Enterprise networks evolve, their security architecture must too

The cybersecurity environment is no stranger to change. With the onslaught of new threats and the increasing sophistication of cyberattacks, security strategies must adapt. The emergence of 5G as a mainstream WAN technology creates new opportunities and corresponding security challenges.

As 5G technology offers faster and more flexible connectivity capabilities, it allows businesses to expand their networks and provide additional connectivity in more places and for a wider range of devices. With this comes the need for comprehensive, customizable security that can cope with this growth.

The growing IoT landscape

One important area that 5G technology will impact is the expansion of IoT devices, as many of these devices will be added to 5G networks. Ericsson predicts that the number of IoT connected devices will reach 34.7 billion in 2028, up from 13.2 billion in 2022. As the number of IoT devices continues to grow, the attack surface also grows, increasing the risk of attack by of bad actors. This is why we have seen an increase in cyberattacks targeting IoT devices. According to Techmonitor, the third quarter of 2022 saw a 98% year-over-year increase in cyberattacks on IoT devices.

Companies must take into account some considerations when protecting their IoT environment. First, many of today’s network security solutions require an agent on a user device, such as a laptop, phone, tablet, or desktop computer. This model does not work with IoT devices. Additionally, most IoT devices have limited processing power to run built-in security. It is also common for default passwords to be kept at the factory values, making them easier to hack.

In response to these challenges, companies typically take one of two approaches to protecting their environment. They may choose to leave security predominantly in the hands of their mobile provider. This approach takes the form of private access point nodes (APNs).

Unlike public APNs, to which most mobile devices (smartphones, tablets, etc.) are connected, private APNs are a secure environment in which enterprise devices, including IoT devices, can operate. This approach has advantages, such as the mobile provider setting up and managing the network. However, this option gives businesses less control over their security and connectivity, which can take several weeks to establish and can be costly.

The other, more traditional option is a virtual private network (VPN) controlled by the company’s IT department. However, VPNs allow broad access to the network, leaving the IT department with the responsibility of restricting access. Additionally, VPNs have the potential for lateral movement once they are on the network, making it easier for cyberattacks to move across the network.

Enterprises need a new approach to security where the network plays an active role in security and embraces the unique features of 5G. The best option for today’s businesses is a converged network and security solution optimized for 5G. This solution includes the principles of secure access services (SASE), including SD-WAN.

5G Ready: The Need for 5G SASE

To defend against the growing number of hackers and bad actors within the growing 5G landscape, Gartner’s SASE framework is an attractive option. Although many of its principles are to protect users – secure web gateways, cloud access security corridors, and remote browser isolation – the zero trust network access principle in SASE also provides a great foundation in which the network plays an important role in protecting IoT devices.

Unlike VPNs, ZTNA completely restricts access by default, leaving network access decisions in the hands of the IT department. IT staff can create specific security policies for each device before connectivity begins. Additionally, Zero Trust hides public IPs from discovery and hides IoT resources from discovery if they are not defined on the network.

A Zero Trust-based security solution, managed through a cloud-based management platform, also eliminates the configuration complexities associated with VPNs. There is no need to configure routing protocols or assign an IP address to each router. Using cloud-based management allows for a simpler approach to network configuration, resource identification, and establishing access policies for each device. This is especially important in networks with IoT devices and users. With a cloud-based management system, it is easier to create and deploy role-based security policies.

Mobile-optimized SD-WAN

SD-WAN is a critical element of SASE, providing secure connectivity through low-cost direct Internet connections and allowing traffic to be routed and prioritized. A 5G-optimized SD-WAN solution offers additional features. For example, traffic routing and prioritization can be based on 5G parameters such as signal strength and data plan usage, in addition to the latency and jitter typically included in wired SD-WAN. Additionally, decisions can be made based on these parameters to switch from one modem to another for maximum efficiency.

For example, a first responder rushing to an incident can switch from one operator to another en route for optimal performance. With new emerging 5G technologies such as Network Slicing, a 5G-optimized SD-WAN will provide enterprises with better performance and end-to-end service level agreements.

Prepare the future

As more businesses move to wireless WANs as part of their infrastructure, it becomes more important than ever to provide a robust networking and security solution. 5G SASE takes the basic functionality of SASE (including SD-WAN) and takes it to the next level with 5G optimization. This provides today’s businesses with a converged solution that is poised to truly take advantage of 5G technology.

Signed: Bruce Johnson, Director of Product Marketing at Cradlepoint

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *