SlideShare a Scribd company logo

TELCO WORKLOADS IN HYPERSCALER CLOUDS SECURITY IN THE 5G CONTROL ROOM

Security Gen
Security Gen

One of the dominant trends of the last decade in the telco industry was network function virtualization and cloudification, closely connected with 5G that came to the spotlight just a bunch of years later. But in the last ten years, the broader ICT industry has also witnessed the unstoppable growth of public cloud providers. The first wave of telco workloads (e.g., functions of EPC, 5GC, IMS, and O-RAN) was designed for the Telco Cloud, built on purpose infrastructure run by telecom operators. Today, it seems natural that telco workloads can and will run more and more in public clouds too.

Technology
1 of 8
Download to read offline
One of the dominant trends of the last decade in the telco industry was network function virtualization and cloudification, closely connected with 5G that came to the spotlight just a bunch of years later. But in the last ten years, the broader ICT industry has also witnessed the unstoppable growth of public cloud providers. The first wave of telco workloads (e.g., functions of EPC, 5GC, IMS, and O-RAN) was designed for the Telco Cloud, built on purpose infrastructure run by telecom operators. Today, it seems natural that telco workloads can and will run more and more in public clouds too. Is security entirely under control in this landscape? Do best practices of the IT and cloud industries offer full coverage for troubles a telco workload can meet? TELCO WORKLOADS IN HYPERSCALER CLOUDS SECURITY IN THE 5G CONTROL ROOM
secgen.com 1. Telcos and Hyperscalers: still different but closer and closer At the beginning of the Cloud era, Telcos explored the possibility to reap fruits from this new business opportunity selling directly to customers their own cloud services. More than a decade of experience taught us that this industry is nowadays characterized by a sharp border between the role of the Telcos and the role of the Hyperscalers, companies who made it grow until a nearly unreachable level of economy of scale in the deployment of worldwide spread data centers. Of course, I am talking about the usual suspects, Amazon Web Services, Google Cloud Platform, and Microsoft Azure, even if we must not forget about a player like Alibaba, with a dominant role in the Chinese market. Telcos tried hard to turn their expertise in homegrown data centers into a business, and there is still a bunch of Telco Public Clouds out there, but it is today clear that taking the role of an Hyperscalers is impossible for a Telco. Someone might object that borders between Telcos and Hyperscalers are not sharp anymore, but actually blurred today and doomed to be more and more so in the future. Sure! Already with CDNs, Telcos understood that their proximity to users is an asset, but this use case is not enough to justify the strong tide pushing Telcos and Hyperscalers to cooperate. Only with Multi-access/Mobile Edge Computing and the promised land of 5G use cases in mind one can figure out why the industry is in such turmoil. 2. Telcos’ enterprise IT side: the paved road to Hyperscaler clouds A telecommunication company, seen as a private technology-driven enterprise, has many IT needs addressable with tools available at Hyperscalers. The first and the most obvious is the wide variety of computing and storage models (technical and commercial), sweeping away the following Telcos’ headaches related to hw: • Fast obsolescence cycles (much work for procurement); • Need for flexibility against highly unstable workloads (planning is complex); • Bottom position in the value chain (applications are the real moneymakers).
secgen.com And while Telcos initially approached Hyperscalers for very limited infrastructure-procurement-related issues (e.g., finding resources for test environments), the general consensus is now achieved on the many business and technology use cases a Telco could transfer partially or totally to a Public Cloud. A partial list includes: • Digital channels, commerce, and customer experience platforms; • Business processes and Digital BSS; • A lot around billing; • Operation processes and Digital OSS; • Analytics (all sort, for CRM, for predictive maintenance, anti-fraud, etc.); • Machine-learning tasks (especially the training bit). 3. Telcos’ specials What is left then at the very heart of a Telco? What peculiarities make the Telco industry unique for an Hyperscaler, compared to a generic large enterprise customer? We need to consider at least two crucial aspects. First of all, access and proximity to customers. The access networks coupled with many points of presence, from towers to metro and regional Central Offices, are a crucial asset for the successful implementation of the most demanding 5G use cases, based on ultra-low latency, often coupled with large bandwidth. All Hyperscalers claim to be getting closer and closer to the network edge, where the Telcos’ IP pipe terminates, either spreading their own DCs’ geographical footprint and/or directly partnering with Telcos to build MEC DCs at Telco's locations (examples are AWS Outpost and Wavelength, Azure Edge Zones, Google Distributed Cloud). Simplifying the picture, in this marriage, the Telco brings the IP pipe and the sites, the Hyperscaler its ability to build a Data Center infrastructure, its ecosystem of apps, and the capacity for orchestrating and moving workloads around. The second aspect, access and core networks, respectively the entry and the control point of the IP pipe, are primarily in the hands of Telcos: do not be surprised to find access networks there, just think about the Open RAN wave. Access and core networks are made of telco workloads, and here we get to the point: with a foot at the network edge, an Hyperscaler can propose a telecom operator to take the infrastructural burden of all telecom workloads, also of the most demanding user-plane ones.
secgen.com 4. Building telco workloads Which options do Hyperscalers have to approach the network function side of the story? 1. Propose their own stack The hyperscaler can propose its own product, self-developed or put together with some partners, to the market. This approach seems to be appealing for private 5G networks (see AWS Private 5G). In this case, the Hyperscaler becomes a direct competitor of telecom operators. National spectrum licensing regulations are, of course, a pre-requisite for this model. 2. Acquire a vendor and add it to their portfolio The Affirmed and Metaswitch cases. For example, a light MVNO could directly think about buying core network functions as cloud services without building a physical on-prem core network. 3. Invite major technology vendors to certify deployments on their stack This approach makes much practical sense. Most of the prominent technology vendors are simply too experienced and have too much influence and footprint in the industry to think you can avoid them. But these same players understand that their final customers, the Telcos, won't let them play alone in Telco Cloud silos forever. In this case, the technology vendor will leverage at least IaaS and CaaS services (VM and container services) provided by the Hyperscaler and let the telecom operator be free to choose a Hyperscaler as a partner. 4. Invite technology vendors to develop network functions with Hyperscalers’ tools Beyond IaaS and CaaS, load balancers and a large variety of DB types are already what is needed for a 3-layer decomposition (load-balancing, signaling front-end, context, and stable data back-end DB) of network functions. A more profound decomposition into microservices can be supported by service mesh frameworks (GCP Anthos Service Mesh, AWS App Mesh), message queuing, and API management services. A countless number of other solutions are available for other ancillary but critical functions, like observability, configuration automation, CI/CD processes, etc. Though really fascinating, it is too early to bet on the success of such an approach: massive vendors prefer to have complete control on the internal sw architectures of their network functions, for performance and assurance reasons at least.
