Home » 5G » 5G security: lessons learned from the cloud
5G 2019

5G security: lessons learned from the cloud

iStock / Getty Images Plus

James Orme

Content Writer for Smart IoT London

Whenever a new technology appears on the horizon, organisations universally rush to exploit its potential, and service providers scramble to serve surging demand. 5G is no exception. The unparalleled speed, bandwidth, capacity and low-latency of the next-generation mobile network is uniting data-driven businesses with network operators and offering up a dizzying selection of 5G services.


Before businesses start transmitting a tsunami of data across 5G networks, they must proceed with caution; an untold number of cyber thieves are eager to exploit 5G frailties and seize valuable business assets. If 5G rollout is plagued by security scandals, cautious CTOs will kill promising projects before they even get started.

Thankfully, looking at the success of cloud security provides helpful guidance on how enterprises and service providers can navigate this new terrain and harness 5G’s numerous benefits.

Shared responsibility over security

When cloud computing arrived on the scene, businesses were more than reticent about handing over locally-stored crown jewels to unproven server farms hundreds of miles away. Fast forward to the present day, and public cloud providers are regarded as some of the most cyber accomplished organisations in IT and are increasingly entrusted with core business applications.

A key facilitator in this transition was the so-called Shared Responsibility Model. Very early on, businesses and cloud providers realised the advent of cloud challenged traditional notions of cybersecurity. Businesses suddenly had to trust data and applications with external entities – they and public cloud providers now had an imperative and incentive to identify and divide security responsibilities. With 5G, the same principle applies to service providers and enterprises.

Security and 5G

But how should 5G security responsibilities be carved up? Amazon Web Services’ (AWS) widely cited notion of ‘security in’ vs ‘security of’ the cloud provides a useful launchpad to sketch the respective roles. In a nutshell, AWS works to ensure the security of the cloud, such as the hardware, software, networking and facilities, while AWS users ensure security in the cloud – their data, firewall configurations and identity and access management.

Network operators should fulfil broadly a similar role to AWS and other cloud providers, ensuring the security of 5G infrastructure and the software-defined virtualisation that gives 5G much of its power. Similarly, enterprises must ensure the software they deploy on 5G networks is watertight, encrypt data they transmit throughout its journey, and robustly authenticate and identify the myriad sensors and devices jostling for connectivity.

What else enterprises engaging with 5G need to consider?

It would be an exaggeration to say the ‘is / of’ formula is a complete solution for forging a shared security model for 5G. As AT&T said in a recent report the ‘dividing lines’ will be subtle. While the frontiers of this collaboration still need to be explored, enterprises should start considering additional security functions that can be fulfilled by service providers.

To illustrate, AT&T observes how 5G service providers can assist with identity and authentication by zeroing in on the location of network-connected devices – devices that are nevertheless the enterprise’s job to secure. Equally, while operators must develop viable frameworks and standards for data encryption, is up to organisations to adopt them.

The path to secure 5G will take more than embracing a shared security strategy. Organisations need to cultivate technical skills and additional technologies, including security virtualisation and automation, will play important roles. If businesses think creatively about how they can use 5G service providers as a security tool, and service providers make it clear the gaps that they cannot fill, a secure foundation for 5G can be built.

James Orme is a content writer for Smart IoT London, an annual event that welcomes over 20,000 IoT enthusiasts, professionals and technologists. Register free for March 2020 by visiting: www.smartiotlondon.com

Next article