averse operations team.

But you can’t just ignore the need for operators to evolve, and cloud technology is the foundation for the telco transformation. It is not only about how you operate your networks, even though this may be reason alone, as a way to mitigate increased operational complexity (as noted by ABI Research and others). It is also about how you innovate and explore new business opportunities.

For most operators, capturing value beyond connectivity is not just an opportunity. Developing new services to explore new business opportunities and manage TCO, is necessary to stay profitable. These services will not be isolated from the rest of your operations, they integrate with your core network by utilizing connectivity, applying policies, authenticating users and devices, and sharing data with other applications, which means they need to be protected just as much as the rest of the network. Besides not compromising security in any way, they must not cost too many resources or too much time to develop, test, and explore to be feasible.

You can try this using vertically integrated, single-vendor, monolithic solutions, but that will be much harder and probably create more security issues for you than it solves. Dependencies on legacy hardware and software lead to additional vulnerabilities when security updates are lagging (or, worst case, lacking). Reporting and monitoring tools are less effective when confined to siloed solutions because it prevents them from adopting a holistic view. And instead of controlling your security agenda, you will be in the hands of the vendor to implement needed security solutions.

So, on the one hand, you have the promise of new services and revenue enabled by telco transformation. On the other hand, the same transformation causes new security issues. Does this mean you must choose between change or security? Can’t you have both?

It is not an either/or choice, you can have both. This is where the call to postpone migrating to the cloud and evolution is misguiding. The 5G service-based architecture (SBA) was designed on the premise that it would be open and extensible and deployed in the cloud. Any assumption that applications, processes, or data transfers would be safe was omitted. Security controls to mitigate this were put in place from the beginning when the 5G specifications were developed, making 5G the most secure mobile network generation of all time. (An overview of the security features enabled in 5G can be found here: GSMA | Securing the 5G Era – Security.)

Deploying 5G core networks in the cloud lets you realize its full potential without hard-to-manage legacy solutions. As with any other deployment model, the cloud infrastructure must be configured correctly not to leave security gaps. Cloud solutions are as secure as any other deployment option when done correctly. Most security issues in cloud deployments come from misconfigurations of the infrastructure (for example, Gartner says 99% of all cloud security failures are the customer’s fault), and this is where some operators’ lack of experience can become an issue. This is not something that cannot be overcome, the expertise is available, there is no lack of best practices, and the operators are quickly gaining the expertise they need for secure cloud migration.

The bottom line is that the telco transformation is inevitable. Here and now, the most secure option to enable change and lay the foundation to capture underserved customer segments, or monetize 5G use cases, is to start with a cloud-native 5G core. Good advice is to partner with vendors with expertise in cloud-native 5G core functions. Consider using cloud-native solutions from trusted vendors with experience and knowledge in building and deploying them.

You don’t have to choose between security and telco transformation!

Related insights

Enea in Forbes

5G Is A Network Security Threat Wake-Up Call For Operators And Regulators

Read more

Tags: 5G , 5G Security , Cybersecurity

How to Boost ZTNA Performance with Detailed Traffic Visibility

Read more

Tags: Cloud Security , Deep Packet Inspection , Qosmos ixEngine , SSE , Traffic Intelligence , ZTNA

Discover the 3 Hot Topics at RSA Conference 2023 with Enea

There will be 3 Hot Topics at RSA Conference 2023: Find Out What They Are and Why

Read more

Tags: Cloud Security , Deep Packet Inspection , Intrusion Detection , SASE , SD-WAN , SSE , Traffic Intelligence , ZTNA

How to Build Stronger SSE Solutions with Next Gen DPI

How to Build Stronger SSE Solutions with Next Gen DPI

Read more

Tags: Cloud Security , Deep Packet Inspection , SASE , SD-WAN , SSE , Traffic Intelligence , ZTNA

Rise of Zero-Trust and SASE Shines New Spotlight on Deep Packet Inspection (DPI) - Part 2

Rise of Zero-Trust and SASE Shines New Spotlight on Deep Packet Inspection (DPI) – Part 2

Read more

Tags: Cloud Security , Deep Packet Inspection , SASE , SSE , ZTNA