secgen.com 5. Security of Telco workloads Whatever the approach to telco workloads is, security becomes a shared responsibility in case of deployment at an Hyperscaler cloud. The Hyperscaler will do its best to ensure that the cloud itself is safe, together with all the tools in its portfolio; the telco workload’s and the network function's security is instead the final concern of both the technology provider and of the telecom operator. The literature about best practices for cloud security is enormous. Nevertheless, a few principles stand out: • Trust no one/nothing; • Use as much automation as you can; • Audit/analyze/inspect what you do. The “trust no one/nothing” is enforced, for example, with a strong identity and access management, encryption of communications (TLS) and data (at rest and in transit), and also with traditional network and application-level tools (network segmentation, IP firewalls, WAF, etc.). Sometimes, these techniques can be pushed inside the service mesh implementation, e.g., see some of the Istio features. Automation must back all inspection tools used to verify the correct implementation of security measures at all levels, from VM images to complex as-code templates. Regular audits, log analyses, and inspections help highlight threat exposures and gaps in the security posture. On one side, you need to see your environment with the eyes of a hacker, performing audits aiming at breaching through defenses. On the other, you need full traceability of events and advanced analytic tools to spot in real-time if attacks are occurring. Behind the principles, there is a large variety of products, sometimes similar at all Hyperscalers, occasionally peculiar, to cover several mentioned areas of concern. But the reader must consider two issues. First of all, just recalling the previous chapter and the different styles of telco workload implementations, we need to consider that actual security controls could be highly vendor-specific, especially in the case of closed products like in approach 3. In this case, it is difficult for the final bearer of a security concern, the telco operator, to be 100% sure about security measures adopted by the technology vendor in the product design and deployment phases.
In addition, in a theoretical multi-cloud perspective, adopted to avoid single points of failure or Hyperscaler lock-in, one must consider that not all security tools are identical and seamless portability of a security framework from one Hyperscaler to another one is difficult. A technology vendor or an operator can use the best security features of each Hyperscaler, aiming at a coherent multi-cloud deployment, but 100% feature parity could be impossible. Last but not least, though flexible and rich in features, the security products provided by Hyperscalers do not cover all the needs of telco workloads natively. In particular, they are not tuned for protecting the essence of 5G networks' control plane and the Service Based Interface over which network functions communicate, nor for protecting the legacy signaling networks. However, the responsibility for this component of the telco stack lies today entirely on the operators and not on the Hyperscalers. SecurityGen mission is to shield the core of networks enabling the digital transformation of our society, and all the considerations above forced us to complete the stack of security tools and measures for 5G and legacy core networks with ad-hoc instruments. secgen.com 6. SecurityGen vision for Telco workloads at Hyperscaler clouds SecurityGen introduces ACE, the Artificial Cybersecurity Expert, and TSG, the Telecom Security Guard. ACE addresses the inspection/audit and automation pillars of optimal Cloud security. ACE is a highly automated auditing tool for the 2G-5G control plane. ACE allows to define rich textbooks covering all possible cybersecurity threats affecting signaling networks: DoS against nodes and subscribers, frauds, disclosure of information, etc. Its power lies in two fundamental design values.
secgen.com • Huge DB of inspection methods to test the security posture of the signaling networks. The DB allows to flexibly mount all types of attacks to 2G-5G core networks and check the networks’ behavior. • Automation framework, enabling to launch audit campaigns even several times per day without human intervention, thus freeing the operator from the burden of synchronizing network changes (sw releases, microservice components, topology, roaming partners) with inspection campaigns. With no human effort, you can ensure that any change in the network does not affect the robustness of the 2G-5G signaling core. Final reports of each test run are generated automatically and become readily available for security teams. TSG is a robust combined Intrusion Detection (ID) and Intrusion Protection/Firewall (IP) System that embodies the principle of zero trust, inspection/audit/analysis, and automation too. • Zero trust must also be reserved for protection measures and not only deployed in terms of identity and integrity of communications. Firewalls and border protection measures at STPs/DEAs/SEPPs are essential. Nevertheless, SecurityGen experience teaches that you cannot trust 100% these tools: border protection measures can be evaded by appropriately crafted messages. The TSG IDS component provides powerful analytics on all border signaling messages: no explicit attacks or potential threats can escape its lens, sharpened by a huge DB of attack signatures covering all mobile generations. Critical issues requiring immediate attention from security teams can be flagged in several ways and reported to SIEM. • The TSG IPS is also a signaling recorder, storing signaling in its disks for months and allowing post-incident analysis or simply event analysis to improve the core network security posture. • The highly integrated nature of the TSG IDS and TSG IPS components enables the one-click creation of IPS/FW rules from situations identified by the IDS. No complicated manual transfer, but instead simple, automated, and most of all error-free improvement of the behavior of the active FW protection. With ACE and TSG, you can be sure that your network is 360-degree protected against attacks based on the use of SS7, Diameter, GTP, HTTP/2, and PFCP protocols, without adding any extra burden on security teams.
secgen.com Reference: Towards a theory of ecosystems - London Business School 2018 - Michael G. Jacobides | Carmelo Cennamo | Annabelle Gawer 1. ENISA Documentation https://www.enisa.europa.eu/publications/enisa- threatlandscape-report-for-5g-networks/ CISA Documentation https://www.cisa.gov/publication/5g-strategy 3GPP on virtualization impacts: 3GPP TR 33.848 2. 3. 4. UK | Italy | Czech Republic | Brazil | Mexico India | South Korea | Japan | Malaysia | UAE Email: contact@secgen.com Website: www.secgen.com Founded in 2022, SecurityGen is a global start-up focused on telecom security. We deliver a solid security foundation to drive secure telecom digital transformations and ensure next-gen enterprise intelligent connectivity. About SecurityGen Connect With Us

Recommended

The Evolution of Edge computing
The Evolution of Edge computingThe Evolution of Edge computing
The Evolution of Edge computing
DESMOND YUEN
 
