Building Secure 5G and Nextgen Networks Using API’s and NaaS Architectures

If there is one thing Pandemic has taught us is that adopting a scalable Cloud model and Automated Network is not a Nice thing but rather a Must have to thrive and innovate new requirements for Telecoms .

However as business continues to become more open for both internal and external applications the questions around “Data gravity” , “Data confinement” , “data controls” and “data Privacy” becoming more and more important .

Now while the above topics looks quite straight forward in the IT world with a mature framework and tools , in Telco it is not as simple due to the conjunction of Telecom security compliance in an IT style system . To make it understand historically how Telco’s develop their Systems was based on boundary conditions based on Trusted Zones , Non Trusted Zone and DMZ A.K.A De-Militarized zones

Now with 5G and Future Networks which follows a “Cloud First” approach the biggest challenge comes to deliver same type of requirements and expectations in an cloud and dis-aggregated models . This requires a software and API centric approach on how a Security domain and characteristics will look like .

As an example hoe to deliver

  1. Security visibility in terms of SoC and Management tools solutions
  2. Ensure every thing is security pruned before deployed
  3. Model all requirements using software and API’s

Setting right Multi Cloud Model for Future Telco Services

This is important that in the context of Telco we understand Telco services clearly e.g characterize and benchmark different Applications to different cloud Models and then both secure and manage them as a whole and not in Legos .

This is where Multi Cloud model is pivotal and should support full LCM across following security postures

Control

Focused mainly on content and packages Managmeent , CI/CD pipelines , Vulnerability analysis , App configs control and API’s protection for CI/CD

Focused mainly on content and packages Managmeent , CI/CD pipelines , Vulnerability analysis , App configs control and API’s protection for CI/CD

Control

It comes to LCM for security tasks , IAM , Data protection Focused mainly on content and packages Managmeent , CI/CD pipelines , Vulnerability analysis , App configs control and API’s protection for CI/CD , packages assurance and compliance and risk quantification

Detect and Respond

This is the Most critical part of Multi Cloud security involving how to address security SLA’s across different clouds , how to isolate infrastructure and networks both data and service .

Finally it is important to observe data using a single pane of glass and possible integration with DATA and ML/AI pipelines .

This proposed model for delivering security to 5G and Future Multi Cloud Networks are very important to do proactive Threat detection and Incident response

https://medium.com/taslet-security/

In a true Multi Cloud model while Cloud become a commodity the Security needs to be standard and complied across all domains and Cloud Infrastructure

SoC and Management

Delivering and selling security as a product mean we need to make changes to how we build , sell , deploy and manage Networks around one simple concept which is “unified control” , “Integration and Single Pane Operations” and “Proactive first” which is seamless ingest the data in real time to tame both the analytics value and use case delivery in real time .

It also means any data breach or even policy breach will be reported and complied in real time

Check how Dell Multi Cloud Security solutions adressing these requirements

https://www.dell.com/en-us/dt/campaigns/dell-emc/future-proof-data-protection.htm

Data Protection

When “Cloud” will become a central theme for Networks the “data” will become even more important , not just for analytics “data” will also help us meet all security and regulations requirements , using a standard Data Protection solution is a must to achieve the outcome based results .

Infrastructure Automation

Also we need to understand how the Infrastructure will be deployed and delivered using a Cloud operating Model something which is federated , hierarchical and delivers securely in a massive scale .Below is a good example

Deliver Security as a Service

Now although the Cloud lego gives a good intro on how we can build and stretch a secure infrastructure across different players it is not the outcome at least for Telco which measure a success once tied with a “Telecom Service” that delivers a 99.999% reliability and stringent security SLA again set by Telecom bodies , TSR regulations and local governments .

This is where it becomes vital how we can abstract all these building blocks and deliver security as a Service using NaaS and API capabilities that comes natively with 5G SBA (Software based architectures) .

Although delivering E2E services by Slicing is in early phase of adoption but clearly this is the future of “Security” and “NaaS” with clear standardization of

  • How to ensure resources from different slices not to impact each other?
  • Pre-emption rules when resources are scarce
  • Define E2E security architecture for Network slicing
  • Define security requirements of inter operator slices


With the standardization of 3GPP Release 16 and many operators commercializing plans it is very important to evaluate slicing security impacts in the context of industry and other verticals as the stringent industry requirements make it necessary to apply an industry grade security and Telecom security requirements (TSR) as defined by both international and local regulations. The most important requirement to apply slicing in industry is that the data generated and owned by the industry partner do not leave the industry premises. Further it requires clear data governance for example demarking data boundary between industry control, management, service data and MNO. These security requirements also stipulate
that the industry data is not available or leak to any outside organization including MNOs who may be the infrastructure provider for such solution.

Check below on hoe #dell is working with its partners #VMware and #Oracle to deliver the secure slice based services across different industry verticals at scale adressing Telco unique needs to increase innovation and offering for Enteprrise and business

  • Providing a consistent platform across local, edge and regional data centers
  • Simplifying operations across all domains through consistency
  • Optimizing resource utilization with dynamic, programmable provisioning
  • Automating end-to-end network slicing orchestration

Click to access dell-technologies-validated-design-for-5g-core-with-oracle-and-vmware-solution-brief.pdf

Advertisement

Published by

Saad Sheikh

I am a Senior Architect with a passion to architect and deliver solutions addressing business adoption of the Cloud and Automation/Orchestration covering both Telco and IT Applications industry. My work in carrier Digital transformation involve Architecting and deploying Platforms for both Telco and IT Applications including Clouds both Open stack and container platforms, carrier grade NFV ,SDN and Infra Networking , DevOps CI/CD , Orchestration both NFVO and E2E SO , Edge and 5G platforms for both Consumer and Enterprise business. On DevOps side i am deeply interested in TaaS platforms and journey towards unified clouds including transition strategy for successful migration to the Cloud Please write to me on snasrullah@swedtel.com

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s