The security paradigm has made significant evolution over the last couple of decades. In recent years, it has become broader and deeper to address the current level of global transformations.
On the other hand, security attacks are getting more sophisticated and rampant, resulting in catastrophic damages to businesses. Studies show that the average cost of a data breach is around $4.6 million, and it takes over 200 days to contain such incidents.
The security posture for the modern enterprise needs total re-invention rather than a refresh. Zero Trust security framework redefines the “perimeter” of the enterprise network and end users beyond the physical locations.
It enforces a strategy for continuous monitoring, accurate detection, and rapid, orchestrated response.
The recent impacts of the pandemic, economic uncertainties, supply chain challenges, and dramatic shifts in customer trends have ushered in large-scale business transformations. Companies are modernizing applications for operational efficiencies and to streamline B2C, B2B, and B2B2X interfaces.
Cloud IT infrastructures, customers, end-users, data sources, and networks are moving outside of business premises. Many of these applications run across multiple infrastructures in the cloud, handle data and execute processes at the edge. Edge applications are becoming core to business transformation results. Hence, it’s crucial for CXOs to enable a robust security framework for those applications.
The Zero Trust framework is a perfect approach for the new security posture that is elevated by edge applications. Security executives should assess the relevance of Zero Trust for their enterprise security postures along with the security needs of other key business transformation initiatives.
While the Zero Trust framework is good for basic aspects of the applications beyond network boundaries, it is important to augment it with security requirements specific to 5G+ edge applications.
The following sections will review aspects of 5G+ edge systems to be considered for its Zero Trust security framework, highlight security challenges in edge applications, and suggest updates to the Zero Trust framework suitable for 5G+ edge applications.
Based on NIST
Zero Trust uses zero trust principles extending the network boundaries outside of local networks and taking into consideration the resources from on-prem, public cloud to hybrid cloud, users from local to remote, authentical from application level to transaction level, and dynamic threat detection and response capabilities.
NIST’s Special Publication 800-207 on Zero Trust Architecture lays out broader principles and guidelines for businesses to secure their resources.
” Zero trust architecture (ZTA) is an enterprise’s cybersecurity plan that utilizes zero trust concepts and encompasses component relationships, workflow planning, and access policies. Therefore, a Zero Trust enterprise is the network infrastructure (physical and virtual) and operational policies that are in place for an enterprise as a product of a Zero Trust architecture plan.” – NIST SP 800-207
A foundational Zero Trust architecture consists of a unified control plane that executes Security Policy decisions to promote the untrusted resources to be trusted.
The policy control plane interfaces with identity and access management, data access policies, security incident and event management, regulatory compliance, threat intelligence, etc., to establish a comprehensive approach for the enterprise-level Zero Trust security posture.
First, in the 5G+ edge applications, the software, hardware, and users live across multiple physical locations.
Second, the on-prem/ cloud and edge have different types of systems.
Third, the application run time environments are not local and distributed from edge to core to cloud.
Finally, the type of security threats as well as the responses to incidents vary across the edge application layers.
Security must be built using a strong framework and integrated end-to-end across the edge application including the hardware devices and 5G+ mobile network.
The modern security attacks are rapid and infect infrastructure and applications in seconds. The “impact radius” of attack increases exponentially as each second passes by. Once the attack spreads deep, the response becomes expensive and the recovery impossible.
It is not uncommon for certain cybersecurity attacks to sleep for months and spread without getting noticed. Such devious attacks make any level of response ineffective without a safe point of recovery.
With multiple application layers, distributed microservices, hardware-software integrations, and processing of sensitive data outside of the business premises, edge systems open multiple points of “security vulnerability”.
Implementing security checks at every transaction or message might increase the complexity of the edge application and adds to their run time latency. Additionally, the levels of security requirements at the edge, core, and cloud vary significantly, and add more complexities to implementing a common framework or logic.
The security framework for 5G+ edge applications should address operational and deployment aspects of both hardware (edge devices) and software (edge applications).
In addition to the common application security aspects for the Zero Trust framework, the following list of characteristics of 5G+ edge applications should be considered:
Based on the above characteristics that are specific to 5G+ edge applications, the three mentioned updates are recommended to strengthen the Zero Trust security framework.
Due to the physical exposure of edge devices, they are subjected to added security vulnerabilities not typically considered with digital assets.
The devices can be altered or damaged by acts of threat agents. Their basic functions may get affected by harsh environments such as the weather in outdoor installations or in the manufacturing floors.
The security analysis of 5G+ mobile network should be included to cover its characteristics. A proper analysis of these edge devices, 5G+ mobile networks and their vulnerabilities to security issues should be fed to the policy engine to enforce augmented policy decisions.
Applications access edge devices using specific protocols and features. Enforcing proper rules and policies both during the initial deployment and during operation should result in highest level of security safeguards for the application.
In applications such as autonomous vehicles, the edge devices may be constantly moving and switching between 5G+ mobile networks.
Certain applications have millions of devices generating billions of transactions a minute. Since each edge device have unique identifier and follows secured messaging protocols, it is possible to define an effective edge devices access policy.
Edge applications incorporate AI and machine learning models for executing decisions at the edge. These models get updated upon model retraining and may introduce changes to the decision logics. When ML models are used as part of the security posture, the logic updates may introduce security vulnerabilities.
The edge application management should dynamically feed the intelligence to the policy engine based on the updated assessment of security parameters with each deployment.
Enforcing proper rules and policies during the continuous deployment phases should result in the highest level of security safeguards for the application.
The security paradigm will continue to evolve and should stay steps ahead of sophisticated cybersecurity threat actors.
Zero Trust is a modern approach to security framework for businesses and an excellent foundation for CXOs enforcing robust security posture for their organizations.
Businesses may adopt NIST foundational recommendations and augment them with security features specific to their applications.
With the widespread adoption of 5G+ edge applications across all industries, businesses must ensure the most trusted and resilient security posture is enforced.
Zero Trust security framework for 5G+ edge applications is one step closer to achieving that goal.
Subscribe for industry insights. Elevate your influence – promote with us!
