Communication Service Providers (CSPs) are entering a new phase of network cloudification to transform their network infrastructure (NFV, SDN, AI, etc). Their strategy to capture new growth is shifting as well due to the move to virtualize mobile core networks in response to growth of: user data, growing adoption of IoT devices, new business tied to 5G business and complex networks.
Major benefits of telecommunication cloudification are:
- CAPEX – better aggregation and utilization of solutions and services on general purpose HW
- OPEX – reduce labour, and operational efficiencies that are gain by cloud automation, agility and scalability which indirectly impact customer experience
- Value added services – leveraging cloud platform to enable new services and revenue stream
The original goals for cloud were to decouple growth from cost and rapidly deliver new services.
CSPs did this in the 4G environments, with transition of network elements into big VNFs. Yet these were too big, not cost effective and its use of legacy operations made it unwieldy to deploy, scale and maintain. these challenges will only grow in the 5G environment.
Cloud Native Benefits:
CSPs understand today that they need more from cloud. Cloud must be rebuilt to cloud-native so that they can get business agility in rapidly onboarding new apps and deploying & operating new services. The scale of 5G brings more devices and a diverse mix of services making it difficult for legacy operations to keep up.
Therefore we see more and more CSPs partnering with Cloud providers in order to accelerate this journey which would offer benefits like fully automated deployments, ease of management and orchestration of workload in the hybrid cloud. This would effectively give deployment flexibility and automated scaling of network functions for demand driven network growth– reducing manual monitoring and reduced operational complexity.
Cloud Partnerships You Should Know About
- Microsoft AZURE –Microsoft acquired Affirmed Networks (Network virtualization provider specializing in vEPC and v5GC) Allowing Microsoft to produce ‘AZURE for OPERATORS’, a suite of products with AZURE Networking and cloud infrastructure, network virtualization, and cloud applications as well as AZURE AI and an analytics engine.
- AT&T – At the end of June, AT&T announced its moving its 5G mobile network to Microsoft Cloud. This strategic alliance provides a path for all AT&T mobile network traffic to be managed using Microsoft AZURE technologies.
- The companies will start with AT&T’s 5G core, (connects mobiles users and IoT devices with the internet and other services).
- Nokia and Google – In January 2021, Google Cloud and Nokia announced they would jointly develop cloud-native 5G Core solutions for communications service providers and enterprise customers. The new partnership will deliver cloud capabilities to the network edge.
- Cisco and Altiostar – Partnered to create blueprints to accelerate deployments 4G/5G OpenRAN solutions to service provider networks.
- VodaFone and Verizon -Partnered with AWS to explore edge computing opportunities
- VMware—Has been moving into the telco sector with more updates to its telco cloud platform, including support for Open RAN
What are the Security Challenges?
Because of its distributed nature, the deployment of 5G networking infrastructures is dramatically different than previous generations of mobile networks. CSPs face new challenges in the move from a component-based topology to a service-based network.
For example, prior to 5G, mobile radio access and the core networks consisted of isolatable network elements with specific tasks. In 4G networks, a virtual evolved packet core (EPC) in the network emerged. 5G takes it a step further by transforming all network components into virtual, microservice elements that are software-based, disaggregated and deployed in various locations.
The software-based, microservices architecture enables network slicing, the ability to isolate different services — each with its own parameters, setup, and security policies — on one hardware element. The 5G network must be designed to support multiple security policies, segregated by slice on individual network components. The more slices, the more microservices and interface points in the network that are in turn exposed to the internet.
Traditional security methods with predefined rules, thresholds and manual setup will not work in a 5G environment. Service providers need to automate operations and have a scalable infrastructure to manage policies, requiring DevOps capabilities. All security tools need to be automated for onboarding and deployment.
5G networks introduce new traffic patterns that run east/west toward applications. Thus, there is a need to inspect egress traffic. The number of inspection points increases dramatically not only from peering points but also from traffic at edge computing points.
CSPs must consider the following unique security threats when planning protection for 5G networks.
- Network Edge Protection – Multiple edge points (breakouts) and mesh types significantly increase exposure to attacks
- Outbound attacks – IoT botnets, attacks on the network edge
- Inbound attacks – floods from public cloud and from the internet
- Attacks on core network services
- NG type of attacks based on Burst attacks, IoT, BOT, API, DNS and SSL to raise complexity and impact on the infrastructure, application servers/telecommunication cloud and API GW’s
- Network slicing- Each slice has its own threat risk that requires per-slice security policies and a coherent defensive strategy across all slices.
- MEC Security- (Mobile Edge Core) infrastructure & 5G availability assurance
- Attacks toward MEC components (MME and SCEF) – Prevent network resource failure
- Attacks outgoing to external servers from IOT devices – prevent network reputation risk
- Infections attempt toward NB IoT devices – Prevent IoT device infection with botnets
- Public/Private cloud edge-The shift in some areas of workload to the public cloud introduces new security concerns to service provider networks with additional shifts in microservice environment and CNF that require new edge computing security such as WAF/API protection on cloud-native environments.