SASE solves security versus usability puzzle for 5G and IoT

5G is bringing a lot of promise to the technology scene. A new era in communications, 5G opens the door to multi-Gbps data rates, with around 25 times the bandwidth of existing 3G/4G coverage, delivered over low-latency channels. 5G coverage has already made its way up to Mount Everest base camp – a feat that involved yaks and porters carrying 8 tonnes of equipment up the world’s highest mountain. And the GSMA estimates that 5G network coverage will reach one-third of the world’s population by 2025. Next year, around 20% of global smartphone shipments could be 5G (super-fast mmWave) enabled, but there’s much more to 5G than just an upgrade to the video calls and apps we’ve become used to with 4G services.

Billions of nodes

5G offers a big jump in capacity and provides resilience to congested data services – features that have attracted the attention of the Internet of Things (IoT) community. “High-density networks enable billions of nodes to be connected,” Sunil Ravi, Chief Security Architect at Versa Networks, told TechHQ. “5G is a new enabler and there are many applications that can be brought to bear in this space.” Use cases include monitoring of production equipment to enable predictive maintenance, where 5G is used to send telemetry back to headquarters. And there are other examples too.

Smart cities can harness 5G’s ability to support a large number of nodes with low-latency communications, which is appealing to transport operators and urban planners. Vehicle-to-everything (V2X) messages can piggyback on fast networks, safe in the knowledge that 5G has the capacity to keep communications up to date even when vehicle numbers are high and road traffic is fast moving. But these network designs – in smart city applications, industrial IoT deployments, and elsewhere – are far from the textbook examples that we might carry around in our heads.

“The whole enterprise world has transitioned,” said Ravi. “We used to have a trusted perimeter, but now everything is distributed.” And one of the drivers is communications speed. “To deliver low latency, you can’t afford to bring the traffic to the cloud and back,” Ravi explains. “We need to co-locate the compute.” Mobile edge computing networks go hand in hand with delivering efficient 5G services, and this is prompting changes elsewhere to keep users safe.

SASE: networking and security converged

Traditional security tools and methodologies can come up short when it comes to protecting distributed networks. IoT designs may have many more endpoints – for example, if large numbers of sensors are deployed. Also, remote devices could be constrained if they need to be powered for long periods of time, which could limit their defenses. And units may have smaller amounts of memory and lower processing capabilities. At the same time, security models need to adapt to the larger amounts of supporting infrastructure being placed at the edge.

Enter ‘zero trust’ and other network security concepts that have converged as Secure Access Service Edge (SASE). It’s an approach that allows operators to ratchet up on security good practice over distributed architectures comprising IoT endpoints, access networks, mobile edge computing, and cloud environments. “Devices joining the network must pass compliance checks to make sure that they have the right software and patches,” said Ravi. “Contextual information also helps to determine whether access should be granted.” Other tools include passive and active fingerprinting, to check that devices match their advertised identities. And network segmentation, to limit lateral movement; plus the ability to enforce security policies on what devices can and can’t do.

In practice, this means deploying a whole raft of solutions that together provide end-to-end security for traffic traveling across 5G service provider networks. And while attack resistance is important, it’s not the only consideration. “Systems need to be able to carry intelligence all the way across the network without impacting user experience,” Ravi notes. “With policy enforcement and other features delivered through single pane of glass management.”

Switching up

To prioritize the user experience, the latest solutions – which include software-defined wide area network (SD-WAN) – allow systems to adapt and bring additional bandwidth. This means that security doesn’t have to be a barrier to performance, which – together with a shift from relying on low-level metrics, such as packets and sessions, to higher-level applications performance management – propagates as a superior service all-round.

SASE providers such as Versa Networks, Fortinet, Palo Alto Networks, and others, are refining their solutions to meet the needs of customers who are building out more and services that leverage 5G’s many upsides. “Today is just the beginning of the SASE journey,” said Ravi. “There’s a long roadmap of innovation ahead.”