Clicky

5G Security: The Essential Key to 5G Fortunes – Futurum Tech Webcast
by Ron Westfall | June 10, 2020

In this episode of Futurum Tech Webcast host Daniel Newman is joined by Ron Westfall, Senior Analyst and Research Director at Futurum Research aka “the 5G Security stud,” to assess the 5G Security market. We delved into why 5G and security together are such a hot topic and what makes 5G Security a distinct and rising area of focus. This discussion also is a precursor to the upcoming Six Five Summit event planned for the mid-summer. This high impact, slim time commitment, interactive virtual event is free, positively packed with superb information and takeaways, and also available on demand for all registrants. Stay tuned!

In our discussion, Daniel and I explored the reasons 5G security is of paramount importance to the 5G ecosystem, especially service providers. For starters, 5G security warrants its own separate and special category of mobile security. While 5G security shares common attributes with previous generation mobile networks, such as 4G/LTE and 3G, 5G ushers in unique security requirements. These distinct security requirements include distributed software-defined architectures that depart dramatically from traditional, hardware-oriented mobile security arrangements.

The biggest challenge in accelerating 5G services is security. I shared some research takeaways from the recent Futurum Research study, The 5G Edge: Powering Innovative Services and Experiences, indicating that service providers identified unifying cybersecurity systems at the edge as the top priority for their enterprise customers. This creates new opportunities for services providers to invest more in their security as a service (SECaaS) and managed security service provider (MSSP) capabilities to fulfill this urgent 5G security demands among enterprises.

The use cases that warrant E2E 5G security implementations. We assessed the emerging 5G use cases that require E2E security oversight, including the rapid proliferating IoT devices, ultra-low latency, and massive bandwidth increases. These use cases, expanding the threat surface, include industrial applications and gaming on the consumer side.

The importance of endpoint security. We also addressed why endpoint security management is of particular importance, due in large part to the fact that the majority of security breeches occur at the endpoints. This requires service provider security operations centers (SOCs) to leverage endpoint security administration with cloud security and domain security management to achieve E2E security assurances.

Ecosystem’s vital role in 5G Security. Lastly, we discussed the critical role the ecosystem must play in delivering comprehensive 5G security, encompassing a wide range of players, such as cloud service providers, silicon vendors, and infrastructure suppliers. Prime examples included AT&T using Samsung Galaxy 20 smartphones that use new purpose-designed security chips to strengthen overall security in 5G environments, Vodafone’s Cyber Enhanced package aimed at critical infrastructure applications, and KT using blockchain for B2B financial transactions.

You can watch my interview with Daniel here:

Or grab the audio version here:

As we concluded our discussion, we assessed why the time is now for service providers to fortify their 5G security portfolios and marketing messages. Already 81 operators in 42 countries have deployed 5G, with many more ready to use valuable 5G spectrum assets they invested in so heavily. In a nutshell, without comprehensive 5G security, service provider 5G business objectives and deals will go to the competitor best prepared to offer customers the 5G security they seek.

This is your reminder to make it a point to keep in mind Futurum Research’s upcoming Six Five Summit event being held midsummer. This high impact, low time commitment, interactive virtual event is free, sure to be packed with great information, and also available on demand for all registrants.

Please also check out our Futurum Research security Insight articles, including:

CISO’s Playbook for Leading Security During COVID-19 – Futurum Tech Podcast Interview Series

Failing IoT Security Means Old Malware Makes IoT Comeback

Nokia Secures Its Security Messaging

Note that this show is intended for information and entertainment purposes only. Over the course of this webcast, we may talk about companies that are publicly traded and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors and we do not ask that you treat us as such.

Image Credit: 5Gsecurity

Daniel Newman: Welcome to the Futurum Tech Podcast. I’m your host today, Daniel Newman, Principal Analyst and Founding Partner at Futurum Research. I’m excited about this series of interview podcasts we’re doing here on the Futurum Tech Podcast, as we are garnering conversations across our team, myself, in a new format that we haven’t been historically doing. Anyone that’s followed the Futurum Tech Podcast knows that for about the first year we had set it up in a certain way with a certain main dive topic and then four or five quick notes.

Over a period of time, we’re trying to get to more timely, deeper conversations into more specific topics. Another thing I’m definitely trying to do is feature this great team of analysts at Futurum Research, which today I have Ron Westfall. Ron’s our Senior Analyst and Director of Research, handling a wide swath, but areas like data center, network, telco service provider, and so much more. Ron Westfall, welcome to the Futurum Tech Podcast. Not your first time here, but it’s the first time you and I doing the show like this.