Telco Global Connect 4
Telco Global Connect 4Telco Global Connect 4
Telco Global Connect 4
Sadiq Malik
 
Oracle-Telco-to-Tech.pdf
Oracle-Telco-to-Tech.pdfOracle-Telco-to-Tech.pdf
Oracle-Telco-to-Tech.pdf
BiNguyn53
 
Abi research over the edge
Abi research over the edgeAbi research over the edge
Abi research over the edge
myehuman
 
Understanding the Risks: Exploring 5G Vulnerabilities with SecurityGen
Understanding the Risks: Exploring 5G Vulnerabilities with SecurityGenUnderstanding the Risks: Exploring 5G Vulnerabilities with SecurityGen
Understanding the Risks: Exploring 5G Vulnerabilities with SecurityGen
SecurityGen1
 
Securing the 5G growth story with NFVi.pdf
Securing the 5G growth story with NFVi.pdfSecuring the 5G growth story with NFVi.pdf
Securing the 5G growth story with NFVi.pdf
Security Gen
 
Securing the 5G growth story with NFVi (1).pdf
Securing the 5G growth story with NFVi (1).pdfSecuring the 5G growth story with NFVi (1).pdf
Securing the 5G growth story with NFVi (1).pdf
Security Gen
 
Empower Your Defense: SecurityGen's Comprehensive Approach to DDoS Attack Pre...
Empower Your Defense: SecurityGen's Comprehensive Approach to DDoS Attack Pre...Empower Your Defense: SecurityGen's Comprehensive Approach to DDoS Attack Pre...
Empower Your Defense: SecurityGen's Comprehensive Approach to DDoS Attack Pre...
SecurityGen1
 

Recommended

The Evolution of Edge computing
The Evolution of Edge computingThe Evolution of Edge computing
The Evolution of Edge computing
DESMOND YUEN
 
Telco Global Connect 4
Telco Global Connect 4Telco Global Connect 4
Telco Global Connect 4
Sadiq Malik
 
Oracle-Telco-to-Tech.pdf
Oracle-Telco-to-Tech.pdfOracle-Telco-to-Tech.pdf
Oracle-Telco-to-Tech.pdf
BiNguyn53
 
Abi research over the edge
Abi research over the edgeAbi research over the edge
Abi research over the edge
myehuman
 
Understanding the Risks: Exploring 5G Vulnerabilities with SecurityGen
Understanding the Risks: Exploring 5G Vulnerabilities with SecurityGenUnderstanding the Risks: Exploring 5G Vulnerabilities with SecurityGen
Understanding the Risks: Exploring 5G Vulnerabilities with SecurityGen
SecurityGen1
 
Securing the 5G growth story with NFVi.pdf
Securing the 5G growth story with NFVi.pdfSecuring the 5G growth story with NFVi.pdf
Securing the 5G growth story with NFVi.pdf
Security Gen
 
Securing the 5G growth story with NFVi (1).pdf
Securing the 5G growth story with NFVi (1).pdfSecuring the 5G growth story with NFVi (1).pdf
Securing the 5G growth story with NFVi (1).pdf
Security Gen
 
Empower Your Defense: SecurityGen's Comprehensive Approach to DDoS Attack Pre...
Empower Your Defense: SecurityGen's Comprehensive Approach to DDoS Attack Pre...Empower Your Defense: SecurityGen's Comprehensive Approach to DDoS Attack Pre...
Empower Your Defense: SecurityGen's Comprehensive Approach to DDoS Attack Pre...
SecurityGen1
 
Securing Private 5G Networks (1).pdf
Securing Private 5G Networks (1).pdfSecuring Private 5G Networks (1).pdf
Securing Private 5G Networks (1).pdf
Security Gen
 
Securing Private 5G Networks (1).pdf
Securing Private 5G Networks (1).pdfSecuring Private 5G Networks (1).pdf
Securing Private 5G Networks (1).pdf
Security Gen
 
5G Edge Computing Whitepaper, FCC Advisory Council
5G Edge Computing Whitepaper, FCC Advisory Council5G Edge Computing Whitepaper, FCC Advisory Council
5G Edge Computing Whitepaper, FCC Advisory Council
DESMOND YUEN
 
Iisrt zzz satyabrata khatua
Iisrt zzz satyabrata khatuaIisrt zzz satyabrata khatua
Iisrt zzz satyabrata khatua
IISRT
 
Container ecosystem based PaaS solution for Telco Cloud Analysis and Proposal
Container ecosystem based PaaS solution for Telco Cloud Analysis and ProposalContainer ecosystem based PaaS solution for Telco Cloud Analysis and Proposal
Container ecosystem based PaaS solution for Telco Cloud Analysis and Proposal
Krishna-Kumar
 
Enterprise Architecture Networking
Enterprise Architecture Networking Enterprise Architecture Networking
Enterprise Architecture Networking
Cohesive Networks
 
Cloud asia 2011 tidbits
Cloud asia 2011 tidbitsCloud asia 2011 tidbits
Cloud asia 2011 tidbits
Alan Quayle
 
Telco Global Connect Vol3 Excerpt
Telco Global Connect Vol3 ExcerptTelco Global Connect Vol3 Excerpt
Telco Global Connect Vol3 Excerpt
Sadiq Malik
 
White Paper smaller
White Paper smallerWhite Paper smaller
White Paper smaller
Jonny Sharp
 
M2M Interview april may 2015
M2M Interview april may 2015M2M Interview april may 2015
M2M Interview april may 2015
Roberto Siagri
 
OCC-Executive-Summary-20150323
OCC-Executive-Summary-20150323OCC-Executive-Summary-20150323
OCC-Executive-Summary-20150323
Les Williams
 
Tech trendnotes
Tech trendnotesTech trendnotes
Tech trendnotes
Studying
 
NFV Solutions for the Telco Cloud
NFV Solutions for the Telco Cloud NFV Solutions for the Telco Cloud
NFV Solutions for the Telco Cloud
Juniper Networks
 
Cloud computing in Thailand
Cloud computing in ThailandCloud computing in Thailand
Cloud computing in Thailand
Valiente Veera
 
Microsoft Telecommunications Industry News | April 2021
Microsoft Telecommunications Industry News | April 2021Microsoft Telecommunications Industry News | April 2021
Microsoft Telecommunications Industry News | April 2021
Rick Lievano
 
