The Voice of 5G & LTE for the Americas

Select a Language: Spanish | Portuguese

Evolving 5G Security for the Cloud

As 5G networks and cloud computing become increasingly intertwined, 5G security continues to progress with new technical features to face the expanded attack surfaces from both internal and external threats. 5G security continues to improve as security controls, tools, and standards evolve over an extended 5G ecosystem. Different cloud deployment models and architectures may impact 5G security when deploying core networks, edge computing, network slicing, or private networks. Securing these networks will involve securing a 5G supply chain that includes software vendors and cloud service providers, as the cloud can potentially introduce increased supply chain risk due to virtualization, increased use of open-source software, and a larger array of third-party vendors.

Additionally, the interconnectedness of the world’s networks could expose the mobile network to additional risk and attack vectors. More secure deployment methods and international standards from the Third Generation Partnership Project (3GPP) will allow Public Land Mobile Networks (PLMN) to interconnect for support of roaming, without revealing confidential information to prevent fraud.

“Evolving 5G Security for the Cloud” explores the following key topics:

  •  Introduction to risks and mitigation in 5G cloud deployments
  •  Secure 5G deployments in hybrid cloud environments (shared responsibility models & hybrid cloud deployments)
  • Evolving technologies for securing 5G cloud deployments (runtime security, confidential computing)
  • 5G supply chain security (software supply chain risks, software supply chain for the cloud and network equipment security assurance)
  • Secure deployment methods for roaming and Security Edge Protection Proxy (SEPP)

Mike Barnes, Head of Product Security at Mavenir and 5G Americas working group leader for this paper said, “All aspects of security must be addressed with interconnected 5G and cloud deployments. A secure 5G cloud deployment should be built upon a secure 5G supply chain that includes software vendors and cloud service providers. This involves clear visibility to the full supply chain and implementation of comprehensive test, metrics, and audit processes.”

Security is a foundational pillar for 5G networks. As cloud and expanding multi-cloud environments proliferate, a stepwise approach to Zero Trust Architecture involves using existing security controls provided in 3GPP standards and implement additional security controls.

Scott Poretsky, Director of Security, North America, Network Product Solutions, Ericsson & white paper co-lead

Executive Summary

Security is an important topic for the mobile communications industry as 5G enables new applications and use cases. The mobile communications industry continues to consider security as a foundational pillar for each generation of our technology. It is essential to continue the progress in security innovations as there are increasing threats from nation-state and other sophisticated actors threaten critical infrastructure and present material risks to mobile network operators (MNO) and their suppliers.

5G security continues to improve as security controls, tools, and standardization evolve and the 5G ecosystem extends to include the virtualized and cloud-based Radio Access Network (RAN). 5G evolution to cloud hosting for Radio Access Network (RAN) and Core deployments brings both additional security benefits and security risks. Cloud deployments present an expanded attack surface with internal and external threats to 5G networks, requiring a zero trust mindset to secure those networks.

While the MNO can delegate responsibility for security controls to the cloud service provider (CSP), the MNO is accountable for the security posture of the deployment. Hybrid Cloud deployments, such as Multi-Access Edge Compute (MEC), pose additional security risk due to the responsibilities retained by the MNO in the Cloud Shared Responsibility Model. The MNO is always responsible for configuration of CSP provided security controls, including firewalls and access management, data protection from exposure and leakage, and scheduling and execution of software patches and upgrades. The MNO must validate configurations, use secure versions of APIs and protocols, and assign least privilege to access workloads and data.

A secure 5G cloud deployment must be built upon a secure 5G supply chain that includes software vendors and cloud service providers. The cloud can potentially introduce increased supply chain risk due to virtualization, increased use of open-source software, and a larger array of third-party vendors. MNOs must ensure 5G software vendors implement secure software assurance with a shift-left philosophy that integrates security into the software development process, continuous integration/continuous delivery, and DevSecOps early in the software development lifecycle.

The Software Bill of Materials (SBOM) provides a comprehensive view of the third-party commercial and open-source components which are incorporated in a product. The SBOM can be utilized to identify known critical vulnerabilities inherited from third parties and affected products when new vulnerabilities emerge. The GSMA association’s Network Equipment Security Assurance Scheme (NESAS) assessment is a valuable tool to ensure the 5G software vendor is following industry best security practices. Third-party applications in the O-RAN ecosystem, called rApps and xApps, could introduce additional risk to the supply chain. The Service Management and Orchestration (SMO) platform vendor and MNO must practice due diligence to ensure rApps and xApps are trusted, securely on-boarded, and designed with proper security controls for integration into the ecosystem.

The cloud has great promise for 5G use cases, which can be realized when the software products have security built in and deployments are securely configured to establish a foundation for secure 5G use cases. A step-wise approach should be taken to achieve a Zero Trust Architecture for 5G deployments in the cloud so that network functions, interfaces, and data are protected from external and internal threats.

Curious about 5G?

Explore the wireless industry's latest topics in our white papers.

Evolving 5G Security for the Cloud

As 5G networks and cloud computing become increasingly intertwined, 5G security continues to progress with new technical features to face the expanded attack surfaces from both internal and external threats. 5G

Read More »

Commercializing 5G Network Slicing

5G network slicing enables businesses to enhance their network security, reliability, and flexibility needs by creating independent logical network slices on the same physical cellular wireless network infrastructure. The Network

Read More »

Sign up to receive our announcements