Ron Westfall: Right on, Daniel. Thank you so much for the outstanding introduction. It’s just an exciting time. It’s also a challenging time, and so what we’re discussing today I think is going to be very important to the folks out there.

Daniel Newman: Yeah, it is a very important topic. The topic today is going to be 5G security. Now, for everyone out there listening, definitely want to tease a few things that we’ve got going on. Summer may not involve a lot of travel for everybody, but the summer will involve a large digital summit. People that maybe have been working with the analyst community for a while may have noticed that myself and my friend and analyst Patrick Moorhead have created a podcast called The Six Five. The Six Five is brought by Futurum Research and Moor Insights and Strategy. As our events schedule cleared out, our two firms decided to partner up together and take The Six Five Podcast and actually turn it into something bigger and we’re going to do a Six Five summit. There’s a lot to come. We’ve got some really exciting headliners. We’re going to have nine different tracks talking about everything from cloud and data center to applications, collaboration, and devices. And so much more. We’ve got some amazing headliners. Cannot tell you who they are yet because the big reveal has not come officially. But yeah, if you like the conversation today, definitely check out The Six Five and The Six Five summit, because 5G will be a big topic at this event.

5G, by the way, is a huge topic. Besides the fact that there’s a bunch of conspiracy theories that somehow 5G caused coronavirus, and it didn’t. I’m sorry. We don’t really need [crosstalk] to even debate that. It just didn’t happen. But, besides that, 5G was one of the biggest tech trends and conversations that was going on across the tech landscape prior to COVID-19, and of course other world events that have definitely taken the media and attention away from day to day business. By the way, all very important stuff, so I’m glad we’re talking about it. But, 5G is also, as we emerge, hopefully as a better place and a healthier place and a safer place, is going to be a big, important topic in terms of the way people are going to connect and communicate and when you create new networks, you create new needs for security.

Ron, I’m going to let you play a little bit of the expert here and I’m going to play a little bit of the host and moderator. And analyst, because you know I can’t help myself but chiming in. You wanted to talk about 5G security. By the way, I made Ron pick the topic, and it was a good one and I’m glad he did. But let’s start with 5G security because we’re talking about 5G, we’re talking about fast connectivity, we’re talking about the next generation of devices. Security is not always a name that catches everybody’s attention. Not security. 5G, yes. Security, no. Talk about 5G security. What do you even mean by that?

Ron Westfall: Outstanding introduction. It’s high time that 5G security becomes a top priority concern for the entire ecosystem. Yes, 5G attracts more headlines, garners more attention and security is like, okay, we got to have it. It’s one of those checklist items. But, what is different now is that 5G security is introducing a new set of security requirements and challenges. To be sure, 5G does have security components that are in common with 4G LTE and 3G mobile networks. For example, the 3G PPP standards and sure that there’s capabilities like mutual authentication and encryption and interoperability that are essential for any mobile network to operate securely. However, because 5G is introducing a new distributed software defined architecture, that’s where the difference is going to be. So, in addition to working with 3G PPP standards, capabilities, they have to take into account what’s going on with IETF security development and what’s going on with ONAP, or open network automation platforms, and so forth. That’s actually the major challenge, is bringing this all together so that the customers out there, primarily enterprises as well as consumers, have peace of mind when they’re using any 5G device or service out there.

Daniel Newman: Yeah, absolutely. And with 5G as a whole, security is not really just a thing for 5G. Security is going to be a thing for every single kind of network. As we move forward, what we’re going to see is networks operating the WAN and the LAN are going to be more greatly interconnected than ever before. We’re going to see 5G being brought into the enterprise the way the LAN network used to be brought into and then be distributed like a wireless network that was based on the LAN. That’s because 5G is going to be faster. It’s going to be more secure. We’ve heard about slicing in the past, but this is going to become more of a common practice, not just special case, with the ability to widely spread.

Actually, I did an interview just the other day with the head of networks for Qualcomm. We were actually talking about they developed two new products, one called FastConnect and one was their new Network Pro. Their FastConnect is all about the chip set that goes into the devices that enables WIFI 6E, and then the new Networking Pro is basically anywhere from your home to a stadium being able to distribute WIFI 6E. As we go to this WIFI 6 era though, the way the connectivity may actually come into a venue, unlike in the past where it was always broadband and WIFI, we’re going to see a lot more 5G. So, these two networks working together, Ron, are going to be really important, and that’s going to create new challenges for designing and securing and building out from what the enterprise has been most used to.