New business opportunities with 5G and cloud
New business opportunities with 5G and cloudNew business opportunities with 5G and cloud
New business opportunities with 5G and cloud
Ericsson Latin America
 
Cloud computing
Cloud computingCloud computing
Cloud computing
MIDAUTEL
 
7. introduction
7. introduction7. introduction
7. introduction
NARESH DEVOLLA
 
1. Massive Machine-Type Communication.pptx
1. Massive Machine-Type Communication.pptx1. Massive Machine-Type Communication.pptx
1. Massive Machine-Type Communication.pptx
Sri Manakula Vinayagar Engineering College
 
Discussion paper: ”The coming obsolescence of the enterprise network”
Discussion paper: ”The coming obsolescence of the enterprise network” Discussion paper: ”The coming obsolescence of the enterprise network”
Discussion paper: ”The coming obsolescence of the enterprise network”
Ericsson
 
Protect Your Network_ Invest in Telco Security Solutions Today
Protect Your Network_ Invest in Telco Security Solutions TodayProtect Your Network_ Invest in Telco Security Solutions Today
Protect Your Network_ Invest in Telco Security Solutions Today
Security Gen
 
Unlock the Future: SecurityGen's 5G Standalone Solutions
Unlock the Future: SecurityGen's 5G Standalone SolutionsUnlock the Future: SecurityGen's 5G Standalone Solutions
Unlock the Future: SecurityGen's 5G Standalone Solutions
Security Gen
 

More Related Content

Similar to TELCO WORKLOADS IN HYPERSCALER CLOUDS SECURITY IN THE 5G CONTROL ROOM

Securing Private 5G Networks (1).pdf
Securing Private 5G Networks (1).pdfSecuring Private 5G Networks (1).pdf
Securing Private 5G Networks (1).pdf
Security Gen
 
Securing Private 5G Networks (1).pdf
Securing Private 5G Networks (1).pdfSecuring Private 5G Networks (1).pdf
Securing Private 5G Networks (1).pdf
Security Gen
 
5G Edge Computing Whitepaper, FCC Advisory Council
5G Edge Computing Whitepaper, FCC Advisory Council5G Edge Computing Whitepaper, FCC Advisory Council
5G Edge Computing Whitepaper, FCC Advisory Council
DESMOND YUEN
 
Iisrt zzz satyabrata khatua
Iisrt zzz satyabrata khatuaIisrt zzz satyabrata khatua
Iisrt zzz satyabrata khatua
IISRT
 
Container ecosystem based PaaS solution for Telco Cloud Analysis and Proposal
Container ecosystem based PaaS solution for Telco Cloud Analysis and ProposalContainer ecosystem based PaaS solution for Telco Cloud Analysis and Proposal
Container ecosystem based PaaS solution for Telco Cloud Analysis and Proposal
Krishna-Kumar
 
Enterprise Architecture Networking
Enterprise Architecture Networking Enterprise Architecture Networking
Enterprise Architecture Networking
Cohesive Networks
 
Cloud asia 2011 tidbits
Cloud asia 2011 tidbitsCloud asia 2011 tidbits
Cloud asia 2011 tidbits
Alan Quayle
 
Telco Global Connect Vol3 Excerpt
Telco Global Connect Vol3 ExcerptTelco Global Connect Vol3 Excerpt
Telco Global Connect Vol3 Excerpt
Sadiq Malik
 
White Paper smaller
White Paper smallerWhite Paper smaller
White Paper smaller
Jonny Sharp
 
M2M Interview april may 2015
M2M Interview april may 2015M2M Interview april may 2015
M2M Interview april may 2015
Roberto Siagri
 
OCC-Executive-Summary-20150323
OCC-Executive-Summary-20150323OCC-Executive-Summary-20150323
OCC-Executive-Summary-20150323
Les Williams
 
Tech trendnotes
Tech trendnotesTech trendnotes
Tech trendnotes
Studying
 
NFV Solutions for the Telco Cloud
NFV Solutions for the Telco Cloud NFV Solutions for the Telco Cloud
NFV Solutions for the Telco Cloud
Juniper Networks
 
Cloud computing in Thailand
Cloud computing in ThailandCloud computing in Thailand
Cloud computing in Thailand
Valiente Veera
 
Microsoft Telecommunications Industry News | April 2021
Microsoft Telecommunications Industry News | April 2021Microsoft Telecommunications Industry News | April 2021
Microsoft Telecommunications Industry News | April 2021
Rick Lievano
 
New business opportunities with 5G and cloud
New business opportunities with 5G and cloudNew business opportunities with 5G and cloud
New business opportunities with 5G and cloud
Ericsson Latin America
 
Cloud computing
Cloud computingCloud computing
Cloud computing
MIDAUTEL
 
7. introduction
7. introduction7. introduction
7. introduction
NARESH DEVOLLA
 
1. Massive Machine-Type Communication.pptx
1. Massive Machine-Type Communication.pptx1. Massive Machine-Type Communication.pptx
1. Massive Machine-Type Communication.pptx
Sri Manakula Vinayagar Engineering College
 
Discussion paper: ”The coming obsolescence of the enterprise network”
Discussion paper: ”The coming obsolescence of the enterprise network” Discussion paper: ”The coming obsolescence of the enterprise network”
Discussion paper: ”The coming obsolescence of the enterprise network”
Ericsson
 

Similar to TELCO WORKLOADS IN HYPERSCALER CLOUDS SECURITY IN THE 5G CONTROL ROOM (20)

Securing Private 5G Networks (1).pdf
Securing Private 5G Networks (1).pdfSecuring Private 5G Networks (1).pdf
Securing Private 5G Networks (1).pdf
 
Securing Private 5G Networks (1).pdf
Securing Private 5G Networks (1).pdfSecuring Private 5G Networks (1).pdf
Securing Private 5G Networks (1).pdf
 
5G Edge Computing Whitepaper, FCC Advisory Council
5G Edge Computing Whitepaper, FCC Advisory Council5G Edge Computing Whitepaper, FCC Advisory Council
5G Edge Computing Whitepaper, FCC Advisory Council
 
Iisrt zzz satyabrata khatua
Iisrt zzz satyabrata khatuaIisrt zzz satyabrata khatua
Iisrt zzz satyabrata khatua
 
