Enterprise networks are evolving; your security architecture needs to evolve, too
The cybersecurity landscape is no stranger to change. Security strategies must adapt to the onslaught of new threats and the increasing sophistication of cyber-attacks. The emergence of 5G as a primary WAN technology creates new opportunities and corresponding security challenges for businesses. As 5G technology delivers faster and more flexible connectivity capabilities, enterprises can expand their networks and provide additional connectivity in more places and for a broader range of devices. With this comes a need for comprehensive, customizable security to handle this growth.
A major area that 5G technology will affect is the expansion of IoT devices, as many will be added to 5G networks. Ericsson predicts the number of IoT-connected devices will reach 34.7 billion by 2028, up from 13.2 billion in 2022. As the number of IoT devices continues to grow, the attack surface also grows, increasing the risk of attack from bad actors. This is why we have seen a rise in cyber-attacks targeting IoT devices, with Techmonitor identifying a 98 percent spike in cyber-attacks on IoT devices within the last quarter of 2022.
There are a few considerations for enterprises as they work to secure their IoT environment. First, many of today's network security solutions require an agent on a user device, such as a laptop, phone, tablet, or desktop. This model does not work with IoT devices. Also, most IoT devices have limited processing power to run onboard security. It is common for default passwords to remain at factory settings, making them easy to hack.
In response to these challenges, enterprises typically take one of two approaches to secure their environment. They may opt to leave security predominantly in the hands of their cellular provider. This approach comes in the form of private access point nodes (APNs). Unlike public APNs, to which most cellular devices (smartphones, tablets, etc.) are connected, private APNs are a secure environment where enterprises' devices, including IoT devices, can operate. There are benefits to this approach, such as the cellular provider setting up and managing the network. However, this option gives enterprises less control over their security and connectivity, can take several weeks to establish, and can be costly.
The other, more traditional option is a virtual private network (VPN), which the enterprise's IT department controls. However, VPNs allow broad network access, leaving the IT department responsible for restricting access. Also, VPNs have the potential for lateral movement once in the network, making it easier for cyber attacks to move through the network.
Enterprises need a new approach to security where the network plays an active role in security and encompasses the unique characteristics of 5G. The best option for today's enterprises is a converged network and security solution optimized for 5G. This solution includes secure access services edge (SASE) principles, including SD-WAN.
Fit for 5G -- The need for 5G SASE
Gartner's SASE framework is an attractive option to defend against the growing number of hackers and bad actors within the growing 5G landscape. While many of its principles are for protecting users -- secure web gateways, cloud access security brokers, and remote browser isolation -- the zero-trust network access principle in SASE also provides a great foundation where the network plays a major role in protecting IoT devices.
Unlike VPNs, ZTNA restricts access by default, leaving network access decisions up to the IT department. IT personnel can create security policies specific to each device before connectivity begins. Also, zero-trust hides public IPs and IoT resources from discovery if they aren't defined in the network.
A security solution with a foundation in zero trust managed through a cloud-based management platform also removes the configuration complexities associated with VPN. You don't have to configure routing protocols or assign an IP address for every router. Using cloud-based management allows an easier approach to network configuration, identifying resources, and setting up access policies for each device. This is especially important on networks with both IoT devices and users. With a cloud-based management system, creating and deploying role-based security policies becomes easier.
Cellular Optimised SD-WAN
SD-WAN is a critical element of SASE, providing secure connectivity over inexpensive direct internet connections and enabling traffic steering and prioritization. An SD-WAN solution that is optimized for 5G provides additional functions. For example, traffic steering and prioritization can be based on 5G parameters such as signal strength, data plan usage, and latency and jitter typically included with wired SD-WAN. Additionally, decisions can be made based on these parameters to switch from one modem to another for the greatest efficiency. For example, a first responder racing to an incident can be switched from one carrier to another en route for optimal performance. With new 5G technologies emerging, such as network slicing, a 5G optimized SD-WAN will provide enterprises with better performance and end-to-end service level agreements.
Preparing for the future
As more businesses move to wireless WANs as part of their infrastructure, providing a robust security and networking solution becomes more important than ever. 5G SASE takes the basic functionality of SASE (including SD-WAN) and takes it up a notch with 5G optimization. This gives today's enterprises a converged solution that is fit to truly leverage 5G technology.
James Bristow is SVP EMEA, Cradlepoint.