Zero trust, Network Security, RSAC, Endpoint/Device Security, IoT

RSAC 2025: 5G connectivity will force adoption of zero trust

Security and 5G
Credit: Getty Images

SAN FRANCISCO — 5G will speed up the adoption of zero-trust principles as the number of embedded and Internet of Things devices using high-speed cellular connections proliferates and threatens enterprise networks.

That was the message delivered here at the RSAC security conference April 29 by Anubhav Arora, VP of Security Engineering at Ericsson, and Dr. Chase Cunningham of Lumu Technologies.

"We had a good idea with the internet back in the '90s, but now we have everything online," said Cunningham. "And we are not prepared for this."

"The more stuff we connect, the faster the risks grow," he added. "We're not even dealing with networks anymore. Everything is starting to use mobile connections. This is the quantum leap that's occurring now."

A world of connected devices

5G mobile connections, Arora and Cunningham explained, have data rates of up to 20 gigabits per second and connection density of up to 1 million connections per square kilometer, far outstripping 4G, Wi-Fi and cable-broadband capabilities.

In the coming decade, 5G will give millions of devices, from trucks to thermostats, dedicated, high-speed, reliable connections untethered from Wi-Fi hotspots or workplace LANs. Most new laptops will come with 5G modems and data plans.

Some organizations will build out private 5G networks, while others will create virtual ones by leasing space on public 5G networks that offer private mobile access point names (APNs).

Dedicated 5G networks will be very useful for operational-technology (OT) uses, said Arora, and give network operators better control and coverage than Wi-Fi.

However, public 5G networks, which will also carry most smartphone and embedded-device traffic, will be the Wild West of roaming-device traffic. Enterprises that connect to public 5G will need the right zero-trust security posture to prevent attacks and infiltration.

Total access control

Fortunately, the 5G protocol itself incorporates zero-trust principles, Arora said, as all connections are encrypted, even handshakes with base stations.

Private or leased 5G networks, if configured properly with microsegmentation and least-privilege access policies, can give organizations very secure public-facing interfaces whose inner workings are invisible to the outside world.

"What can be reached?" said Arora. "If you segment it properly, no network scanning or access will be possible."

This has enormous security implications. It permits each organization to have its own darknet, Arora said, impenetrable to all but authorized users. Man-in-the-middle attacks, he added, will not be possible, and Cunningham said any attackers looking to penetrate the network will move on to other targets.

"When we think about the adversary posture, they'll go somewhere else if they can't see into your network," said Cunningham. "You don't have to beat the bad guy — just don't be worth their time."

Interfaces between public and private 5G networks, while seamless to the end user, can be managed so that public-network devices are isolated and sandboxed so that they cannot penetrate the private network.

A 5G LAN properly architected for zero trust can even achieve the Holy Grail of end-user security, Cunningham said, and let users fall for phishing emails without any consequence because all external connections will be isolated.

"Using this isolation policy, you can accept that users click links," he said. "Your users actually benefit from this approach."

But, Cunningham said, "if the architecture isn't able to apply a [zero-trust] policy, then it's no good."

How to prepare for 5G

To properly set up their 5G networks, Arora and Cunningham said, organizations need to realize that 5G functions differently from traditional WANs, with no fixed locations and variable bandwidth. 5G providers should be chosen according to how well they understand the uniqueness of the protocol and its security implications.

Internally, a 5G network can be segmented with "slicing" to isolate data streams from one another. SIM cards can be bound to specific devices, reducing the risk of SIM swapping. Network and application access can have a default-deny policy. Unknown devices can be isolated until verified.

"We are not prepared for the scope of this expansion," said Cunningham. "The time to start moving toward making zero trust and 5G work is now. You'll be ahead of the pack."

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.
Paul Wagenseil

Paul Wagenseil is a custom content strategist for CyberRisk Alliance, leading creation of content developed from CRA research and aligned to the most critical topics of interest for the cybersecurity community. He previously held editor roles focused on the security market at Tom’s Guide, Laptop Magazine, TechNewsDaily.com and SecurityNewsDaily.com.

Related

Investment round pulls in $37.5M for Portnox

SiliconAngle reports that Texas-based network security startup Portnox has procured $37.5 million from a Series B funding round, bringing total investment to $59.5 million, with the newly obtained funds to be allocated toward strengthening its cloud-based zero-trust access control solutions and its penetration of additional markets.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Antivirus SoftwareBastion HostBerkeley Internet Name Domain (BIND)BridgeBring Your Own Device (BYOD)Cache PoisoningCircuit Switched NetworkDistance VectorDomain NameExtranet

You can skip this ad in 5 seconds