Author Archives: stephenspellicy

stephenspellicy

About stephenspellicy

Stephen Spellicy is known in the software industry as a subject matter expert with experience in product marketing, technical marketing and product management. As Vice President of Product Marketing and Solutions for VMware’s Telco & Edge Cloud business unit, he is responsible for building awareness, influence and driving customer demand in the market for VMware’s Telco Cloud Platform, which is designed for communication service providers (CSP) who seek to virtualize their network functions to increase agility and scale. Previously, Stephen led both the product management and marketing functions for Guavus, a Thales company, within the Mobile Connectivity Services business unit and has also held senior marketing leadership roles at HPE, Dell/EMC, Lucent Technologies, EqualLogic, Njini, Inc., and Virtensys, Ltd. Stephen is based in Bedford, New Hampshire, married for 25 years with 3 children, and enjoys listening to and playing jazz. He is a graduate of Berklee College of Music in Boston, MA, with a concentration of study in film scoring and 20th century music composition.

To Take Full Advantage of 5G Investments, We Need to Think Differently about Network Security

Leave a reply

The potential market for new 5G services is enormous and is estimated to exceed USD 400 Billion by 2027. Services like autonomous transportation, low latency healthcare apps, reliable communication for first responders turn 5G networks into national security and critical infrastructure that cannot be allowed to fail.  

The challenge is that in a modern communication service provider (CSP) environment migrating to 5G, there is an increasing number of moving parts to protect, and that complicates 5-9s requirements. There’s a way to stay ahead of the threat, however.  If we’re going to get there as an industry, we need to start thinking very differently about network security. That starts with recognizing that we can’t just delegate it to the security team.  

Security is now a team sport—and should be part of every decision that gets made about your 5G network.    

New Innovations Bring New Challenges 

A couple decades ago, attackers may have been mostly lone operators seeking to cause mischief. Today, they’re highly organized, well-funded criminal operations, sometimes with state backing, with the time and resources to mount sophisticated long-term attacks. The new threats they’re developing are evolving more quickly than our strategies to combat them.  

Major industry groups have, of course, made efforts to protect operator networks, but wireless security standards remain inconsistent and incomplete. For example, 3GPP continues to do important work securing the signaling plane between services and inter-function communication, but many of these measures are optional and implemented differently by different vendors. They also only address the areas where 3GPP traditionally operates—not the underlying cloud architectures that many CSPs are now adopting. 

Today, as CSPs advance their 5G rollouts, these problems are growing more urgent.  

As we build out next-generation networks, we inevitably create new potential inroads for new threats, both from outside and within the network. Externally, the sheer density of subscribers, devices, and applications is reaching a level unlike anything we’ve dealt with before. But it’s the potential internal vulnerabilities that can be even more pernicious and that don’t seem to be on people’s radars.  

When your network gets heavily disaggregated, previously monolithic functions get broken up into many smaller pieces, in some cases, from multiple vendors. You can’t protect all those pieces, and the interconnections between them, using legacy approaches. Building proper security into the architecture from the beginning is easier than trying to overlay it later and thus savvy CSPs will consider this from the start.  

In response to the fact that these increasingly complex 5G networks are being considered to support aspects of national security and critical infrastructure, the government oversight that has already begun in the UK (and is sure to follow around the world) will soon regulate the security requirements for these networks. Exactly what the regulation will be in each country will vary but looking at the UK should provide a pretty good level of guidance because the UK’s telecom security requirements are ahead of the curve.  

Take Concrete Steps to Protect Your Architecture 

We absolutely can improve security for a 5G world, but that process starts with accepting reality: threats will continue growing more powerful, networks will continue getting more complex, and defenses will likely always be playing catchup. In this environment, you can’t rely only on fulfilling the requirements of regulations to protect you or your customers. Instead, we need to think differently—and more holistically—about how we’re designing and protecting our networks. That includes steps like: 

