Far too often security measures are built into products and services after the fact – if at all. However, this gives rise to complex security challenges that are often more costly and time-consuming than baking it into the development process. The sheer scale of 5G functionality and opportunity demands that this habit is broken prior to the global adoption and implementation of 5G connectivity, and that comprehensive security assurance is delivered in collaboration with customers, partners, suppliers, governments, and industry regulators.
5G offers myriad opportunities but security must be baked in from the outset Risk and security strategies around digitalization projects and initiatives are frequently reactive in nature. This must change: the sheer volume of devices that could engage in simultaneous connections via 5G technology demand proactive measures be taken before widespread deployment takes place.
5G connectivity can usher in incredible advancements in convenience and capability. However, the stark reality is that every component connected to the global internet introduces a potential node of compromise. As the volume of 5G connected devices continues to grow, so too do the opportunities for unauthorized interception or access. This is a huge cybersecurity challenge that must be permanently considered, assessed, and addressed in near real-time.
Comprehensive security assurance requires collaboration and coordination
At the heart of cybersecurity is the need to protect the confidentiality, integrity, and availability (CIA) of organizational information: the starting point for security assurance. However, Omdia’s ICT Enterprise Insights survey suggests that organizations are struggling with security assurance, with significantly fewer than 40% having a complete or well-advanced approach to cybersecurity and digital risk.
Security controls are delivered in layers to prevent security incidents and breaches and protect the CIA of information. The more security-mature an organization, the greater the breadth and depth of the layers of protection.
Good practice for security assurance involves both a top-down and bottom-up approach. Properly assessing risk, using the standard equation of likelihood multiplied by impact, enables the organization to see that the risk has been accepted, mitigated, transferred, or declined. This applies the same for the huge potential volume of connected devices as 5G becomes reality as it does for anything else in the world of cybersecurity.
Cybersecurity standards are likely to be reviewed in light of the development of 5G networks. Consideration must be given to how the loss of each individual application, asset, or function might affect the wider network. The greatest risk could be faced by the user, the IoT device data, the manufacturer, or beyond. Only by understanding the risk can the storage of applications and assets on these devices be assessed.
Effective security governance, risk assessment, and compliance requirements will ultimately steer security assurance through policy deployment for 5G. The paradigm shifts that COVID-19 has introduced to the world has accelerated the removal of the traditional concept of a controlled perimeter, as more organizations and entities virtualize their workloads and interactions. The loss of this perimeter demands that security be assured through a collaborative endeavor.
Organizations want assurance on the protection of information and systems when being transmitted/handled/delivered by external suppliers, and that these suppliers and partners be open with their security assurance – and reserve the opportunity to test/audit them directly.
– Maxine Holt, Senior Research Director, Cybersecurity, Omdia
This blog post was sponsored by ZTE.