Cybersecurity in the 5G era: Securing IoT devices
With IoT now becoming an integral element of organisational setups, organisations need to step up their cybersecurity measures
With the advent of 5G networks, the adoption of consumer-grade smart devices and a new generation of industrial-grade Internet of Things (IoT) devices will be accelerated. But such technology can also be a double-edged sword, as these new connected environments will give rise to fresh set of vulnerabilities, which, when not secured effectively, will result in undesirable consequences. Organisations today must be cognizant of these risks and should prepare themselves to take the necessary precautions to address them.
One of the first issues the industry is set to face is an exponential growth of the attack surface due to the proliferation of IoT devices and edge-based computing. Since these devices won’t necessarily be connected to a central network in a traditional hub-spoke model, attacks on these are inevitable. As billions of IoT devices get interconnected across a meshed edge environment, any device can become vulnerable in the security chain and put the entire enterprise and their business in jeopardy.
Combating these new risks will require systems to be agile through the sharing of threat intelligence, correlating event data and supporting automated incident responses, all aspects which will be vital and will require deep integration of technologies. The need of the hour is the development and adoption of a comprehensive, fabric-based security architecture. Emerging technologies such as artificial intelligence and machine learning, and automation will become imperative in accelerating decision-making and reducing the time lapse between detection and mitigation.
All these results are tied together by the ability to operate across system boundaries. By following a disaggregated, open and standards-based approach, multi-vendor integration is made easier and more cost-effective, while achieving maximum interoperability in the process. Moreover, the adoption of application program interface (API) across agnostic management tools that can be centrally managed can help streamline security events and orchestrate security policies.
From a security perspective, automating network application lifecycle management is the way forward. This will allow its components to perform effectively and remain adaptable, to meet constantly evolving protection threats. At the organisational end, a transition must take place from a DevOps model to a DevSecOps model that looks to integrate security measures directly into the development strategy, that can then be implemented during the operations phase in a seamless manner.
Security must also support elastic, edge-to-edge hybrid systems combining proven traditional strategies with new approaches. In the 5G era, proven techniques such as network segmentation to contain cybersecurity risks may not work. Newer segmentation strategies like micro segmentation will need to be planned in order to navigate through local and remote resources that mix segments for which organisations may or may not have control. As they implement 5G networks and public cloud services, IT teams will need to manage multiple co-managed systems.
The era of digital transformation will come to generate vast amounts of new data, most of which will be encrypted. Encrypted data currently constitutes more than 70 percent of network traffic. That percentage will only grow as encryption is used to protect data moving through open network environments. This will require high-performance security tools in IoT and other edge devices that can inspect encrypted traffic at both speed and scale. New strategies such as network slicing will enable organisations to consume resources more efficiently while moving through massive data environments. This will also require segmentation and edge-based micro-segmentation to protect critical resources while isolating them from open and less secure environments.
As disruption in the industry continues and IoT becomes an integral element of organisational setups, several supplementary systems must now be ready to address the changes caused by these developments. Data security will be all important in the coming future and it is only those organisations that have the necessary protocols in place that will lead the march towards business success.