Ron Westfall: Without a doubt. And, according to our research, we asked the service providers, when they are targeting the enterprises what is the most important aspect of 5G deployment? And it’s unifying security at the 5G edge. That came out as the number one priority, by a sizable margin. Number two was protecting privacy concerns, which is closely related to 5G security 101. This is coming out ahead of things like multi-cloud management and workload distribution optimization. All of these things are of critical importance, but security just rings out as the number one issue. As a result, this is an opportunity for the service providers to really develop and invest more in their security as a service. Capabilities, for example, naturally making their managed security offerings much more robust, because this is going to be the linchpin.

It’s going to be, just quite simply, vital to enabling any ability to monetize 5G once they get past the basic deployment phase and decide, okay, what can we do with 5G beyond enhanced mobile broadband capabilities and some other low hanging use cases out there. The whole point of this is to make the 5G network the sensor of the digital ecosystem to transform the global economy and that requires more advanced capabilities. It requires, quite simply, these security mechanisms, and that’s going to rely heavily on, for example, security operation centers that enable these unified security management capabilities that aren’t suffering from legacy fragmented and implementations and so forth. So, this is definitely a clarion call and there’s no doubts to your point that yes, 5G security is not a one off, and it’s certainly not one dimensional. It’s going to have to provide unified security across the fabric of the operator network and their enterprise customer networks as well.

Daniel Newman: That’s going to be really interesting too, because there’s going to be a rise of a whole new set of players. So, you had your network service providers and you had your more enterprise IT providers, and you’re going to start to see more crossover. I love the acronyms. We need a, we need a SECASS. Yeah, you hear what that sounds. I need a SECASS. I’m talking about the security as a service, nothing else. Keep your minds clean folks. And then of course, your managed security service provider. Because an MSP isn’t enough. We now need to specialize that to be just a security service provider. And then of course, with the multi-cloud, we’re going to need the MCMSSP, because again, I think the problem, Ron, with 5G security is that the industry lacks acronyms. No, that was a joke. I’m not even going to speak on to that. I want to make sure everybody out there is paying attention. To name a few people, we don’t need any more acronyms.

Ron Westfall: I can answer that.

Daniel Newman: But what we do have is a challenge that’s going to require some real specialized services, and 5G itself is going to create its own industry, its own ecosystem, and something for people to pay attention to. Let’s talk about emerging 5G use cases, Ron. What are these use cases that you see that warrant this greater end to end security and that have implications and require implementations?

Ron Westfall: What comes immediately to mind is internet of things, or IOT. Here’s another acronym that’s very much part of the 5G universe. Quite simply, what is different here is just the sheer magnitude of devices and sensors that are onboarding onto a network. This is far beyond onboarding smartphones and handheld devices and making sure that all those are secure. Those are controlled primarily by the operator. What’s different here is that there’s going to be more reliance on the endpoint providers to come up with better security mechanisms. This is certainly one use case that is screaming out for we need to think through unified security capabilities. The threat surface has expanded. The number of opportunities for the bad actors and the hackers out there are just there because IOT issues, for example.

In addition, there’s the rising applications like gaming. As we can see from South Korea, for example, that while people will adopt 5G for better broadband, better quality service can also increase enthusiasm for a gaming application that some people would normally not maybe have even tried before. So, gamification coming on the consumer side also expands the security threat issue. These are primary examples.

There’s also vertical use case examples on the industrial side. On the industrial side, private networks are taking care of some of the immediate security concerns, but as you pointed out with your Qualcomm conversation, there’s definitely going to be a blending of 5G, WAN, and WIFI LAN capabilities, and that’s going to require that unified security package that is very distinct to the 5G networks as they expand and scale rapidly.

Daniel Newman: Yeah, I like that a lot. I think a couple of things that you mentioned that really catch my attention is everything at the edge and IOT. When we think about 5G, we think about devices. Most people think about consumer, they’re not really thinking about edge.

They’re not thinking about autonomous vehicles. They’re not thinking about IOT and retail environments. They’re not thinking about basically this whole connected, smart city, smart grid. The connected consumer, the connected enterprise is all going to depend on the edge to cloud connectivity. At the edge, we’re going to see a lot more applications for ultra-low latency and 5G is going to be an important vehicle for that delivery. So as we pull it together, the threats of security in those particular locations are going to be important.