  • Thinking through security implications of cloud-native 5G infrastructure: As we develop and deploy containerized network functions (CNFs) for 5G, we need to be thinking about security across the container lifecycle in heterogeneous, often multi-cloud environments. That includes steps like securing CNFs through CI/CD pipelines, using trusted container image repositories with strict access control, and tightly controlling communication between CNFs and microservices.  
  • Reducing the blast radius: If you accept that breaches are going to happen, then the wise move is to design and deploy systems to minimize the damage when they do. For example, if you only use cryptographic authorization and encryption in the cloud, and attackers discover a vulnerability in those systems, you now have a huge potential attack vector. However, if you pair encryption with micro-segmentation—isolating every layer in the stack with virtual firewalling and strict network access policies—you greatly restrict what even a successful attack can do. 
  • Embracing opennessIt can sound counterintuitive, but using open standards and open, virtualized systems across your environment allows for stronger security than closed, proprietary technologies. Using a vendor’s vertically integrated system can seem more secure, but the reality is, you’re now completely reliant on that vendor to protect you. Effectively, you’ve got a “black box” in your environment, with no way to know what’s happening inside. Alternatively, if you’re using open, virtualized systems, you can inspect every layer of the stack. You also now have the freedom to quickly remove and replace any component that’s found to be insecure—including switching to another vendor’s product.  
  • Protecting your orchestration tools, as well as the things they’re orchestrating: In a world where more parts of your operations are getting automated, it’s essential to identify security-critical systems within management, automation, and orchestration tools. More than ever, we need to lock down management and operational access to network components and meticulously track any changes made.  
  • Think through security at every level of the network: Even as networks have gotten more virtualized, we still tend to think about security in a hardware-centric, box-by-box way. But while disaggregation means there are more pieces to secure, it should now be simpler to secure them. If you’ve implemented your next-generation architecture properly, you should be able to use uniform policies for everything and manage and enforce them centrally.  

Stay Ahead of the Threat 

For all the innovative things we can do with the next generation of service provider networks, 5G and beyond, it would be foolhardy to overlook the new security concerns that come with them. But while the threats are real, they don’t have to disrupt your customers (or even your weekend).  

At VMware, we’ve long argued that security can’t be a bolt-on feature that gets added after the fact. Rather, sound security needs to be built into every aspect of how you design and operate your architecture. We’ve also long argued that virtualization makes this job easier—and it should be easier still with next-generation 5G networks. When you have a horizontal, end-to-end abstraction layer overlaying your infrastructure, it becomes much easier to both monitor your environment and to enforce policy in a uniform, holistic way. Data privacy, ingress-egress inspection, micro-segmentation—all these things are now just policies you define at the software layer. And they can now be applied in the same way, everywhere, across even the most complex heterogeneous multi-vendor architectures.  

Want to learn more about the steps VMware is taking to secure operator environments for 5G and beyond? Download our Intrinsic Security for Telco Clouds overview. And, for an in-depth technical exploration of this topic, see the VMware white paper Intrinsic Security for Telco Clouds at the Dawn of 5G.  

Writing the Next Chapter in Communication Service Provider Innovation

1 Reply
Quick Introduction to Stephen Spellicy

I may be new at VMware, but I’m not new to the industry – I was actively involved with VMware during its first decade of its operation, when I was with EMC.  In fact, I was part of VMware’s ‘Journey to the Cloud’ messaging effort, which inspired customers seeking to make the move to the cloud.  At that time, cloud providers, now known as hyperscalers, were pitching the benefits of a utility-based computing approach with the promise of endless elasticity.  The concept was easy to understand and pitched at a price point that made enterprise IT heads turn.  For the next several years after that, the economics of cloud continued be a hot topic for customers who have made the leap and started to reap the benefits the ‘software defined data center’. 

Even today, the hyperscaler narrative hasn’t changed very much, it is still much of the same utility play.  As with traditional utilities, such as electricity providers, customers find themselves frustrated with limited options, higher prices than expected and very little they can do when their utility isn’t working as advertised.   

The word utility is synonymous with service and in terms of technology, network connectivity is a service that many see as a commoditized utility.  Historically, communication service providers (CSPs) have focused on offering connectivity, it’s what they do… Over the years, it has become faster, more reliable, and coverage has improved, but with each network evolution, connectivity has more or less remained the same.  Think about it, CSPs spend vast resources on building new network connectivity as their core asset, even though the market is fiercely competitive, and differentiation is tough, and margins are thin as CSPs have launched unlimited plans. With 5G, CSPs have made massive investments upfront on new spectrum and they are in the midst of deploying their next-generation networks, based on cloud-native architectures, however many are still thinking purely in terms of connectivity.   

If failure is not an option, then differentiation is paramount.  CSPs must monetize new services to recoup their investments.  In order to do so, we need to get to a place where we’re not thinking like utilities.  The good news is that 5G can absolutely get us there—if we’re willing to take advantage of what it brings to the table: Openness. Cloud-native methodologies. Flexibility to add value-added services on top of connectivity.   

VMware is perfectly positioned to help CSPs capture this moment and capitalize the opportunity. Unlike anyone else in this space, VMware provides the “5G OS”—a central nervous system for 5G. We give CSPs a consistent horizontal platform that extends from core to cloud to customer to facilitate real digital transformation. With VMware, CSPs can be more agile in how they deliver new services—plugging in new capabilities, driving new efficiencies, and continuously deploying infrastructure as it is needed. We’re helping CSPs play a larger role in the evolving ecosystem for digital services—and leave the utility model behind for good.  

