Networking for Nerds: 4G/5G Network Security
Leverage Network Aggregation for Greater Data Security and Control
Just when it seemed like security management couldn’t get any more complex, technology advancements, such as 5G take the requirements for network security up a notch. 5G infrastructures will drive greater data and application workload exchange at the edge, extending the boundaries of where data privacy and security controls need to be. Ericsson predicts that by 2025, 5G networks will carry 45% of total mobile data traffic worldwide, an estimated 72 exabytes (EB) per month.[i]
Global Mobile Data Traffic (EB per month)
Source: Ericsson
How 5G will drive new networking architectures
5G opens up new networking architectures and use cases at the edge. For example, 5G makes facial recognition and artificial intelligent (AI) analytics more accessible for law enforcement surveillance in dense urban areas,[ii] driving new personal identification information (PII) regulations and compliance. As a result, 5G extends the network security landscape to the edge more than 4G, requiring new end-to-end protections between 5G infrastructures and the people and devices using them ? adding further complexity to many companies’ security strategies.
In particular, the following 5G domains will need to be covered by a company’s network security umbrella:
5G network slicing: Network slicing locally segments data and workload traffic, closer to the end user for higher-performance when accessing latency-sensitive apps. By segmenting local traffic, you can also deploy security controls and policies to be specific to the workloads and data you are trying to protect. Network slicing also enables cloud radio access networks (C-RANs) and mobile edge/multi-access computing (MEC), paving the way for greater network efficiency and optimization, and ultimately, enhanced security.
C-RANs: As 5G is capable of transmitting high volumes of data, it is more cost-effective and agile for network operators to deploy centralized C-RANs close to users for processing. An architecture like this also helps to improve network performance via low-latency connections, but having multiple C-RANs in a 5G network due to distance limitations can pose a high security risk given the many points of entry. This requires consistent access, encryption and other security controls (e.g., DDoS, firewall, encryption key management services) between mobile network operators (MNOs) and cloud service providers (CSPs) all along the C-RAN infrastructure.
A vendor-neutral, private interconnection hub within globally distributed multi-tenant data centers (MTDC) can act as a 4G/5G RAN and C-RAN aggregation point.
5G opens up new networking architectures and use cases at the edge.
Mobile edge computing or multi-access compute (MEC): MEC has always been vital to ensuring a high quality of service (QoS) to mobile/wireless users. MEC network hardware provides the ability to locally process, analyze, store and deliver data generated by users, so it does not have to be backhauled over congested and unsecure networks to a centralized data center or cloud resources. MEC reduces network latency for greater application performance and user satisfaction by closing the distance between networks, clouds, data, applications and users at the edge. A vendor-neutral, private interconnection hub within globally distributed multi-tenant data centers (MTDC) can act as a 4G/5G RAN and C-RAN aggregation point. This will help 5G operators minimize the need for large numbers of smaller Cloud-RAN/5G new radio (NR) hub locations and reduces the attack surface area. MECs also allow for more centralized, local access control within a 5G network segment or group of segments, enabling greater data protection and privacy regulation compliance.
4G/5G Aggregation Points on Platform Equinix Provide Greater Network Security
Private interconnection hubs bypass the public internet to avoid data congestion and security risks.
How you can secure your 5G infrastructures on Platform Equinix
Direct and secure interconnection at 4G/5G MEC aggregation points keep mobile/wireless data and workload traffic private between users, systems, NSPs (telecommunications carriers, MNOs, etc.), and CSPs. Companies will need to leverage direct and secure physical and virtual, high-speed, low-latency connections between their edge IT infrastructures, network, cloud, SaaS and security service providers to provide end-to-end visibility and control. Interconnection hubs, such as Equinix Cloud Exchange Fabric? (ECX Fabric?) and Equinix Internet Exchange?, on a global, vendor-agnostic colocation and interconnection platform can provide this critical interconnection. For example, ECX Fabric and Network Edge enable private access to network functions virtualization (NFV) capabilities such as SD-WANs, firewalls, and secure cloud-to-cloud routing and hybrid multicloud integration. In addition, Equinix SmartKey? is a global SaaS-based, secure key management and cryptography service that simplifies data protection across any cloud architecture and on-premises infrastructure. SmartKey keeps keys and data separate from each other, allowing for greater security of data and PII.
By reading the Equinix Digital Edge Playbook for Network Service Providers, you can learn how to leverage direct and secure, private interconnection to:
- Standardize on metro interconnection hubs as your network control points at the edge and strategically deploy 4G/5G aggregation points
- Segment network traffic to best meet user, data and workload requirements
- Integrate IT services within interconnection hubs, including security services
- Integrate clouds with on-premises infrastructures via interconnection hubs
You may also want to read the Distributed Security at the Edge Playbook.
[i] Ericsson, “Mobile data traffic outlook,†November 2019.
[ii] Data Center Dynamics, “Facial Recognition Gains new Attention and Requires New Tech with 5G,â€August 2017.