Getty Images/iStockphoto
Integrating zero-trust practices into private 5G networks
One of the first steps in deploying a technology is protecting it from potential security threats. Learn how to secure a private 5G network with zero-trust security practices.
Expect private 5G and zero trust to be top of mind with enterprise IT decision-makers in 2022.
One question likely to come up is how to extend zero-trust practices into private 5G radio access networks (RANs). It's possible for enterprises to take advantage of what zero-trust security models provide without interfering with the inherent performance, reliability and capacity benefits found in private 5G.
Jennifer Minella, founder and principal advisor at Viszen Security, an IT consultancy firm based in North Carolina, provided some best practices on how to integrate zero trust into a private 5G RAN deployment.
Apply identity and access management
A zero-trust model is a loosely defined framework that identifies, authenticates and authorizes all users and devices prior to gaining access to applications, data and services. When the topic of zero trust arises, most people think of how to centrally control and manage device endpoints from an identity and access management (IAM) perspective.
"Two key tenets of zero trust are strong device identification and authentication," Minella said. "From a device identity standpoint, cellular technologies, including private 5G, hold an advantage over other wireless transport methods, such as Wi-Fi."
One reason cellular networks have an advantage is because they rely on physical or digital SIM cards that securely store subscriber identities, Minella continued. Network owners can use the SIM identification mechanism to permit only those devices that should be allowed.
Teams can also apply zero-trust philosophies to administrative tasks. For example, network teams can use the latest privileged access management tools for administrative authentication purposes.
Security Assertion Markup Language (SAML) is a popular open standard language that shares user authentication credentials across multiple applications and platforms. With SAML, users only need to authenticate their accounts once before gaining access to protected applications and services transparently authenticated in the background.
"SAML can be integrated across private 5G LANs to centralize and secure privileged access," Minella said.
The ability to integrate SAML within a private 5G network for administration purposes provides seamless, unified authentication control across an entire network infrastructure.
Secure a network with segmentation
Certain enterprise applications and services require differing levels of network performance and data security protection. LTE uses the concept of network slicing to help better secure data as it traverses an LTE network within encrypted tunnels.
"Network slicing is a method to logically segment and encrypt traffic by placing identified data into predefined, logical slices, with the purpose of providing network service-level agreements from a performance standpoint," Minella said. "From a security perspective, network slices isolate traffic within a slice from all other slices in use."
Public cellular carriers are beginning to look at how network slicing can securely segment enterprise traffic into separate network slices. Using this model, each enterprise customer would receive a single, logically segmented network slice with specific service-level agreements (SLAs) attached.
Alternatively, private LTE and private 5G hardware and software vendors offer far more granular control over network slicing. In some cases, enterprises can securely segment and encrypt traffic on a per-flow basis, while also applying strict SLAs at the application and service levels.
Integrate APIs and security tools
SAML and single sign-on are examples of layering security tools across private 5G RANs for centralized and seamless authentication and access control purposes for administrative tasks.
Many private 5G RAN architectures and security tools also enable API access for external control, data collection and analysis, which benefit both current and future security integrations, Minella said.
"The bottom line is: The ability to tap into exposed private 5G RAN APIs guarantees that a host of relevant security, monitoring and alerting tools can be used to boost overall data security, while providing much-needed, end-to-end network visibility," she added.
Get the most out of a private 5G and zero-trust investment
For private 5G to become valuable, become trusted and drive business goals, it must perform and do so in a secure manner.
According to Minella, network teams can combine foundational security benefits inherent in 5G -- including SIM-based identification and network slicing -- with built-in security integrations and API access to form a tightly integrated security posture based on zero-trust fundamentals.