Network conception and deployment have been dramatically transformed with 5G. Varying forms of 5G, from radio access networks (RAN) to Core have evolved from hardware-focused platforms to performing dedicated software functions. Because of these innovations, operators can now decide to deploy everything from radio functions to network functions, and basic communications service provider (CSP) functions – compatible with virtual functions – on their preferred cloud interface.
While certainly an opportunity for tremendous growth, this accelerating versatility also exposes pathways for threat actors to infringe on the network’s security through various routes and mechanisms. As such, it has become urgent to proactively address the potential risks the network faces. Particularly for CSPs in pursuit of digitalization, the security of the cloud has become critical as cloud-based services and tools often play integral roles in the network’s infrastructure.
Nonetheless, while figuring out how to secure the cloud remains the overall goal, operators first need to understand cloud security, as well as how they can execute it across various cloud computing offerings, before understanding how they can effectively secure the cloud.
Cloud security defined
Put simply, we view cloud security as a range of technology and strategies implemented to protect against internal and external cybersecurity threats targeting cloud computing environments.
While operators used to only focus on securing proprietary hardware from attacks, cloud security has become more complicated and navigates multiple network functions exchanging various resources and orchestration technology to ensure all threats are secured. On top of all that, we do this in conjunction with the added dynamic of analyzing traffic loads to determine the fluctuating levels of automatic resource consumption.
There are also many parties responsible for securing various areas of the cloud – from cloud infrastructure owners to suppliers of deployed cloud functions and even owners of services provided because of the use of cloud-based functions.
Needless to say, there are plenty of cooks in the kitchen – from responsible parties to various network functions and technologies. As such, it’s important for each team member to educate themselves on cloud computing models, their differences. and overall roles in securing the cloud.
How does cloud security differ from previous offerings? Businesses often find it hard to truly conceptualize the paradigm shift to cloud security. To help visualize its importance, here’s a fictitious story that details a potential use case for cloud security:
A large network operator’s chief security officer (CSO) received an unexpected message from a security operations center (SOC) team analyst, who detailed anomalies in a newly-deployed 5G Core Kubernetes (K8s) cluster.
The analyst explained that massive amounts of important network data were being transferred via suspicious DNS traffic to an unverified domain. Once the initial threat exchange was verified, the analyst confirmed that the threat was coming from a North Korean botnet.
Even with the SOC team’s quick response to identify and halt the threat, the incident still left them uncertain of what vulnerabilities let the hacker access the network. Could it have been via a third-party container or malware hidden in one of tens of images? Additionally, the team also had to determine why the attack was not recognized by their legacy monitoring systems.
Regardless, the team needed to find solutions immediately before a second attempt could occur. While this story isn’t real, such a major security incident could easily happen, instituting a cloud-specific incident response management plan, as well as alerting and involving CSO security.
Promising secure cloud containers
Containers, used to deploy and manage cloud software, only have to be built once and then can be deployed anywhere in the cloud. Increasingly critical to cloud environments, containers are also considered by many as substitutes for virtual machines that also have a low footprint.
Further, using containers simplifies the process of packaging thin workloads that share operating system kernel available resources at the runtime level. That comes with paradigm shift from bulky virtual machines into model driven lean instances foreshadowing everything as a code architecture.
It’s inevitable that companies will use container services more regularly. However, we still don’t know which features will offer the best fit for telecom operators. Some potential features include service mesh control plane sharing, container-managed cluster federation and multi-cluster setup. Kubernetes has become an emerging orchestrator for 5G cloud infrastructure, and it’s especially relevant when combining control and user plane traffic when involving microservices. This also further emphasizes the importance of container security, especially in a 5G cloud-native environment involving the private or public cloud.
With CSPs moving to public or hybrid cloud networks as well as the current rollout of 5G rollout, now more than ever, the cloud has become more complex with an increasing number of network layers. Unfortunately, one small human error in cloud security can expose all information, including sensitive data and intellectual property.
This can result in damage to the company ranging from brand reputation to revenue loss. It has never been more pressing to put cloud security at the top of the priorities list. While the way to approach cloud security can differ for every organization, operators need to strategize solutions that will fit their needs. If not, they risk significant damage – internally and externally.
Robert Roslonek, principal cloud security architect, ACS security consultant; Alexa Tahan, campaign and content strategist, cybersecurity, Nokia