5G: raising the cloud security bar
Cloud security must evolve to combat the realities of today’s threat landscape and the reduced risk tolerance due to the impact of an exploit or attack.
What is required to secure 5G network functions in the cloud?
Ericsson has identified 20 security categories that are relevant for the deployment of cloud-based network functions for 5G networks. Together, they represent a comprehensive set of security categories that provide maximum protection.
We consider these 10 cloud security categories to be a mandatory baseline for securing 5G network deployments with a zero-trust architecture on any cloud infrastructure:
- continuous monitoring, logging, and alerting
- micro-segmentation and micro-perimeters
- principle of least privilege
- Automated Identity and Access Management (IAM)
- Multi-Factor Authentication (MFA)
- PKI-based Mutual Authentication
- sensitive data encryption
- Threat Detection and Response (TDR)
- SIEM/SOAR integration
- DevSecOps and Continuous Integration/Continuous Deployment (CI/CD)
These four additional recommended security controls for 5G network functions and are available from public cloud providers:
- key management and hardware-based key storage
- secure APIs and API gateway
- compliance audit to regulations and industry standards • cloud security posture management
The 14 categories listed, represent the largest subset MNOs can expect for 5G network functions on a public cloud infrastructure.
With an additional 6 areas explored in the report, these represent the ideal target that MNOs should aspire to deploy all of these in order to achieve the maximum protection level.
Ericsson Intelligent Automation Platform
Ericsson is investing in service management and orchestration for RAN automation, which also facilitates a secure migration to public and hybrid clouds. Ericsson Intelligent Automation Platform (EIAP) implements SMO for Open RAN, and extends it to take openness and automation forward with multi-vendor and multi-technology RAN support.
As 5G critical infrastructure migrates to hybrid and public cloud deployments, it is necessary to build-in zero-trust architecture to protect the expanded attack surface from internal threats.
We invite MNOs to engage with Ericsson to set a clear and executable strategy for secure mobile networks deployed in public and/or hybrid clouds. Ericsson can facilitate three party conversations with cloud providers to achieve the desired outcomes.
