5G Americas, the voice of 5G and 4G LTE for the Americas, recently released its latest white paper, “Evolving 5G Security for the Cloud.” The white paper covered security threats, vulnerabilities and mitigations for 5G cloud infrastructure deployments as new services and use cases are developed.
Other topics covered included secure 5G deployments in hybrid cloud environments, evolving technologies for securing 5G cloud deployments, 5G supply chain security and secure deployment methods for roaming and Security Edge Protection Proxy (SEPP).
The report acknowledged that 5G security continues to improve as security controls, tools and standards evolve over an extended 5G ecosystem. Meanwhile, different cloud deployment models and architectures may impact 5G security when deploying core networks, edge computing, network slicing, or private networks, according to the white paper. Additionally, securing these networks will involve securing a 5G supply chain that includes software vendors and cloud service providers. That’s because the cloud potentially can introduce more supply chain risk due to virtualization, higher open-source software use and a larger variety of third-party vendors.
“Cloud-native 5G networks are important for our expanding ecosystem to efficiently provide new use cases,” said Chris Pearson, president of 5G Americas. “It is vital that 5G cloud infrastructures be built and configured securely with capabilities in place to detect and respond to cyberattacks, providing a hardened environment for deploying secure network functions.”
Security is foundational pillar for 5G networks
The interconnectedness of the world’s networks also potentially could expose the mobile network to additional risk and attack vectors, according to the white paper. More secure deployment methods and international standards from the Third Generation Partnership Project (3GPP) will allow Public Land Mobile Networks (PLMN) to interconnect to support roaming, without revealing confidential information to prevent fraud.
“Security is a foundational pillar for 5G networks,” said Scott Poretsky, Director of Security, North America, Network Product Solutions at Ericsson and 5G Americas working group leader. “As cloud and expanding multi-cloud environments proliferate, a stepwise approach to Zero Trust Architecture involves using existing security controls provided in 3GPP standards and implementing additional security controls to protect from cloud risks due to lateral movement, multi-tenancy, shared resources and hybrid cloud.”
“All aspects of security must be addressed with interconnected 5G and cloud deployments,” said Mike Barnes, Head of Product Security at Mavenir and 5G Americas working group leader for this paper. “A secure 5G cloud deployment should be built upon a secure 5G supply chain that includes software vendors and cloud service providers. This involves clear visibility to the full supply chain and implementation of comprehensive test, metrics, and audit processes.”
Download the “Evolving 5G Security for the Cloud” white paper here.
