Driving network security as a service

As 5G deepens connectivity and the Internet of Things (IoT) widens it, security has to become a greater priority. "We can never move fast enough when it comes to security", Dr. Anand Prasad, Chief Advanced Technologist, NEC and Chairperson, 3GPP Mobile Communications Security Standards Committee.

Security professionals and the board at large should:

  1. Ensure baseline security, such as passwords and logs, among others.
  2. Cover the innovations taking place like virtualisation and the associated credentials, as well as the wide variety of IoT-enabled devices.
  3. Consider security as a business driver. The mobile communications business is security and the industry should deliver security as a service.

The first two points are about protection against loss. The third one is about making a profit out of security. The mobile network can provision virtualisation and IoT, which have many different requirements, as a security service with added value for the entire value chain.

However, it is important that security is business-friendly in line with the corporate budget while keeping the ICT footprint as low as possible so we also deliver value to society, explains Dr. Paul Wang, CTO and Head of Global Safety Strategy at NEC.

Having a trust model is important in this respect so we can better detect vulnerabilities in an evolving cyber threat landscape where professionals are highly skilled and highly paid. Security as a service requires the right expertise able to protect the company during the design, deployment and operations phases, as well as to deal with IoT devices deployed without prioritising security.

Seiji Tokunaga, Manager of Cyber Security Strategy at NEC believes corporations should have their own security operations centre and incident response team with a focus on risk management and pro-active measures.

The entire ecosystem has change and it is becoming more challenging to strike a balance between speed of response, type and complexity of response versus inconvenience and intrusiveness. Corporations need partnerships with niche companies alongside in-house experts who know the company’s security risks, requirements and costs so cyber security remains within budget. The challenge lies in provisioning security services across a wide range of devices, from mobile devices to very diverse IoT devices, considering also that 5G will move more deeply into society, to very poor people who have never owned a mobile phone or used the Internet while also dealing with megabits of traffic/day. Security has to be eco-sustainable.

Source: NEC Cyber Security Roundtable Discussion