Securing 5G with SASE

Enterprises are turning to 5G networks to take advantage of increased bandwidth, lower latency, greater flexibility, and lower network costs as more IoT devices need to connect to networks and cloud adoption surges.

However, 5G increases not only the number of devices but also the types of devices to protect, including IoT devices, sensors, cameras, and virtual assistants. This expands the network’s attack surface, resulting in more vulnerabilities and holes for attackers to exploit.

And this is where SASE comes in. SASE embeds security functions such as firewall, web filter, intrusion detection system, and secure web gateway. Delivering these embedded security functions as a service relieves enterprises from the pain of managing complex point security solutions.

Instead of relying on traditional SASE from an external cloud, the MNOs can host SASE by deploying it in or close to the packet core network. By doing this, MNOs can offer enterprise-grade connectivity with security offerings from a managed SASE stack. Enterprises can then buy this service from the MNOs as a one-stop shop. Let us look at a few concrete benefits of using a SASE offering provided by an MNO.

Most of today’s SASE offerings rely on over-the-top identities or agent identities to make access decisions. But when deployed together with the MNO’s connectivity solution, instead of using those identities, one can use the telco identities e.g., IMSI, and MSISDN, which are also secured by hardware (SIM card) protection. Thereby, these identities are less prone to compromise than, for example, username/password. We can then make access decisions for individual employees/devices based on SIM identities, and there is no need for an extra identity solution.

SASE is becoming crucial to a successful 5G environment. It enables improved services and performance, increased security, and faster infrastructure rollout and management. It delivers end-to-end security, visibility, and telemetry for 5G infrastructure and services. It enforces compliance through a consistent security posture across the public cloud, hybrid cloud, on-premises, and MEC.

SASE interworks with 5G network slicing to guarantee aggressive 5G SLAs with end-to-end security and enables flexible implementation of Gi-LAN services in various form factors.

Secure SD-WAN, a SASE component combined with network slicing, guarantees that Service Level Agreements are met and provides end-to-end security, including UTM, IDS/IPS, Anti-Virus, and more.

SASE can also enable automated 5G rollout of thousands of devices with true zero-touch provisioning using a SASE orchestrator, and leverages elastic auto-scaling and network intelligence to meet real-time capacity demands.

SASE has become the framework that secures and transforms the 5G ecosystem by providing enterprise-grade security with granular and dynamic security controls. With 41.6 billion IoT devices estimated to connect to the internet by 2025, it can provide real-time IoT monitoring, leading to greater agility for networking teams.

Market dynamics
The Global 5G SASE was valued at USD 476.67 million and is projected to reach a market size of USD 765.43 million by the end of 2030. Over the forecast period of 2024-2030, the market is projected to grow at a CAGR of 7%.

The increasing focus on building partnerships and collaborations by 5G system providers with other telecom operators is anticipated to drive the adoption of these services. The surging investments in the healthcare sector to improve facilities and consumer satisfaction augment the market. The increasing inclination of government authorities toward these developing technologies to enhance the existing infrastructure also plays a part in pushing demand.

That said, the high spectrum prices and the subsequent rise in 5G service subscription prices are anticipated to hinder market growth somewhat.

SASE is made up of a networking component —SD-WAN — and a cloud-native security suite called the security service edge (SSE), which includes a secure web gateway (SWG), cloud access security broker (CASB), next-generation firewall (NGFW) and zero trust network access (ZTNA).

The popular vendors are Cradlepoint, Palo Alto Networks, Versa Networks, Check Point, Cisco, HPE, McAfee, Vmware and Netskope.

Is 5G SASE right for your business?
When looking at 5G SASE as an option, enterprises should consider whether their workers — or anyone connecting to the network — are outside the office, roaming in vehicles, or using IoT devices. The next logical question is, how are they securing that remote access?

SASE helps reduce complexity by simplifying the number of places enterprises have to do configurations. Due to its cloud-based nature, the technology simplifies the network and reduces the amount of hardware to be managed, and policies are automatically pushed out across the network.

5G and SASE have the promise to disrupt the traditional networking and cybersecurity space. They are allowing enterprise network teams to re-architect their network and leverage increased performance, agility, and security while reducing costs and simplifying operations. It is a match Made in Heaven!