Adapting to Emerging Security Requirements

It’s easy to forget the role of security and compliance in delivering an excellent customer experience — consumers rightfully dread the thought of interrupted communications, breached personal data, or hacked credit card numbers. A highly secure network contributes to a differentiated and distinguished service that attracts and retains customers, but sometimes it’s hard to remember that fact because the value of security lies in the absence of attention: For CSPs and customers alike, no news is good news.

With the shift toward 5G, however, some security standards for CSPs have gone out of date. In the U.K., for instance, the NCSC’s previous telecoms assurance standard known as CAS(T) is done. The NCSC formally closed CAS(T) on Jan. 31, 2020, saying that the “technical aspects of the standard do not align to the evolving telecommunications landscape and will quickly become out-of-date, without NCSC maintenance. Therefore, whilst it will remain available on the NCSC website for historic purposes, the NCSC does not recommend its continued use.”

CAS(T) is being replaced in part by the NCSC’s new telecommunications security requirements, or TSRs, which are focused on improving network security. Based on a framework of contemporary security principles, the requirements provide extensive implementation guidance for technology that is critically important as CSPs shift their networks, equipment, operations, services, and business models to 5G. Software-defined networking, cloud native network functions, containerized applications, orchestration, and the virtualization plane take center stage.

“The potential economic and social benefits of 5G and full-fibre digital connectivity,” the NCSC’s report says, “can only be realized if we have confidence in the security and resilience of the underpinning infrastructure.”

The Benefits of Built-in Security

When security is an intrinsic part of the technology from start to finish — that is, when security is built into the software and infrastructure from the beginning instead of bolted on as an afterthought — it empowers you to quickly, effectively, and economically capitalize on the new market opportunities of 5G without undermining the security of the virtualized network or its management.

Why? Because intrinsic security improves your ability adapt to changes. The VMware model, for example, helps you more easily and quickly make changes to security settings, network policies, and even the network topology itself to meet emerging telecommunications security requirements, such as those that the United Kingdom’s National Cyber Security Centre is working on.

The Shifting Security Landscape

Here in the United States, NIST has also shelved at least one of its old telecommunications guidelines, and a replacement hasn’t been forthcoming yet. The previous guidelines, Telecommunications Security Guidelines for Telecommunications Management Network, SP 800-13, was withdrawn as outdated on August 1, 2018. Meantime, NIST and the National Cybersecurity Center of Excellence are working on a project for 5G security titled Preparing a Secure Evolution to 5G ; so far, however, only the project description has been published, which makes taking concrete action difficult.

VMware has published two new white papers to discuss the security challenges that CSPs are facing as they evolve their network architectures to 5G and how VMware is addressing these security challenges with our existing products and solutions:

Intrinsic Security for Telco Clouds at the Dawn of 5G. 

This technical white paper summarizes the security risks and requirements that CSPs face as they transition to 5G networks and increasingly rely on virtualization, containers, and cloud computing. The paper illustrates how VMware technology protects telecom networks with an array of built-in security measures, many of which can be automated.

Intrinsic Security for Telco Clouds: Protect infrastructure with built-in measures

This short paper explains how the VMware Telco Cloud emphasizes intrinsic security—integrated with the software and infrastructure so that security is programmable, automated, adaptive, and context-aware.

With the VMware Telco Cloud, security is built into the software and infrastructure, which improves visibility, reduces complexity, and enables CSPs to focus their defenses by applying automated security measures like micro-segmentation in the right place.

Micro-segmentation is a pertinent example. It divides a virtual data center and its workloads into logical segments, each of which contain a single workload. You can then apply security controls to each segment, restricting an attacker’s ability to move to another segment or workload. This approach reduces the risk of attack, limits the possible damage from an attack, and improves your overall security posture.

 Isolating and Automating Security with the VMware Telco Cloud

The NCSC’s TSRs, then, seem to be prescient — they furnish an early government-driven perspective on security and compliance for CSPs as they roll out 5G networks and services.

The security measures that are built into the VMware Telco Cloud help you readily adapt to the NCSC’s key high-level security imperatives for virtualized networks, such as isolating the management network, segmenting traffic, and automating administration.