Introduction
There is ever increase in security breaches resulting in serious business implications despite the proliferation and sophistication of security solutions in place. Enterprises are struggling to protect their assets – be it wired and wireless networks, intellectual property or customers’ data. According to a study by World Economic Forum, 95% of the cybersecurity incidents happen due to human errors. In other words, if human error was eliminated entirely, 19 out of 20 cyber breaches may not happen.
In this article we discuss security approach of Network as a Service (NaaS) that is also capable of wireless technologies such as CBRS, 5G and WiFi. We note that NaaS achieves holistic security by providing end-to-end security as well as automation and continuous network vulnerability assessment, thus largely eliminating possible human errors and cybersecurity incidents.
Holistic Security with NaaS
Achieving holistic security requires complete lifecycle security consideration as well as people, process and technology. In this article we consider the technology aspect of holistic security for NaaS to resolve enterprise security concerns as discussed below.
Automation: Since human error is the key reason behind security issues, NaaS brings automation in place that reduces human error together with proper templatization the issue can be mostly resolved.
Zero Trust – backward compatible: Clientless Zero Trust Network Access (ZTNA) for managed user devices to Enterprise IT Applications can be provided using NaaS the basis for which are several of the aspects discussed here such as, identity management, hardening, monitoring etc. Brown field friendly, isolated overlay network with Zero Trust East-West security can also be provisioned using NaaS.
Standards based security: NaaS solution can provide standard based security solution (IETF, 3GPP or any other) together with possibility to enhance as standards change. Also, with appropriate understanding, adequate choices can be made for options given by standards.
Identity and Access Management: Achieved through Identity Provider (IdP) service together with Multi-Factor Authentication (MFA) that also helps with Single-Sign-On (SSO). With that, NaaS can also provide Roles Based Access Control (RBAC) over a portal for administrator to control the user and application roles for every organization configured to use the NaaS.
Policy control: NaaS can provide {Device, User, Application} or DUA based policy framework for transport agnostic (CBRS/5G/WiFi) policies, aiding in reduction of human errors. DUA based policy framework provides enterprise ability to apply the same policy across multiple wireless transports. This DUA based policy framework eliminates the need to define policy for every transport thus minimizing human errors. These DUA based policies can be also context specific, which means, enterprise knows exactly what Device, what User and what Application this policy is defined for thus eliminating management nightmare involved with the traditional 5 tuple based [IP address/Port/Protocol] access policies.
Hardening: Using NaaS leads to no default local password for any device on-prem, all local ports can be controlled by NaaS management system, and it is possible to provide timely patching, update and upgrade.
Continuous Security Assessment: Using NaaS one can continuously perform vulnerability scan of both cloud and on-prem functions. Alarm can be sent to appropriate admin or other location on identification of a weakness. Monitoring solution can be used for automated response to identified vulnerabilities.
Logging & Traceability: Logging of every action as well as event and changes in the network is required in today’s world. NaaS can provide auto generation of hourly/daily/weekly reports with proof-of-work, proof-of-quality (based on Service Level Agreement, i.e., SLA), and proof-of-security. Where proof-of-security allows an organization to track all the configuration changes in the network and also allows them to classify and observe events happening in their network. Additionally, NaaS can also help protect logs against potential attacks.
Regulations & Compliance: Integral to NaaS is the ability to auto-generate proof-of-work, proof-of-quality (SLA), and proof-of-security reports on demand. Enterprise can auto generate SOC2 and ISO 27K questionnaires on appropriately built NaaS portal. These questionnaires can be automated to be pre-filled with required Network and Security information thus allowing enterprises to satisfy compliance requirements without requiring a separate network audit. NaaS can also help fulfill regulatory requirements such as those associated to privacy, e.g., GDPR, or any other country specific cybersecurity requirements.
Monitoring, Detection & Response: Continuous monitoring by NaaS leads to timely detection and alert of any anomaly including such as SIM or IMEI changes. Additionally, AI engine can be added to learn various configurations and traffic patterns to support automated detection as well as remediation.
Conclusion
A well-designed Wireless Network as a Service (NaaS) can bring holistic approach to security, to minimize or eliminate human errors and provision top-of-the-class enterprise security. NaaS can integrate with the enterprise’s existing security architecture while meeting all enterprise security requirements. It offers robust user and device management capabilities and allows the creation of custom user management policies. By leveraging the existing enterprise profile management framework, NaaS can also manage policies for users and devices connecting over the wireless network. Enterprises will be able to build the best-in-class secure wireless network with a guaranteed SLA using NaaS.
Anand R. Prasad
Dr. Anand R. Prasad is a global leader and expert in information and cyber security who has delivered security solutions for 5G, 4G, virtualization, SOC, Wi-Fi, mobile devices, enterprise and built GRC processes from scratch.
Anand is Founder and CEO of wenovator LLC, a global provider of cybersecurity services and consulting with top-tier clients right across the telecommunications industry. Dr. Prasad is also a Senior Security Advisor of NTT DOCOMO, providing advise on all aspects of cybersecurity for the company, Advisor to CTIF and Advisory to GuardRails. Prior to which he was Chief Information Security Officer of Rakuten Mobile, the world’s leading MNO with the very first cloud-native 4G / 5G network implementation. As CISO of Rakuten Mobile Anand led all aspects of enterprise and mobile network security from design, deployment to operations.
With over 20 years of experience, Anand has also held key roles in NEC, Genista, Lucent Technologies and Uniden. He is an innovator with over 50 patents, a recognized keynote speaker (RSA, GWS, MWC, ICT etc.) and a prolific writer with 6 books and over 50 peer reviewed publications. Anand was the Chairman of 3GPP SA3 where he led the standardization of 5G security. He did his ir (MScEE) and PhD from Delft University of Technology, The Netherlands. He is a Fellow of IET, Fellow of IETE and CISSP. Anand is Editor-in-Chief of the Journal of ICT Standardization and Co-Founder & Co-Editor of Cybersecurity Magazine.