Private 5G networks are emerging as a crucial asset for enterprises, as they address common challenges across various industries. A recent study conducted by Omdia, in partnership with Trend Micro and CTOne, involved surveying 150 organizations and 150 service providers to understand their strategies for securing 5G networks. The research found that organizations deploy 5G for faster operations, handling a greater number of connected devices, and lowering operational costs.
Compared to previous generations of mobile protocols, 5G places a greater emphasis on security. Organizations are eager to take advantage of this enhanced security, but there is still a need for awareness and education regarding the limitations of 5G’s “security by design” approach. Additional security measures must be implemented to safeguard 5G networks, particularly when considering new endpoints such as IoT devices and mission-critical requirements. Omdia’s whitepaper titled “Beyond Secure by Default,” sponsored by Trend Micro and CTOne, outlines best practices for enterprise private 5G security.
A key aspect to consider when deploying a private 5G network is that organizations cannot rely on default security settings alone. While 5G networks offer improvements in authentication, access control, and encryption compared to previous cellular networks, they are not inherently secure. Therefore, organizations must take into account factors such as people, processes, and technology to ensure enterprise-grade security. Omdia’s research reveals that many organizations are aware of these additional requirements, with security visibility, risk control management, and streamlined alerting being their top priorities.
Another crucial consideration is determining responsibility in 5G networks. The deployment models for 5G networks can vary, and enterprises often work with service providers and system integrators at different stages of their journey. Therefore, it is vital for each organization to establish clear responsibility throughout the planning, deployment, and operation of the network. While enterprises may manage certain aspects such as the 5G private network core, IoT devices, and the data network, they may rely on service providers for the management of the radio access network (RAN) and multi-access edge compute (MEC) elements. This shared responsibility highlights the need for a comprehensive security solution that addresses the specific requirements and roles of different stakeholders.
Integrating enterprise 5G network security with existing security measures is another challenge highlighted by the survey. The majority of organizations (60%) believe that new security measures will be necessary and will need to be fully integrated with existing tools and services. 5G’s complexity can pose management and skills challenges for organizations, leading to misconfigurations and underutilized technology that can hinder cybersecurity efforts. While some respondents plan to run new 5G security measures separately (15%) or handle 5G security with existing tools and services (25%), it is important to note that 5G has nuances that require special attention. These include granular visibility into all aspects of the cellular network, security management for a large volume of connected devices, SIM-related threats, air interface vulnerabilities, and physical tampering with RAN equipment.
To ensure comprehensive security, organizations must consider the entire landscape and have a complete view of their 5G network alongside other technologies such as operational technology (OT) and IoT. This necessitates extending visibility and monitoring across IT, communications technology, devices, infrastructure, and networks. Proactive protection, detection, and response mechanisms should be implemented. The survey revealed that a significant reason for deploying 5G is the greater number of connected IoT devices. These devices often have security vulnerabilities, requiring organizations to have visibility into their actions, apply granular policies, and consider the flow of communication, data, and applications. With many organizations deploying 5G across multiple sites, the complexity of managing this environment and its connected devices emphasizes the importance of suitable tooling and technology.
In conclusion, private 5G networks offer enterprises the potential for faster operations, increased device connectivity, and cost savings. However, organizations must be aware of the limitations of 5G’s security features and take additional security measures to protect their networks. Clear responsibility must be established between organizations and their service providers, and integration with existing security measures should be a priority. Considering the entire landscape and implementing comprehensive security measures are crucial to safeguarding 5G networks alongside other technologies like OT and IoT. By following recommended best practices, enterprises can maximize the benefits of 5G while ensuring the security of their networks and connected devices.