What are security implications for 5G and IoT?

By Jonathan Nguyen-Duy

VP – Strategy and Analytics, Fortinet

When combined with today’s powerful edge devices — whether consumer-grade smart devices or the new generation of industrial-grade IoT devices — the impact of 5G on business and networking strategies will be transformational. There are important implications for digital transformation that need to be considered, especially when it comes to securing the new network environments that 5G and edge-based computing will create.

The Impact of 5G on Networks

As 5G begins to be widely available, several things will happen:

• In addition to exponentially faster speeds, 5G will also introduce greater capacity, reduced latency and more flexible service delivery. This will enable organizations to provide better content, more real-time transactions and much richer user experiences across entertainment and commercial activities.
• Lower latency and highly reliable connections will enable greater edge-based computing without the need for nearby data centers to support latency-sensitive transactions and workflows. Instead, by provisioning computing services closer to end users, 5G servers will acquire enough intelligence to act as application servers — supporting a wide array of edge-based applications, transactions, and business processes.
• Eventually, when 5G speeds and capacity are combined with the unprecedented power of edge devices, we will see the creation of new edge-based networks that can share and process information locally, as well as cloud-based resources.

Because these edge-based computing resources will be highly distributed, they will need to be interconnected using enterprise-grade applications and high-speed connections to ensure that the huge volumes of data, workflows, and transactions they will create are tracked and analyzed in real time. 5G networking will also offer application developers and content providers cloud computing capabilities and an IT service environment at the edge of mobile networks to create new services. However, these open, hyperconnected edge networks will also have serious implications for how devices, data, applications, and workflows can be managed, along with how they connect to traditional and cloud-based networks.

• 5G will also have an impact far beyond interconnecting endpoint devices. IoT devices will be enlisted to track other devices and users, monitor inventory, gather user and device information, and provide real-time data that can impact everything from agile application development and manufacturing floors to managing and coordinating resources in highly connected environments such as smart cities.

Examples of 5G and IoT

Enhanced communication services within connected cars, for example, will go well beyond the current set of interactions that already occur internally between onboard IoT devices such as braking, environment monitors, GPS, and even entertainment systems. Live connections between drivers and businesses will enable financial transactions, such as paying for fuel, ordering food at a drive-thru restaurant or paying tolls, without having to pull out a credit card. Communications between vehicles and between cars and infrastructure-based IoT will enable enhanced traffic management and augment things like autonomous driving at highway speeds.

Likewise, there are significant implications for healthcare and medical IoT. 5G speeds will allow the real-time transmission of data to support things like remote surgery, the tracking of monitors and other connected medical devices, including wearable medical IoT, and the analysis of tests and scans by remote professionals. These advances will not only allow patients to have access to the best physicians in the world, but they will also extend 21st-century medical care to remote locations that currently lack reliable medical resources.

Security Implications for 5G and IoT

These new connected environments will also have serious consequences for security. The biggest challenge will be the sudden, exponential growth of the attack surface due to the rapid expansion of IoT devices and edge-based computing. This will be followed closely by the fact that these devices won’t necessarily be connected to a central network in a traditional hub-and-spoke configuration. With literally billions of IoT devices interconnected across a meshed edge environment, any device can become the weakest link in the security chain and expose the entire enterprise to risk. Addressing this challenge will require some fundamental shifts in how we think about networking and security.

• Security will need to be edge-to-edge, from the IoT edge, across the core enterprise network and out to branch offices and multiple public clouds. To do this, everything connected to the enterprise ecosystem needs to be identified, criticality rated and their state confirmed. Then, all requests for access to network resources will need to be verified, validated and authenticated.
• Security must also support elastic, edge-to-edge hybrid systems combining proven traditional strategies with new approaches. While network segmentation is a proven technique for containing cybersecurity risks and protecting sensitive resources, old strategies may not be best suited for a 5G world. New segmentation strategies will need to navigate local and remote resources that mix segments for which organizations may or may not have control. IT teams will need to evaluate how to manage the complexity of multiple co-managed systems as they implement 5G networks and public cloud services.
• Sharing threat intelligence, correlating event data and supporting automated incident response will require security technologies to be deeply integrated. This will require the development and adoption of a comprehensive, fabric-based security architecture. Machine learning, artificial intelligence, and automation will be key to accelerating decision-making, thereby closing the gap between detection and mitigation.
• Interoperability between different security tools will also require establishing new open 5G security standards, the adoption of APIs across vendors and agnostic management tools that can be centrally managed to see security events and orchestrate security policies.

These are just a handful of the security implications resulting from the adoption and deployment of 5G networks. But that is just the start of the impact of this new era of networking and computing. Security will also need to address the following scenarios:

• Automated network application lifecycle management will require security tools to not only be high performing but also highly adaptive to ensure that constant innovation includes consistent protection. It will also require organizations to transition from a DevOps model to a DevSecOps model to ensure that security is integrated directly into the development strategy.
• Support for cloud-optimized distributed network applications will require security to move seamlessly between and across different network ecosystems without losing track of workflows or dropping security functionality.
• Digital transformation will generate vast amounts of new data, most of which will be encrypted. Encrypted data currently constitutes more than 70% of network traffic. That percentage will only grow as encryption is used to protect data moving through open network environments. This will require high-performance security tools in IoT and other edge devices that can inspect encrypted traffic at both speed and scale.
• New strategies, such as network slicing, will enable organizations to more efficiently consume resources moving through massive data environments. This will also require segmentation and edge-based microsegmentation to protect critical resources while isolating them from open and less secure environments.

Where to Start

Many organizations are clearly underestimating the potential impact of the coming 5G revolution and the effect it will have on how they conduct commerce and compete effectively within the next iteration of the digital economy. However, there are a few things that organizations can do now to prepare. The most effective approach would be to migrate from traditional, isolated point defense products to a security fabric designed to be integrated, automated and open using open APIs and common standards. This approach also need to combine single-pane-of-glass management and control with security technologies that can move seamlessly across traditional, SD-WAN, multi-cloud and highly mobile endpoint and IoT devices for consistent visibility and control.

Organizations that begin preparing now for the security and networking implications of 5G, especially as billions of new IoT devices will be deployed in the next year, will be far ahead of their competitors. And in today’s highly evolving digital marketplace, that difference is likely to be critical.