The promise of 5G is recognized by businesses in many industries, which understand its major benefits -- including the ability to expand the power of compute, promote product and service innovation, as well as provide new revenue potential through its low latency and high bandwidth.
In fact, according to a recent report from AT&T Cybersecurity, 80 percent of business leaders surveyed are adopting 5G to remain competitive in their industry, to create new IT projects, and to establish new business models. This presents a drastic shift in how technology is being adopted, introduced, and used for competitive advantage.
However, it’s important to note that 5G is not a one size fits all technology. In fact, the path to implementing 5G is unique to every organization, and as a result, enterprises should closely examine their existing company networks and security models prior to and throughout 5G implementation.
Since 5G is early in the adoption cycle, how to address 5G and cybersecurity may be somewhat confusing and isn’t necessarily well understood. As enterprises investigate what a 5G-connected architecture looks like, they need to understand their responsibility for protecting all assets connected to the 5G network. Those assets include data, applications, systems, services, and endpoints – the items the network customer is responsible for.
In this article, we’ll introduce the importance of a 5G shared responsibility model with cybersecurity and how various roles across an organization can work together to help protect the assets connected to this network. Let’s explore:
The 5G Shared Responsibility Model
According to our research, enterprises are cautiously optimistic about their preparedness for 5G and security of assets connected to the network, with 72.7% claiming medium to high confidence in their organization’s security posture in preparation for the rollout of 5G.
But optimism alone won’t keep malicious actors away. Much like the early days of public cloud adoption, a shared security model is needed with 5G to help bolster defenses. A shared model will allow enterprises to shift many network functions to carriers while also empowering employees to understand their own unique role in protecting the assets on the network.
Here is a breakdown of the multiple roles involved in the introduction of a 5G shared responsibility model (which can also be referenced in the figure below):
- 5G manufacturers: 5G manufacturers and solution providers embed security into the network architecture, and 5G network operators are also building security into their networks. For example, the 3rd Generation Partnership Project (3GPP), a standards organization focused on 5G, is building security into 5G standards from the ground up.
- Cloud service providers: With this shared approach, cloud service providers are responsible for the network and cloud infrastructure, with a responsibility to comply with regulatory standards and frameworks while providing continuous monitoring of the network and the data traversing across it.
- The enterprise at large: As in public cloud, the enterprise must provide for the security of its own devices and endpoints, as well as the data and applications within. This includes all endpoints, IoT devices, multi-access edge compute devices, applications, and more. The customer - or organization at large in this case - is responsible for the security of the data that they create and store on the network. Additionally, enhanced identity access management and data protection suites are needed in addition to the physical security of any on-premises customer equipment used for multi-access edge computing.
- Individuals working for or with the enterprise: The weakest link in an organization is its employees, and the human element should always be considered. With the introduction of 5G to an enterprise, it’s critical to educate employees on their shared responsibility of protecting the assets on a 5G network. Employees should be especially cognizant of devices they're connecting to 5G as they conduct business in a hybrid work environment. This should be incorporated into regular, interactive cybersecurity training within the organization -- not only for direct employees but also for third-party companies who work with and within the enterprise. After all, security belongs to everyone who touches the organization in some way, as each individual owns a sliver of the exposed attack surface, including that of a 5G network.
5G is here today and will become ubiquitous. As a result, organizations must acknowledge that 5G will ultimately enter their business in one form or another. The key factor for the organizations that thrive amidst the 5G revolution will be those that understand and take a shared responsibility towards protecting the assets on the network.
Theresa Lanowitz is Director, AT&T Cybersecurity.