Skip to main content

Operators need to consider 5G security now that consumer attitudes and working life has changed

(Image credit: Shutterstock.com / Who Is Danny)

At the start of the year, everyone involved in the mobile sector expected 2020 to be the year of 5G innovation. The operator trials around the world had showcased the many possibilities with regards to handsets, new IoT applications and wearables, through to mainstream use of Augmented Reality (AR) and Virtual Reality (VR). There was an unmistakable buzz of excitement.

However, the cancellation of Mobile World Congress meant 5G wasn’t going to launch with the fanfare we expected. The conference provides a global platform for big deal announcements and handset launches, which all had to be postponed or indefinitely put on ice. Indeed, we are still seeing indeterminate delays to spectrum auctions around the world.

A conundrum for operators

For operators it poses a conundrum: keep investing despite the prospect of greatly reduced revenues compared to the business plan or continue as planned and capitalise on the new home working practices lockdown has forced. Already many companies are saying that the forced experiment into home working has proven it’s well worth doing and is here to stay in some form or another. This is good news for operators as it means reliable, fast connectivity is an absolute must for businesses for the foreseeable future.

The appetite for 5G will also be boosted by our new lifestyle. We’ve already seen the take up of more subscription models for entertainment and gaming, so it follows that consumers will also invest in the technology to make it a slick experience, untethered to wires. Replacing home broadband with 5G could really thrive as a result of the global lockdown.

There’s also an opportunity to support retailers that need to help customers make a purchase without visiting a store, and certainly without touching a product unless they are intent on buying. AR / VR services could be a saviour in this, letting people see what the piece of furniture they want to buy looks like in their home or how a new jumper virtually fits before they buy.

There are no doubts that as a result of Covid-19 retail business models will need to change. 5G and the applications it supports could be a way to not just help a retail company adjust to new trading environments but also support plans for growth and innovation in a way not conceived before, or certainly not at the speed or scale envisaged before now.

Strange bedfellows

Delivering ultra-high bandwidth quickly and reliably, with an ability to scale applications was always, and still is, the challenge with 5G promises. However, it’s created what some might see as strange bedfellows – global cloud providers such as Amazon and Azure partnering with telco operators. The latest announcement from Google Cloud and Telefónica in Spain is testament to this. The partnership will support the digitalisation of companies, support Spain’s public administration and aid the economic recovery of the country post-Covid-19.

Telefónica and Google will jointly develop a portfolio of solutions for 5G using Google Cloud's Mobile Edge Computing platform. The alliance widens the scope of collaboration between the two companies and reinforces Telefónica Tech's multi-cloud strategy for the B2B market. It’s a logical strategic move. They have complementary expertise that will help them sell more 5G applications using a mobile edge cloud that’s very close to the customer.

But top of mind when reviewing these partnerships is whether this could be a repeat of the situation seen 20 years ago, where service providers performed all the heavy lifting in developing the LTE standard but gave up the application value, and therefore financial value, to the Over the Top (OTT) providers.

Google Cloud, Microsoft Azure and AWS are all experts in the sale of applications in the cloud, and then scaling them. However, the operators bring their own capability in terms of ultra-low latency, wireless, video, voice, and data connectivity. So, it prompts some interesting conversations about who owns the customer, how revenue is shared and exclusivity.

But one of the biggest unanswered questions is who owns security. Operators have near perfect 99.999 per cent reliability, but if the cloud services are managed by the cloud providers will they also provide the infrastructure and application security? And if they do, will it be the same as the service providers’ security architectures that’s already in place on the network or different? Would a Verizon of this world have visibility in their SOC (security operations centre) to all threats to the multi-access edge computing (MEC) or will they rely on the cloud provider? 

East-West / North-South security

I think the answer has to be that the operator’s MEC is secured from both a network and application perspective. A kind of ‘north and south’ approach. Operators have built their brands on trust, security and reliability. Failure to retain control of the experience puts this trust at risk.

At the same time, cloud service providers need an ‘east and west’ strategy. They must provide their own application security on individual applications via Openstack or Kubernetes within the MEC cloud and between applications.

When this is in place, service providers can capitalise on the investment made in their existing security architecture and best in class technologies. They can make the MEC security part of their holistic management of the network by the SOC, while collaborating with the cloud providers to prevent breaches between cloud applications.

This means that the cloud providers can sell security to the end customers and protect them from east-west attacks within the cloud and negotiate with the operators for incremental revenue from the applications.

Trust is king

It will take multi-million pound advertising campaigns to persuade the public 5G is the exciting technology it’s billed to be. But most of all, they must convince people that it’s secure. The headlines associated to Huawei will have stirred scepticism.

Our personal information, the applications we use, and their security has never been so hotly debated. Consumers expect much more from the brands they deal with. No longer do they just want speed and reliability they expect security in the form of data privacy and data protection as well.

News of data breaches travels fast and can do irreparable brand damage, as well as being incredibly costly in terms of regulatory fines and internal remediation work to IT systems. No company can afford to get security wrong, least of all the organisations that we entrust with our personal and business data.

The services and applications provided by mobile operators and cloud providers are absolutely integral to our personal and professional lives. Security is paramount not only to their product offering but to continued consumer confidence. Great innovation can introduce new security risks; no company can let complacency creep in. The organisations that will stand out from the crowd will not just be the innovators but those that prioritise the security of their services and their customers’ data.

Mike O'Malley, VP carrier services, Radware