How 5G secure access changes the IT landscape

In 2019, 5G roared into life with the first network deployments and marketing hype focused on enterprise and industrial use cases. Being just a few years into the expected 10-year-plus technology realization cycle, not all 5G hype features have been easy to access or are yet available, such as Multi-Access Edge Computing (MEC) for low latency application access at the edge and low-cost industrial IoT (Internet of Things) devices. In contrast, 5G’s technology cycle is similar to cloud computing as that, too, required approximately four years before it became suitable for large-scale adoption and for the industry to address perceived security concerns. This inflection point in cloud computing led to the dramatic transformation of IT and has become universal in the enterprise IT ecosystem.

5G has reached a similar tipping point; its transformative connectivity capabilities are becoming broadly available in commercial and private systems. A key distinction of the 5G MEC availability is that the MEC services are typically an extension of proven cloud computing solutions, including workload management and enterprise-grade tools for required data and system security. Therefore, with the enterprise being able to access 5G MEC services and apply security tools to the systems, enterprises can move forward with use cases that utilize 5G MEC to reap operational and transformational enhancements.

5G networks enable commercial and private operators to route specific user data to localized MEC server-hosted applications, providing the enterprise with operational enhancements, including improved user experience, novel application features, and increased data resilience. The capability enhancements, summarized in Figure 1, can drive strong business cases to adopt 5G MEC services.

Figure 1 MEC Capability Enhancement

Leidos 5G MEC Capability Enhancements
Resilience, Data Availability, and reduced Data transit exposure	Reduced reliance on centralized data centers, data pathway management, reducing interception and interdiction, reduction of capacity bottlenecks
Operationalization	Lower latency and jitter, improved application experience, advanced use case enablement
Dynamic and Scalable Services at the Edge	Enable edge access to applications dynamically when and where they are required

Leidos’ research and deployment of edge computing within our Edge to Cloud program has demonstrated that standard Government off-the-shelf and commercial off-the-shelf tools can be used to provide connectivity to the MEC. However, traditional VPN models are not designed to adapt to dynamic and distributed multi-network usage (commercial 5G, private 5G, Wi-Fi, Satcom, and trusted/untrusted networks). VPNs are typically architected as a perimeter model that requires data links to pass through a centralized network entry gateway. This architectural limitation excludes users’ ability to gain value of 5G MEC due to excessive data routing delays, or the edge network may not be reachable.

The distributed nature and untrusted and multi-tenanted network usage require the enterprise to focus on securely “operating through” networks and having perimeter-less application-level security. The Office of the Under Secretary of Defense for Research and Engineering (OUSD R&E) 5G strategy tenant of “Operate Through” expects that the Department of Defense (DoD) and other federal users will be able to use any preexisting 5G networks, including U.S. telecommunications infrastructure, coalition partners’ national communication systems, as well as networks that are influenced or controlled by organizations considered incompatible with the DoD’s mission objectives. Regardless, “Operate Through” assumes that nearly all underlying networks are untrusted, requiring the enterprise to bring its own cybersecurity solution. Leidos is identifying and developing solutions, summarized in Figure 2, for solving dynamic connectivity secure access challenges compatible with the DoD’s “Operate Through” objectives.

Figure 2 Leidos 5G/MEC Security Solutions

Challenges	Leidos Secure 5G/MEC Solutions
Securing the dynamic multiple access pathways required for the edge compute capability (MEC)	Dynamic Tunneling Solution that provides the following: Perimeter-less Security Identity-Based Access Control Micro-segmentation per user & per application Dynamic and Adaptive to changing networks Seamless and simultaneous secure access to distributed workloads Ability to integrate into a CSfC tunneling mode MEC and UE device protections that incorporate the following: Encryption of memory or VM workload, where supported by underlying MEC hardware/software Encryption of data, keystores etc. Development of 5G/MEC specific defensive Cyber controls (e.g., ML, signatures, telemetry, interdiction mechanisms, canaries and analytics).
Distribution of Critical Compute workloads
5G/MEC ecosystem heterogeneity requires a Zero Trust approach

Leidos recommends adopting a modern secure access approach that includes Secure Access Service Edge (SASE) and Zero Trust Network Access (ZTNA). These zero-trust access tools provide perimeter-less encrypted secure access with a high focus on identity and policy for application access.

Multiple commercially available SASE solutions are available; however, not all solve the problem of 5G MEC Access at the edge, as most solutions rely on driving data to the cloud WAN. In contrast, the Zscaler Zero Trust Exchange™ platform provides a secure access solution that supports secure enterprise and 5G MEC access. By using Zscaler Private Access™ (ZPA™), user plane data pathways are configurable to enable near or far private enterprise access without the need to tunnel through a central cloud. Additionally, with zero trust policy controls, individual user policy can be applied to micro-segment access by user and application, solving the challenge of secure encrypted data paths to distributed resources in trusted and untrusted networks.

Zero Trust cybersecurity allows organizations to operate safely over diverse communication networks that cannot be verified as secure. Zscaler cloud and edge solutions simplify testing, validation, and deployment of key transformational 5G capabilities to our customers.

Padraig Moloney
External Technology CTO at Leidos

Seamless 5G MEC secure access is key to enabling Leidos’ 5G solutions for our customers. Hence Leidos is expanding its 5G secure access capability by becoming Zscaler’s exclusive Government and National Security solutions development partner. A top priority is building upon Leidos’ extensive Zero Trust and 5G R&D for Government Agencies, Defense, and Critical National Infrastructure to rapidly prototype 5G cybersecurity capabilities for scalable, resilient 5G MEC access.

The integration of Zscaler technology with Leidos’ developed capabilities and other partner technologies enables Leidos to provide the transformative benefits of 5G/MEC technologies while anticipating and mitigating the risk and performance challenges. This will be a differentiating solution set and should position Leidos as a leader in 5G solutions.

Related information: