As 5G networks and cloud computing become increasingly intertwined, 5G security continues to progress with new technical features to face the expanded attack surfaces from both internal and external threats. 5G security continues to improve as security controls, tools, and standards evolve over an extended 5G ecosystem. Different cloud deployment models and architectures may impact 5G security when deploying core networks, edge computing, network slicing, or private networks. Securing these networks will involve securing a 5G supply chain that includes software vendors and cloud service providers, as the cloud can potentially introduce increased supply chain risk due to virtualization, increased use of open-source software, and a larger array of third-party vendors.
Additionally, the interconnectedness of the world’s networks could expose the mobile network to additional risk and attack vectors. More secure deployment methods and international standards from the Third Generation Partnership Project (3GPP) will allow Public Land Mobile Networks (PLMN) to interconnect for support of roaming, without revealing confidential information to prevent fraud.
“Evolving 5G Security for the Cloud” explores the following key topics:
- Introduction to risks and mitigation in 5G cloud deployments
- Secure 5G deployments in hybrid cloud environments (shared responsibility models & hybrid cloud deployments)
- Evolving technologies for securing 5G cloud deployments (runtime security, confidential computing)
- 5G supply chain security (software supply chain risks, software supply chain for the cloud and network equipment security assurance)
- Secure deployment methods for roaming and Security Edge Protection Proxy (SEPP)
Mike Barnes, Head of Product Security at Mavenir and 5G Americas working group leader for this paper said, “All aspects of security must be addressed with interconnected 5G and cloud deployments. A secure 5G cloud deployment should be built upon a secure 5G supply chain that includes software vendors and cloud service providers. This involves clear visibility to the full supply chain and implementation of comprehensive test, metrics, and audit processes.”