Container ecosystem based PaaS solution for Telco Cloud Analysis and Proposal
Container ecosystem based PaaS solution for Telco Cloud Analysis and ProposalContainer ecosystem based PaaS solution for Telco Cloud Analysis and Proposal
Container ecosystem based PaaS solution for Telco Cloud Analysis and Proposal
 
Enterprise Architecture Networking
Enterprise Architecture Networking Enterprise Architecture Networking
Enterprise Architecture Networking
 
Cloud asia 2011 tidbits
Cloud asia 2011 tidbitsCloud asia 2011 tidbits
Cloud asia 2011 tidbits
 
Telco Global Connect Vol3 Excerpt
Telco Global Connect Vol3 ExcerptTelco Global Connect Vol3 Excerpt
Telco Global Connect Vol3 Excerpt
 
White Paper smaller
White Paper smallerWhite Paper smaller
White Paper smaller
 
M2M Interview april may 2015
M2M Interview april may 2015M2M Interview april may 2015
M2M Interview april may 2015
 
OCC-Executive-Summary-20150323
OCC-Executive-Summary-20150323OCC-Executive-Summary-20150323
OCC-Executive-Summary-20150323
 
Tech trendnotes
Tech trendnotesTech trendnotes
Tech trendnotes
 
NFV Solutions for the Telco Cloud
NFV Solutions for the Telco Cloud NFV Solutions for the Telco Cloud
NFV Solutions for the Telco Cloud
 
Cloud computing in Thailand
Cloud computing in ThailandCloud computing in Thailand
Cloud computing in Thailand
 
Microsoft Telecommunications Industry News | April 2021
Microsoft Telecommunications Industry News | April 2021Microsoft Telecommunications Industry News | April 2021
Microsoft Telecommunications Industry News | April 2021
 
New business opportunities with 5G and cloud
New business opportunities with 5G and cloudNew business opportunities with 5G and cloud
New business opportunities with 5G and cloud
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
7. introduction
7. introduction7. introduction
7. introduction
 
1. Massive Machine-Type Communication.pptx
1. Massive Machine-Type Communication.pptx1. Massive Machine-Type Communication.pptx
1. Massive Machine-Type Communication.pptx
 
Discussion paper: ”The coming obsolescence of the enterprise network”
Discussion paper: ”The coming obsolescence of the enterprise network” Discussion paper: ”The coming obsolescence of the enterprise network”
Discussion paper: ”The coming obsolescence of the enterprise network”
 

More from Security Gen

Protect Your Network_ Invest in Telco Security Solutions Today
Protect Your Network_ Invest in Telco Security Solutions TodayProtect Your Network_ Invest in Telco Security Solutions Today
Protect Your Network_ Invest in Telco Security Solutions Today
Security Gen
 
Unlock the Future: SecurityGen's 5G Standalone Solutions
Unlock the Future: SecurityGen's 5G Standalone SolutionsUnlock the Future: SecurityGen's 5G Standalone Solutions
Unlock the Future: SecurityGen's 5G Standalone Solutions
Security Gen
 
Address 5G Vulnerabilities with SecurityGen's Expert Solution
Address 5G Vulnerabilities with SecurityGen's Expert SolutionAddress 5G Vulnerabilities with SecurityGen's Expert Solution
Address 5G Vulnerabilities with SecurityGen's Expert Solution
Security Gen
 
SecurityGen-IDS-enhance-your-signalling-security (1).pdf
SecurityGen-IDS-enhance-your-signalling-security (1).pdfSecurityGen-IDS-enhance-your-signalling-security (1).pdf
SecurityGen-IDS-enhance-your-signalling-security (1).pdf
Security Gen
 
SecurityGen: Your Trusted Partner for Unrivaled Telecom Security
SecurityGen: Your Trusted Partner for Unrivaled Telecom SecuritySecurityGen: Your Trusted Partner for Unrivaled Telecom Security
SecurityGen: Your Trusted Partner for Unrivaled Telecom Security
Security Gen
 
SecurityGen - Your Shield Against Cyber Threats
SecurityGen - Your Shield Against Cyber ThreatsSecurityGen - Your Shield Against Cyber Threats
SecurityGen - Your Shield Against Cyber Threats
Security Gen
 
SecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdf
SecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdfSecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdf
SecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdf
Security Gen
 
Why the VoLTE Rush?
Why the VoLTE Rush?Why the VoLTE Rush?
Why the VoLTE Rush?
Security Gen
 
Best 5G Security Solutions - SecurityGen
Best 5G Security Solutions - SecurityGenBest 5G Security Solutions - SecurityGen
Best 5G Security Solutions - SecurityGen
Security Gen
 
Shield Your Network: Prevent DDoS Attacks with SecurityGen
Shield Your Network: Prevent DDoS Attacks with SecurityGenShield Your Network: Prevent DDoS Attacks with SecurityGen
Shield Your Network: Prevent DDoS Attacks with SecurityGen
Security Gen
 
Fake BTS Network Vulnerabilities
Fake BTS Network VulnerabilitiesFake BTS Network Vulnerabilities
Fake BTS Network Vulnerabilities
Security Gen
 
SecurityGen whitepaper GTP vulnerabilities - A cause for concern in 5G and LT...
SecurityGen whitepaper GTP vulnerabilities - A cause for concern in 5G and LT...SecurityGen whitepaper GTP vulnerabilities - A cause for concern in 5G and LT...
SecurityGen whitepaper GTP vulnerabilities - A cause for concern in 5G and LT...
Security Gen
 
SecurityGen-Cybersecurity-perspective-on-mwc-themes.pdf
SecurityGen-Cybersecurity-perspective-on-mwc-themes.pdfSecurityGen-Cybersecurity-perspective-on-mwc-themes.pdf
SecurityGen-Cybersecurity-perspective-on-mwc-themes.pdf
Security Gen
 
TELCO WORKLOADS IN HYPERSCALER CLOUDS SECURITY IN THE 5G CONTROL ROOM
TELCO WORKLOADS IN HYPERSCALER CLOUDS SECURITY IN THE 5G CONTROL ROOMTELCO WORKLOADS IN HYPERSCALER CLOUDS SECURITY IN THE 5G CONTROL ROOM
TELCO WORKLOADS IN HYPERSCALER CLOUDS SECURITY IN THE 5G CONTROL ROOM
Security Gen
 