Whose cloud is it anyways? 

If we’re going to break out of a utility mindset, we have to broaden our horizons beyond connectivity. We have to stop spending so much time thinking about the plumbing, with the host of undifferentiated underlying technologies in the CSP infrastructure and instead focus on the innovation we can deliver on top. That’s exactly what VMware does—and has been doing for years. We provide a telco cloud platform that enables CSPs to modernize, move to the next G, and monetize value-added services that they seek to deliver. 

The most revolutionary thing VMware did, almost two decades ago now, was to anonymize compute hardware. If you were in enterprise IT, you used to have to think lot about the physical servers running your business applications. Today, for all intents and purposes, those servers are now basically interchangeable.  

In the future, I see VMware making the cloud itself just as anonymous. Our Telco Cloud portfolio provides that 5G OS to facilitate new kinds of interactions with the applications running on your network, while anonymizing everything underneath. By abstracting the underlying infrastructure, you gain: 

  • More choice: In the same way the market for IT hardware has evolved, the piece parts underlying your network become basically interchangeable. You can use network functions from dozens of vendors in your 5G network without worrying about how they all fit together – because we have done the hard work of validating for CSPs. 
  • More agility: When everything below the interaction layer is anonymized, you can choose any cloud as your fabric of choice for compute, storage, and underlying physical network transport. While this approach gives you great improvements to scalability, you also retain a common plane for management, operations, and security which improve efficiencies through automation.  
  • More efficiency: Internally, the low-level details of how individual network functions work don’t really matter anymore. Instead, you’re focusing on how you manage, monitor, and assure amazing customer experiences for a growing portfolio of 5G and edge applications.  

Making Openness Work for Your Business 

5G opens up CSP networks—a breath of fresh air that’s long overdue. Industry initiatives like the Open Radio Access Network (O-RAN) Alliance reimagine the previously monolithic RAN as a heterogeneous ecosystem for any vendor’s standards-aligned technology. This increases competition, fuels innovation, and enables both old players and new to treat the network as brand-new territory. Suddenly, new innovators in this space—Parallel Wireless, Altiostar, Mavenir, and others—are making big bets on open CSP ecosystems and building a thriving community of vendors to drive innovation.  

Of course, that heterogeneity adds new complexity that CSPs, who’ve historically outsourced large portions of the network to their vendors, have never had to contend with. Here again, VMware is well positioned to help. We can facilitate open ecosystems while providing the safety net that comes with backing from a major global vendor.  

Our Telco Cloud Platform, for example, includes a telco-ready version of VMware Tanzu which enhances open source cloud-native technologies like Kubernetes by hardening them for CSP-scale deployments. Delivered pre-integrated and fully supported, this solution sits within the framework we provide for multivendor network solutions to work together in a cohesive way. Then, our Ready for Telco Cloud ecosystem lets you plug in pre-validated, ready-to-deploy network functions from dozens of vendors. You can build the network you want to build, for the price you want to pay, and achieve the right margin between cost and potential profit. 

Let VMware Join You on This Journey 

This isn’t the first time CSPs have tried to broaden their scope beyond connectivity. Traditional network equipment providers (NEPs) have had years to help solve these problems and haven’t been able to do it. Which shouldn’t be surprising: their business is built around making you care more about the underlying infrastructure blob, not less. Hyperscalers aren’t the full answer either, as they’re likely to focus on making sure your customers are using their cloud, not freeing them to use any cloud they choose. This is akin to buying a car and being restricted to get your gas from a specific gas station brand, that is both inflexible and impractical.   

If we’re going to see different results, we’ll need to stop thinking like utilities. VMware—a company that made its name abstracting away underlying complexity and helping businesses add value on top—is the right partner to help you do it. Look at it this way: 5G networks are intentionally disaggregated, with network functions broken up into smaller pieces, often from multiple vendors. The level of intricacy involved in validating that all those pieces work together, that they won’t create security gaps, that they can be managed and monitored in a consistent way, is enormous.  

Who in the marketplace has dealt with anything like that before? I can think of one company. VMware has hundreds of thousands of customers, thousands of partners, relying on a vast web of interoperating technologies and vendors. Abstracting away gory infrastructure details so businesses can focus on what matters? That’s just what we do. I can’t wait to see what we do together next.  

To learn more about the different ways is helps CSPs around the world transform, read this eBook of customer stories.