05 April 2024
Paul McHugh, area director UK, Cradlepoint
The cybersecurity landscape is no stranger to change. With the onslaught of new threats and the increasing sophistication of cyber-attacks, security strategies must adapt. The emergence of 5G as a primary WAN technology creates new opportunities and corresponding security challenges requiring comprehensive, customisable security.
A major area that 5G technology will affect is the expansion of IoT devices as many of these devices will be added to 5G networks. Ericsson predicts the number of IoT-connected devices will reach 34.7 billion by 2028, up from 13.2 billion in 2022. As the number of IoT devices continues to grow, the attack surface also grows, increasing the risk of attack from bad actors. This is why we have seen a rise in cyber-attacks targeting IoT devices, with some reporting an increase of 400% of IoT malware in 2023 alone.
There are a few considerations for enterprises as they work to secure their IoT environment. First, many of today’s network security solutions require an agent on a user device, such as a laptop, phone, tablet, or desktop. This model does not work with IoT devices. Also, most IoT devices have limited processing power to run onboard security. It is also common for default passwords to remain at factory settings, making them easy to hack.
In response to these challenges, enterprises typically take one of two approaches to secure their environment. They may opt to leave security predominantly in the hands of their cellular provider, which comes in the form of private access point nodes (APNs). Unlike public APNs, to which most cellular devices (smartphones, tablets, etc.) are connected, private APNs are a secure environment in which enterprises’ devices, including IoT devices, can operate. There are benefits to this approach, such as the cellular provider setting up and managing the network. However, this option provides enterprises less control over their security and connectivity, can take several weeks to establish, and can be costly.
The other, more traditional option is a virtual private network (VPN) which the enterprises’ IT department controls. However, VPNs allow broad network access, leaving the responsibility on the IT department to restrict access. Also, VPNs have the potential for lateral movement once they are in the network, making it easier for cyber-attacks to move through the network.
Enterprises need a new approach to security where the network plays an active role in security and encompasses the unique characteristics of 5G. The best option for today’s enterprises is a converged network and security solution that is optimised for 5G. This solution includes secure access services edge (SASE) principles including SD-WAN.
To defend against the growing number of hackers and bad actors within the growing 5G landscape, Gartner’s SASE framework is an attractive option. While many of its principles are for protecting users — secure web gateways, cloud access security brokers, and remote browser isolation — the zero-trust network access principle in SASE also provides a great foundation where the network plays a major role in protecting IoT devices.
Unlike VPNs, ZTNA totally restricts access by default, leaving network access decisions up to the IT department. IT personnel can create security policies specific to each device before connectivity begins. Also, zero trust hides public IPs from discovery and hides IoT resources from discovery if they aren’t defined in the network.
A security solution with a foundation in zero trust, managed through a cloud-based management platform, also removes the configuration complexities associated with VPN. You don’t have to configure routing protocols or assign an IP address for every router. Using cloud-based management allows an easier approach to network configuration, identifying resources, and setting up access policies for each device. This is especially important on networks with both IoT devices and users. With a cloud-based management system, it becomes easier to create and deploy role-based security policies.
SD-WAN is a critical element of SASE, providing secure connectivity over inexpensive direct internet connections and enabling traffic steering and prioritisation. An SD-WAN solution that is optimised for 5G provides additional functions. For example, traffic steering and prioritisation can be based on 5G parameters such as signal strength and data plan usage, in addition to latency and jitter typically included with wired SD-WAN. Additionally, decisions can be made based on these parameters to switch from one modem to another for greatest efficiency. With new 5G technologies emerging such as network slicing, a 5G optimised SD-WAN will provide enterprises with better performance and end-to-end service level agreements.
As more businesses move to wireless WANs as part of their infrastructure, it becomes more important than ever to provide a robust security and networking solution. 5G SASE takes the basic functionality of SASE and takes it up a notch with 5G optimisation. This gives today’s enterprises a converged solution that is fit to truly leverage 5G technology.