I think it’s also worth mentioning, Ron, I’d love to have you chime in on this as well though, is that inherently service provider networks, as opposed to traditional IT networks and the LANs and the enterprise and our homes tend to be more secured by nature. You hear a lot less about people’s devices being hacked that are on a LTE network in a Starbucks than people that are on a LAN or on the WIFI network inside a Starbucks. So, I think there’s some natural gravity with 5G security towards it being more inherently secure. I think the rise of the ACPC is a great example. When you’re in a location and you have your own LTE or your own 5G connection that’s dedicated to your device, your vulnerabilities actually become less than if you’re trying to use a shared network. Have you thought much about that? What are your thoughts on that?

Ron Westfall: Oh, absolutely. As indicated, the vast majority of security breaches occur from the edge or the end point and yes, thankfully, due to the work of the GSMA, the three GGPP standards capabilities, SIM cards, for example, have ensured pretty robust security with mobile devices. What is a key technology, an enabler, is what’s called ESIM, or embedded SIM capabilities, where we’re taking the same principles, the same capabilities that have worked with smartphones and applying it to the vast ecosystem of endpoint devices out there. Certainly IOT devices come to mind, but any sensor that is essential to an industrial setting. Any device out there that is critical for an industrial application. Public safety comes to mind, which has come to the forefront because of, for example, the COVID-19 pandemic, let alone some of the recent riots. This is demonstrating that the industry is coming together. It is providing a very win-win type of solution, taking the best of both worlds, taking the reliable security from the 4G LTE world and disseminating it across the emerging 5G world. The software flexibility of an ESIM implementation is where the new capabilities really kick in. We’re not so dependent on the hardware, you have to slide the SIM card into your mobile device in order to get that robust security that we’re familiar with on traditional smartphones.

Daniel Newman: Yeah, absolutely. And you make some great points. I think you sort of accidentally on purpose touched on the next topic, which was going to be about endpoint security management. But, I think as we look at end to end, in order to end-end secure, it always starts with the end point, it starts with the core. Data and flight always creates new risks, so that’s where things like an encryption become really important for how data is in transit, is secured. Keys, other ways that companies can make sure that they protect it. I’m going to skip past the end point topic, just because I think we sort of touched on it, Ron, but let’s talk about ecosystem a little bit, because we got to start tying this all together, essentially.

There are players of yesteryear. Like I said, you had your traditional network providers, you had your service providers, but we have a whole series of new entrants too. You got your legacy providers. You got your Nokias and Ericssons and Netcrackers and these companies that have been in this space, have a lot of deep expertise, but you also have a wave of new. You got Cisco and you got Intel. You’ve got Red Hat. You’ve got Nvidia. Companies coming out of the woodwork. And then of course, the hyperscale cloud, AWS, Microsoft. They all want to play in the 5G space as part of the ecosystem. Talk a little bit about the ecosystem’s role in basically handling the demands of 5G security.

Ron Westfall: Absolutely. And, I think those are outstanding examples. Clearly, the cloud in particular, the public cloud and multi-cloud implementations, are going to be an essential element in how 5G security is successfully implemented. As a result, we’re seeing the major cloud providers, the AWSs, the Azures, the Google Clouds, the IBM Clouds, and so forth coming out with specific security packages to address this very need and aiding the customers out there through AI and analytical engines, for example, to compliment what they are implementing on their side to get that across the board security assurance. Likewise, yes, the Silicon providers are certainly playing a new elevated role. It’s basically baking in security into devices so we’re not having to luge security as we’ve had to in the past.

That comes to mind, for example, AT&T is using Samsung Galaxy 20 devices that have a purpose built security chip. This something new. This is something that is coordinated with the other security mechanisms out there that are being implemented at the cloud, at the data center, at the enterprise premise, and so forth. This is a great example of how the ecosystem can actually coordinate and improve the end to end security requirements out there. In addition, we see Vodaphone, for example, offering its critical infrastructure cyber security service in order to meet just these emerging demands. Because, as we know, critical infrastructure is more important than ever, due to things like The public health crisis, as well as public safety concerns. Speaking of ecosystem and technologies coming together, Haiti, with its initial 5G deployments, is using blockchain to help ensure security for financial transactions and so forth. So, yes, we can literally spend the entire session just talking about all the different players out there and why the ecosystem is vital, but I think these examples definitely bring across the point why it’s so much more important than before and why it’s making a difference.