SecurityGen 5G Cyber-security Lab - A holistic 5G view for building a safe & ...
SecurityGen 5G Cyber-security Lab - A holistic 5G view for building a safe & ...SecurityGen 5G Cyber-security Lab - A holistic 5G view for building a safe & ...
SecurityGen 5G Cyber-security Lab - A holistic 5G view for building a safe & ...
Security Gen
 
ACE: ARTIFICIAL CYBERSECURITY EXPERT
ACE: ARTIFICIAL CYBERSECURITY EXPERTACE: ARTIFICIAL CYBERSECURITY EXPERT
ACE: ARTIFICIAL CYBERSECURITY EXPERT
Security Gen
 
5G Security Program Datasheet (2).pdf
5G Security Program Datasheet (2).pdf5G Security Program Datasheet (2).pdf
5G Security Program Datasheet (2).pdf
Security Gen
 
5G Security Program -Case Studies
5G Security Program -Case Studies 5G Security Program -Case Studies
5G Security Program -Case Studies
Security Gen
 
IDS: INTRUSION DETECTION SYSTEM PLATFORM
IDS: INTRUSION DETECTION SYSTEM PLATFORMIDS: INTRUSION DETECTION SYSTEM PLATFORM
IDS: INTRUSION DETECTION SYSTEM PLATFORM
Security Gen
 
NGFW - An Updated Overview
NGFW - An Updated Overview NGFW - An Updated Overview
NGFW - An Updated Overview
Security Gen
 

More from Security Gen (20)

Protect Your Network_ Invest in Telco Security Solutions Today
Protect Your Network_ Invest in Telco Security Solutions TodayProtect Your Network_ Invest in Telco Security Solutions Today
Protect Your Network_ Invest in Telco Security Solutions Today
 
Unlock the Future: SecurityGen's 5G Standalone Solutions
Unlock the Future: SecurityGen's 5G Standalone SolutionsUnlock the Future: SecurityGen's 5G Standalone Solutions
Unlock the Future: SecurityGen's 5G Standalone Solutions
 
Address 5G Vulnerabilities with SecurityGen's Expert Solution
Address 5G Vulnerabilities with SecurityGen's Expert SolutionAddress 5G Vulnerabilities with SecurityGen's Expert Solution
Address 5G Vulnerabilities with SecurityGen's Expert Solution
 
SecurityGen-IDS-enhance-your-signalling-security (1).pdf
SecurityGen-IDS-enhance-your-signalling-security (1).pdfSecurityGen-IDS-enhance-your-signalling-security (1).pdf
SecurityGen-IDS-enhance-your-signalling-security (1).pdf
 
SecurityGen: Your Trusted Partner for Unrivaled Telecom Security
SecurityGen: Your Trusted Partner for Unrivaled Telecom SecuritySecurityGen: Your Trusted Partner for Unrivaled Telecom Security
SecurityGen: Your Trusted Partner for Unrivaled Telecom Security
 
SecurityGen - Your Shield Against Cyber Threats
SecurityGen - Your Shield Against Cyber ThreatsSecurityGen - Your Shield Against Cyber Threats
SecurityGen - Your Shield Against Cyber Threats
 
SecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdf
SecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdfSecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdf
SecurityGen-VoLTE-article-What's-wrong-with-fast-VoLTE-deployments.pdf
 
Why the VoLTE Rush?
Why the VoLTE Rush?Why the VoLTE Rush?
Why the VoLTE Rush?
 
Best 5G Security Solutions - SecurityGen
Best 5G Security Solutions - SecurityGenBest 5G Security Solutions - SecurityGen
Best 5G Security Solutions - SecurityGen
 
Shield Your Network: Prevent DDoS Attacks with SecurityGen
Shield Your Network: Prevent DDoS Attacks with SecurityGenShield Your Network: Prevent DDoS Attacks with SecurityGen
Shield Your Network: Prevent DDoS Attacks with SecurityGen
 
Fake BTS Network Vulnerabilities
Fake BTS Network VulnerabilitiesFake BTS Network Vulnerabilities
Fake BTS Network Vulnerabilities
 
SecurityGen whitepaper GTP vulnerabilities - A cause for concern in 5G and LT...
SecurityGen whitepaper GTP vulnerabilities - A cause for concern in 5G and LT...SecurityGen whitepaper GTP vulnerabilities - A cause for concern in 5G and LT...
SecurityGen whitepaper GTP vulnerabilities - A cause for concern in 5G and LT...
 
SecurityGen-Cybersecurity-perspective-on-mwc-themes.pdf
SecurityGen-Cybersecurity-perspective-on-mwc-themes.pdfSecurityGen-Cybersecurity-perspective-on-mwc-themes.pdf
SecurityGen-Cybersecurity-perspective-on-mwc-themes.pdf
 
TELCO WORKLOADS IN HYPERSCALER CLOUDS SECURITY IN THE 5G CONTROL ROOM
TELCO WORKLOADS IN HYPERSCALER CLOUDS SECURITY IN THE 5G CONTROL ROOMTELCO WORKLOADS IN HYPERSCALER CLOUDS SECURITY IN THE 5G CONTROL ROOM
TELCO WORKLOADS IN HYPERSCALER CLOUDS SECURITY IN THE 5G CONTROL ROOM
 
SecurityGen 5G Cyber-security Lab - A holistic 5G view for building a safe & ...
SecurityGen 5G Cyber-security Lab - A holistic 5G view for building a safe & ...SecurityGen 5G Cyber-security Lab - A holistic 5G view for building a safe & ...
SecurityGen 5G Cyber-security Lab - A holistic 5G view for building a safe & ...
 
