Cybersecurity and COVID-19
Security, and cybersecurity in particular, were hot topics even before the COVID-19 pandemic, especially in the context of 5G networks. What the pandemic has demonstrated is that even a very conservative approach which assumed that you are safe if you don’t open your system doesn’t apply anymore.
Moving to remote work vs the security issue
The pandemic has forced many businesses to move to remote work. Those who counted on the security provided by the physical walls of their offices faced a real challenge. Even system administrators were forced to start working remotely, because systems couldn’t be left unattended. Counting on some administrative tasks being able to be done as safely as always because they have been always done behind the physical walls ceased to work.
Those companies which had already invested heavily in security (assuming that working from “inside” should be equally well protected as working remotely) turned out to be much better prepared for the unexpected changes.
Lessons learnt: the network architecture perspective
What does it teach us in respect to network architecture? It proves that the strategy that assumed sacrificing openness of the architecture to guarantee a more secure network is wrong.
Closed architecture doesn’t ensure the security, as there is no safe “inside”. Therefore, openness of the architecture need not be perceived as a compromise between security and flexibility. There is no alternative to investing in security, and potential threats can come from any directions.
Invest in security once and thrive long-term
Once you invest in security, you can take advantage of the benefits of open architecture flexibility, for example having AI/ML delivered via your partner’s ecosystem. This is expected to help remove the last remaining objectives to utilizing the cloud in favor of having everything behind your own physical walls.
Moreover, when data security and regulations require that information shouldn’t leave a given region, cloud providers can already offer solution with cloud infrastructure that can be located on a customer’s premises and/or on the “edge”. So, a cloud solution can allow you to control where your data are stored and processed, and offer the full potential of cloud computing.
For telecommunications which have implemented NFV/SDN and softwarization of the network, this means faster progress, where network functions can be run as cloud-native applications. In particular, edge computing combined with open RAN (see our blog post about open RAN) can help telecoms take advantage of cloud computing benefits and its security features.
Security as a service
Another aspect of security is the potential for communication service providers to offer their customers security as a service solutions, especially as the awareness that security must be in place for any business (even a small one) is rising.
While CSPs may have already started partnerships with cloud providers in respect to 5G edge services, this awareness might help them leverage the security competences of hyperscalers, for whom the security is a matter of business life and death. This partnership may not be without friction, as there’s always the question of who “owns” the end-customers, and who gets most out of the revenue. But from the security point of view, such partnerships between telcos and hyperscalers combined with open source crowd intelligence is probably the best way forward.
Of course, there will always be a game of cat and mouse between service providers and hackers/cybercriminals. Nevertheless, there’s no alternative to a modern security system developed according to the principle of “security by design”. Security breaches will not be eliminated, but a modern system design should not have a single door which, once cracked, gives intruders access to all of the rooms in your house.