Daniel Newman: Oh yeah, absolutely, and I love that you brought some, I guess you’d say less typical examples. Bringing together blockchain and 5G is going to be a unique example. We’re going to see, like I said, much closer ties to the hyperscale cloud as opposed to traditional networks. We’re going to see software is going to dominate the deployments. We’re going to see large volumes of AI automation, ML, and then data enrichment to handle the security fraud detection, network management, network deployment. So, 5G is going to be really defined as being the network that broke all the rules of telco for the past four generations. There’s actually more than that, but we just like to call it 4 and 5G so that people understand that essentially, if we want to over simplify from the onset of the mobile world, we’ve had about five major leaps, but there was actually a few others in the early days. Let’s bring it home, Ron. You’re an analyst, I’m an analyst. The world listens to us. Companies are making considerations around 5G. In some cases, it’s whether do we upgrade our devices now. In some cases, it’s should we be looking at 5G networks? Network slicing for some companies. It’s an architectural conversation. Why are you recommending security, really, as a priority from the onset?

Ron Westfall: Yes, excellent question. I think this as a great way to tie it all together. We have data that verifies that, that quite simply, at least if you’re an operator, you have to have 5G security. Without 5G security, then no deal. Quite that fundamental. And to your point, 5G is a reality. For example, there are 81 service providers out there who are already deploying 5G in 42 different countries. In addition, there are at least 173 operators out there who have already purchased 5G specific spectrum. So, the use case is extremely strong. But then, it’s about prioritization. Again, it’s about assuring the enterprises out there, let alone the consumers, that when I’m using a 5G device I’m not going to be screwed, quite simply. I’m not going to have a hacker turn my life upside down or destroy the brand name and so forth, as we’ve seen in the past.

We know that if you’re an operator, to have a massive security breach is just potentially devastating, in terms of at least brand credibility. As a result, it’s just really having to focus on how do we really deliver SECASS, as you so eloquently put it, security as a service, these managed security service capabilities, because the enterprises aren’t going to be able to do it by themselves, at least in terms of as the ecosystem becomes broader, in terms of you can use a private network today, but in terms of how do you integrate WIFI with 5G? How do you really make sure that 5G fulfills its overall promise that it does become this transformative technology? And what I think is important about those data points I cited is that this is going on even though we are dealing with a global pandemic, even though there are riots in multiple cities, and so forth. This just shows that 5G is essential to tackling these core problems that confronts global society. That’s why the 5G security case is as strong as ever and it’s perhaps the strongest security case amongst the universe of 5G needs out there.

Daniel Newman: Yeah, it’s a great topic, Ron. Thanks for all your in depth. Clearly, everyone out there, hopefully you gauged that this guy has been doing this for a little while, telco networks. For what, 20 years now?

Ron Westfall: Yeah, two decades plus. Times have changed.

Daniel Newman: He was actually doing this when I was still in diapers, which is pretty cool. But no, Ron, I want to say thanks a lot. This is a great discussion. Everyone out there, 5G is going to be a big topic and we’re going to be talking about this for a number of years to come. And no matter what crazy politicians say, yes, 6G is a real thing, but this is not a topic that everyone needs to worry about. But 5G, it is a topic that everybody needs to worry about right now. We need to be thinking about it from a consumer standpoint, we need to think about it from an enterprise standpoint. We need to be, as, Ron, you mentioned, we need to be thinking about it from a security standpoint. Our organizations need to be able to connect faster. We need to be able to do it with lower latency. We’re going to need to be able to put AI on devices. We’re going to need to be able to make sure that data is encrypted and secure both on the device and when it leaves the device, and when it’s on its way to the next device. All these things are going to be enabled by having not only 5G connectivity, but secure 5G connectivity. Ron Westfall, thank you very much.

Ron Westfall: Likewise. Thank you, Daniel.

Daniel Newman: For everyone out there, hit that subscribe button. We’d love to have you on the Futurum Tech Podcast, part of our community. We’ll be bringing interviews from a number of customers, top executives in tech, of course more conversations like these with myself, with Ron, with the team, with Shelly Kramer. We are really excited to be building this community. The stay at home world has led us to being more active in video, using these technologies to keep our information becoming freely your information. But for now, for this episode of the Futurum Tech Podcast, I got to say goodbye. Thank you very much. We’ll see you later.

Close Menu