ACE: ARTIFICIAL CYBERSECURITY EXPERT
ACE: ARTIFICIAL CYBERSECURITY EXPERTACE: ARTIFICIAL CYBERSECURITY EXPERT
ACE: ARTIFICIAL CYBERSECURITY EXPERT
 
5G Security Program Datasheet (2).pdf
5G Security Program Datasheet (2).pdf5G Security Program Datasheet (2).pdf
5G Security Program Datasheet (2).pdf
 
5G Security Program -Case Studies
5G Security Program -Case Studies 5G Security Program -Case Studies
5G Security Program -Case Studies
 
IDS: INTRUSION DETECTION SYSTEM PLATFORM
IDS: INTRUSION DETECTION SYSTEM PLATFORMIDS: INTRUSION DETECTION SYSTEM PLATFORM
IDS: INTRUSION DETECTION SYSTEM PLATFORM
 
NGFW - An Updated Overview
NGFW - An Updated Overview NGFW - An Updated Overview
NGFW - An Updated Overview
 

Recently uploaded

Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
ScyllaDB
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
Intelisync
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
alexjohnson7307
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
Data Hops
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 

Recently uploaded (20)

Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 

TELCO WORKLOADS IN HYPERSCALER CLOUDS SECURITY IN THE 5G CONTROL ROOM

  • 1. One of the dominant trends of the last decade in the telco industry was network function virtualization and cloudification, closely connected with 5G that came to the spotlight just a bunch of years later. But in the last ten years, the broader ICT industry has also witnessed the unstoppable growth of public cloud providers. The first wave of telco workloads (e.g., functions of EPC, 5GC, IMS, and O-RAN) was designed for the Telco Cloud, built on purpose infrastructure run by telecom operators. Today, it seems natural that telco workloads can and will run more and more in public clouds too. Is security entirely under control in this landscape? Do best practices of the IT and cloud industries offer full coverage for troubles a telco workload can meet? TELCO WORKLOADS IN HYPERSCALER CLOUDS SECURITY IN THE 5G CONTROL ROOM
  • 2. secgen.com 1. Telcos and Hyperscalers: still different but closer and closer At the beginning of the Cloud era, Telcos explored the possibility to reap fruits from this new business opportunity selling directly to customers their own cloud services. More than a decade of experience taught us that this industry is nowadays characterized by a sharp border between the role of the Telcos and the role of the Hyperscalers, companies who made it grow until a nearly unreachable level of economy of scale in the deployment of worldwide spread data centers. Of course, I am talking about the usual suspects, Amazon Web Services, Google Cloud Platform, and Microsoft Azure, even if we must not forget about a player like Alibaba, with a dominant role in the Chinese market. Telcos tried hard to turn their expertise in homegrown data centers into a business, and there is still a bunch of Telco Public Clouds out there, but it is today clear that taking the role of an Hyperscalers is impossible for a Telco. Someone might object that borders between Telcos and Hyperscalers are not sharp anymore, but actually blurred today and doomed to be more and more so in the future. Sure! Already with CDNs, Telcos understood that their proximity to users is an asset, but this use case is not enough to justify the strong tide pushing Telcos and Hyperscalers to cooperate. Only with Multi-access/Mobile Edge Computing and the promised land of 5G use cases in mind one can figure out why the industry is in such turmoil. 2. Telcos’ enterprise IT side: the paved road to Hyperscaler clouds A telecommunication company, seen as a private technology-driven enterprise, has many IT needs addressable with tools available at Hyperscalers. The first and the most obvious is the wide variety of computing and storage models (technical and commercial), sweeping away the following Telcos’ headaches related to hw: • Fast obsolescence cycles (much work for procurement); • Need for flexibility against highly unstable workloads (planning is complex); • Bottom position in the value chain (applications are the real moneymakers).
  • 3. secgen.com And while Telcos initially approached Hyperscalers for very limited infrastructure-procurement-related issues (e.g., finding resources for test environments), the general consensus is now achieved on the many business and technology use cases a Telco could transfer partially or totally to a Public Cloud. A partial list includes: • Digital channels, commerce, and customer experience platforms; • Business processes and Digital BSS; • A lot around billing; • Operation processes and Digital OSS; • Analytics (all sort, for CRM, for predictive maintenance, anti-fraud, etc.); • Machine-learning tasks (especially the training bit). 3. Telcos’ specials What is left then at the very heart of a Telco? What peculiarities make the Telco industry unique for an Hyperscaler, compared to a generic large enterprise customer? We need to consider at least two crucial aspects. First of all, access and proximity to customers. The access networks coupled with many points of presence, from towers to metro and regional Central Offices, are a crucial asset for the successful implementation of the most demanding 5G use cases, based on ultra-low latency, often coupled with large bandwidth. All Hyperscalers claim to be getting closer and closer to the network edge, where the Telcos’ IP pipe terminates, either spreading their own DCs’ geographical footprint and/or directly partnering with Telcos to build MEC DCs at Telco's locations (examples are AWS Outpost and Wavelength, Azure Edge Zones, Google Distributed Cloud). Simplifying the picture, in this marriage, the Telco brings the IP pipe and the sites, the Hyperscaler its ability to build a Data Center infrastructure, its ecosystem of apps, and the capacity for orchestrating and moving workloads around. The second aspect, access and core networks, respectively the entry and the control point of the IP pipe, are primarily in the hands of Telcos: do not be surprised to find access networks there, just think about the Open RAN wave. Access and core networks are made of telco workloads, and here we get to the point: with a foot at the network edge, an Hyperscaler can propose a telecom operator to take the infrastructural burden of all telecom workloads, also of the most demanding user-plane ones.
  • 4. secgen.com 4. Building telco workloads Which options do Hyperscalers have to approach the network function side of the story? 1. Propose their own stack The hyperscaler can propose its own product, self-developed or put together with some partners, to the market. This approach seems to be appealing for private 5G networks (see AWS Private 5G). In this case, the Hyperscaler becomes a direct competitor of telecom operators. National spectrum licensing regulations are, of course, a pre-requisite for this model. 2. Acquire a vendor and add it to their portfolio The Affirmed and Metaswitch cases. For example, a light MVNO could directly think about buying core network functions as cloud services without building a physical on-prem core network. 3. Invite major technology vendors to certify deployments on their stack This approach makes much practical sense. Most of the prominent technology vendors are simply too experienced and have too much influence and footprint in the industry to think you can avoid them. But these same players understand that their final customers, the Telcos, won't let them play alone in Telco Cloud silos forever. In this case, the technology vendor will leverage at least IaaS and CaaS services (VM and container services) provided by the Hyperscaler and let the telecom operator be free to choose a Hyperscaler as a partner. 4. Invite technology vendors to develop network functions with Hyperscalers’ tools Beyond IaaS and CaaS, load balancers and a large variety of DB types are already what is needed for a 3-layer decomposition (load-balancing, signaling front-end, context, and stable data back-end DB) of network functions. A more profound decomposition into microservices can be supported by service mesh frameworks (GCP Anthos Service Mesh, AWS App Mesh), message queuing, and API management services. A countless number of other solutions are available for other ancillary but critical functions, like observability, configuration automation, CI/CD processes, etc. Though really fascinating, it is too early to bet on the success of such an approach: massive vendors prefer to have complete control on the internal sw architectures of their network functions, for performance and assurance reasons at least.
