Security Experts:

5G Myth Busting: Unpacking the Cybersecurity Risks and Realities

When 5G was formally announced in 2018, it came with promises of changing the face of wireless connectivity – those promises are finally being realized. Around the world, wireless carriers are switching on functionality and, in both the U.S. and the UK, all major vendors have enabled it. But for now, 5G is only available in major urban areas, such as London, Edinburgh, New York and San Francisco. Though it is not generally available yet, it continues to be rolled out.

Most of the public visibility that 5G gets is from the consumer space – we all want to download funny/cute animal videos faster – but this is only one of many possible use cases. The full potential of 5G lies in enterprise adoption of this technology. Moving files, accessing applications and data in the cloud, electronic communication and more will all be possible at speed, without needing to find a Wi-Fi hotspot. Additionally, this means the rich analytics that can be gathered from these activities will feed machine learning technology that drives improvements and efficiencies to reduce costs, improve business outcomes and provide a better customer experience.

The benefits that enterprises and industries will realize from 5G are not entirely known and only starting to come to fruition. Remote offices could be fully connected using 5G technology, with no need for expensive fibre to be wired into a remote site. Better still, 5G will bring speed, performance and efficiency improvements. This has the potential to simplify site rollouts and reduce support costs, while providing a high-quality service. 5G will also drive innovation. For example, see this video of the Vodafone 5G connected crane, which can be operated from miles away. This gives us a preliminary glimpse of what’s possible. 

As with any technological innovation, there is considerable risk. Adoption of 5G not only exposes potential new attack surfaces, but given execution happens at super-speed, it also changes the required nature of any defense. A poorly designed application, producing large amounts of data and running across an exponentially growing number of different endpoints, creates a complex environment where security needs to be flexible, clear and enforceable. This is especially true at the edge of the network where the device density will be the greatest – potentially up to 1,000,000 connected devices per 0.38 square miles, compared to just 2,000 in the same area for 4G.

What can be done to better prepare for 5G, as it rolls out over the next year or two? For most enterprises, the security foundations will already be in place, having been considered due to recent high-profile attacks and breaches but also implementation of data-protection and governance regulations globally. This means that, as a collective, we are at a good starting point to consider 5G security. Here are some recommendations to guide enterprises, as 5G becomes a reality for all:

• Unify security policies to simplify and improve management of security. Not only will IT teams be managing security and non-security endpoints, along with physical, virtual and cloud-based workloads, but also a whole range of new endpoint types at the edge of the network that may or may not have embedded security. In order to maintain a strong posture in this complex environment, unified security policies will be essential. This approach allows for common based policies to provide security to all endpoints while enabling layered security policies that can apply different settings automatically, based on the type, status or location of an endpoint or workload.

• Ensure that data protection is in place. This is already top of mind for enterprises, due to the visibility driven by EU-GDPR. However, when looking at data protection, consider it as a competitive advantage or business benefit rather than a regulatory challenge. 5G means that more devices will be online, processing more data. Getting ahead with data protection at this stage will instil confidence in customers and employees, which over time can be a revenue-generating benefit.

• Design a zero-trust security model to effectively mitigate risk at the scale of a 5G network. At its core, a zero-trust model is based around access to data. As such, it requires every access request to be fully verified, validated and authenticated, each time a new request is made. This means that zero-trust models can recognize and allow a user to access data in their office, but also when they try to access the same data from a coffee shop or lounge. Therefore, entry can be changed or restricted.

5G is going to be a valuable business asset, providing new opportunities to do business on a truly ‘wherever and whenever’ basis. Despite new cybersecurity challenges, there are viable strategies for enterprises to mitigate these risks. The positive impacts from 5G adoption, when a strong security posture is also developed, can certainly outweigh the risks.

view counter
Laurence Pitt is Global Security Strategy Director at Juniper Networks. He joined Juniper in 2016 and is the security subject matter expert for the corporate marketing team. He has over twenty years of cyber security experience, having started out in systems design and moved through product management in areas from endpoint security to managed networks. In his role at Juniper, he articulates security clearly to business and across the business, creating and having conversations to provoke careful thought about process, policy and solutions. Security throughout the network is a key area where Juniper can help as business moves to the cloud and undertakes the challenge of digital transformation.