enterprisesecuritymag

Securing Telco Cloud for the 5G era

Srinivas Bhattiprolu, Head of Advanced Consulting Service, Nokia Software

Srinivas Bhattiprolu, Head of Advanced Consulting Service, Nokia Software

Cloudification of Communications Service Provider (CSP) network is imminent

The concept of cloud has become ubiquitous and has made inroads into the networks of communications service providers (CSPs). 5G will create new cloud-based applications and opportunities that are unviable with current network blueprints. CSPs in the past have always questioned migrating the network functions in their entirety to a public cloud as they are often sceptical of its security, however no CSP can discount that hybrid cloud strategy will be a corner stone for their 5G plans.

In the 5G realm, it is important to remember that networks will become programmable so the power of cloud will be needed to future proof the network and drive the costs down taking advantage of economies of scale. This is the only way CSPs can exploit the 5G metamorphosis - by embracing a holistic and secure hybrid cloud strategy.

The Telco Cloud

The telco cloud is based on the predominant idea of cloudifying network elements of CSPs to create anameliorated experience and scalability. Currently the network functions are an integration of hardware, software, applications, and data. This approach is resource intensive and not scalable for the new digital world. This is now creating a scenario where legacy orchestration solutions are separated from the digital infrastructure vis-a-vis the cloud, virtualization, and containers.

An effective integration of these domains (orchestration and infrastructure) is possible through the telco cloud. Open-source platforms are gaining popularity in these two worlds. These platforms will help bring down the Total Cost of Ownership but will add additional complexities. Many CSPs are already contemplating a unified digital infrastructure across network functions and IT applications to exploit the above-mentioned levers.

What are the possible vulnerabilities and threat vectors in a telco cloud?

Telco cloud environment will be intricate and heterogeneous, including multiple tiers, technologies, deployment models, applications/network functions and APIs. The diversity of cloud computing models poses a securityrisk where different types of attacks are now targeting the cloud infrastructure. Static, manual and perimeter security are obsolete and ineffective for dynamic clouds. Security breaches will have serious ramifications for CEOs and other key stakeholders. The threat vectors are ever expanding. Prevention is more desirable than a cure and implementing proactive security measures will go a long way in protecting the crown jewels for CSPs.

An end-to-end telco cloud system encompasses multiple components, each of which can be subjected to distinctive attacks. An illustrative view of the cloud infrastructure threat landscape is depicted below:

There are a myriad threat vectors, and attacks can ensue with or without any human involvement.

A few best practices

The threats and vulnerabilities are different so there is no silver bullet for securing atelco cloud. A few best practices will aid in this process, some of them are depicted below. CSPs must embrace the agility and innovations associated with the Internet world. Moving toward, a zero-touch architecture with extreme automation is essential to improve the operational efficiency and network performance, and this will have a direct bearing on costs. Automation, cloudification and Artificial Intelligenceare essential attributes for increasing agility, thus enabling a faster rollout of services and a better customer experience.

Conclusion

Security must be anintegral part of the telco cloud and the services that run on it. It needs to move from being a disjointed bolt-on to network services to be concomitant and built-in as a part of every service that is being offered by the telco cloud. Security was too siloed into multiple technology domains in the past and this resulted in many vulnerabilities in a telco cloud environment. CSPs are now realising the importance of an integrated and holistic approach towards a secure telco cloud. Traditionally,human-originated errors dominated the root causes of various security vulnerabilities, this is relevant for telco clouds as well. These human errors can be effectively eliminated through automation. In my view, automation must become the new normal for CSPs. With 5G and edge potentially opening the network to web-scale competition, security will surely be a key characteristic in enabling CSPs to differentiate their solutions and their new network infrastructure in the 5G realm.

Weekly Brief

Read Also

The Ever-evolving Regulatory Landscape Around Data

The Ever-evolving Regulatory Landscape Around Data

Dan Han, CISO, Virginia Commonwealth University
High Performance Cybersecurity

High Performance Cybersecurity

Simon Goldsmith, Senior Director Information Security APAC, adidas
Modern Tech Leaders Are Building Apps, Not Buying Them

Modern Tech Leaders Are Building Apps, Not Buying Them

Mike Pehl, Managing Partner, Guidepost Growth Equity
The Ai-Driven Future Of Talent Acquisition And Development

The Ai-Driven Future Of Talent Acquisition And Development

Tim Guleri , Managing Partner, Sierra Ventures
The New Ipo - Modifying The Traditional Ipo Structure

The New Ipo - Modifying The Traditional Ipo Structure

Jeremy Abelson, Portfolio Manager, Irving Investors
Power Of Connectivity And Data

Power Of Connectivity And Data

Homan Yuen, Partner, Fusion Fund