  • 5. secgen.com 5. Security of Telco workloads Whatever the approach to telco workloads is, security becomes a shared responsibility in case of deployment at an Hyperscaler cloud. The Hyperscaler will do its best to ensure that the cloud itself is safe, together with all the tools in its portfolio; the telco workload’s and the network function's security is instead the final concern of both the technology provider and of the telecom operator. The literature about best practices for cloud security is enormous. Nevertheless, a few principles stand out: • Trust no one/nothing; • Use as much automation as you can; • Audit/analyze/inspect what you do. The “trust no one/nothing” is enforced, for example, with a strong identity and access management, encryption of communications (TLS) and data (at rest and in transit), and also with traditional network and application-level tools (network segmentation, IP firewalls, WAF, etc.). Sometimes, these techniques can be pushed inside the service mesh implementation, e.g., see some of the Istio features. Automation must back all inspection tools used to verify the correct implementation of security measures at all levels, from VM images to complex as-code templates. Regular audits, log analyses, and inspections help highlight threat exposures and gaps in the security posture. On one side, you need to see your environment with the eyes of a hacker, performing audits aiming at breaching through defenses. On the other, you need full traceability of events and advanced analytic tools to spot in real-time if attacks are occurring. Behind the principles, there is a large variety of products, sometimes similar at all Hyperscalers, occasionally peculiar, to cover several mentioned areas of concern. But the reader must consider two issues. First of all, just recalling the previous chapter and the different styles of telco workload implementations, we need to consider that actual security controls could be highly vendor-specific, especially in the case of closed products like in approach 3. In this case, it is difficult for the final bearer of a security concern, the telco operator, to be 100% sure about security measures adopted by the technology vendor in the product design and deployment phases.
  • 6. In addition, in a theoretical multi-cloud perspective, adopted to avoid single points of failure or Hyperscaler lock-in, one must consider that not all security tools are identical and seamless portability of a security framework from one Hyperscaler to another one is difficult. A technology vendor or an operator can use the best security features of each Hyperscaler, aiming at a coherent multi-cloud deployment, but 100% feature parity could be impossible. Last but not least, though flexible and rich in features, the security products provided by Hyperscalers do not cover all the needs of telco workloads natively. In particular, they are not tuned for protecting the essence of 5G networks' control plane and the Service Based Interface over which network functions communicate, nor for protecting the legacy signaling networks. However, the responsibility for this component of the telco stack lies today entirely on the operators and not on the Hyperscalers. SecurityGen mission is to shield the core of networks enabling the digital transformation of our society, and all the considerations above forced us to complete the stack of security tools and measures for 5G and legacy core networks with ad-hoc instruments. secgen.com 6. SecurityGen vision for Telco workloads at Hyperscaler clouds SecurityGen introduces ACE, the Artificial Cybersecurity Expert, and TSG, the Telecom Security Guard. ACE addresses the inspection/audit and automation pillars of optimal Cloud security. ACE is a highly automated auditing tool for the 2G-5G control plane. ACE allows to define rich textbooks covering all possible cybersecurity threats affecting signaling networks: DoS against nodes and subscribers, frauds, disclosure of information, etc. Its power lies in two fundamental design values.
  • 7. secgen.com • Huge DB of inspection methods to test the security posture of the signaling networks. The DB allows to flexibly mount all types of attacks to 2G-5G core networks and check the networks’ behavior. • Automation framework, enabling to launch audit campaigns even several times per day without human intervention, thus freeing the operator from the burden of synchronizing network changes (sw releases, microservice components, topology, roaming partners) with inspection campaigns. With no human effort, you can ensure that any change in the network does not affect the robustness of the 2G-5G signaling core. Final reports of each test run are generated automatically and become readily available for security teams. TSG is a robust combined Intrusion Detection (ID) and Intrusion Protection/Firewall (IP) System that embodies the principle of zero trust, inspection/audit/analysis, and automation too. • Zero trust must also be reserved for protection measures and not only deployed in terms of identity and integrity of communications. Firewalls and border protection measures at STPs/DEAs/SEPPs are essential. Nevertheless, SecurityGen experience teaches that you cannot trust 100% these tools: border protection measures can be evaded by appropriately crafted messages. The TSG IDS component provides powerful analytics on all border signaling messages: no explicit attacks or potential threats can escape its lens, sharpened by a huge DB of attack signatures covering all mobile generations. Critical issues requiring immediate attention from security teams can be flagged in several ways and reported to SIEM. • The TSG IPS is also a signaling recorder, storing signaling in its disks for months and allowing post-incident analysis or simply event analysis to improve the core network security posture. • The highly integrated nature of the TSG IDS and TSG IPS components enables the one-click creation of IPS/FW rules from situations identified by the IDS. No complicated manual transfer, but instead simple, automated, and most of all error-free improvement of the behavior of the active FW protection. With ACE and TSG, you can be sure that your network is 360-degree protected against attacks based on the use of SS7, Diameter, GTP, HTTP/2, and PFCP protocols, without adding any extra burden on security teams.
  • 8. secgen.com Reference: Towards a theory of ecosystems - London Business School 2018 - Michael G. Jacobides | Carmelo Cennamo | Annabelle Gawer 1. ENISA Documentation https://www.enisa.europa.eu/publications/enisa- threatlandscape-report-for-5g-networks/ CISA Documentation https://www.cisa.gov/publication/5g-strategy 3GPP on virtualization impacts: 3GPP TR 33.848 2. 3. 4. UK | Italy | Czech Republic | Brazil | Mexico India | South Korea | Japan | Malaysia | UAE Email: contact@secgen.com Website: www.secgen.com Founded in 2022, SecurityGen is a global start-up focused on telecom security. We deliver a solid security foundation to drive secure telecom digital transformations and ensure next-gen enterprise intelligent connectivity. About SecurityGen Connect With Us