How governments can achieve a zero-trust architecture for 5G networks

It is unlikely that one would open the door to a delivery person without first checking who they are.

This is what a zero-trust security model is about – “never trust; always verify,” said Ericsson’s ASEAN Regional Director, Enterprise Wireless Solutions, Ken Poh.

“[The approach] assumes that anyone attempting to access a network or application has a hostile intent and must be identified through ongoing verification before access is granted.”

As governments increasingly integrate 5G into their infrastructure while working with third-party contractors, a zero-trust architecture is essential to isolate web applications and protect networks from external threats.

Not least because essentially, third parties use unmanaged devices and are clientless, meaning there is no security software on their devices,” Poh said.

“With this principle, even if a government network device were to be compromised, any malware that the system is exposed to would not be able to move laterally to cause damage,” he added.

To subscribe to the GovInsider bulletin click here. 

Protecting the 5G environment

Not only are governments taking advantage of the flexibility of 5G, but we’re seeing an increase in working with external parties, thanks to cloud applications and the capabilities that opens for different parties to work together.

However, practices like granting third parties with management and operating access increases the need for stronger network security.

Poh noted that the growth of 5G networks means we’re seeing rapid expansion of IoT devices, such as security cameras, digital signs and kiosks. This creates a “broader attack surface.”

To enable governments to continue enjoying the benefits of 5G environments, Ericsson 5G SASE provides continuous monitoring of traffic based on parameters such as bandwidth and signal strength as an added layer of security, he added.

This is part of the “verify then trust” architecture, which requires devices to authenticate every time their context, like location, changes.

Continuous monitoring of these parameters grants ongoing protection, so that if a government worker’s location changes suddenly, access would be revoked, and re-validation would be required.

Additionally, the protection process is made easier by enabling devices that connect to the internet to become invisible to other devices on the network, further protecting devices because they aren’t discoverable, Poh said.

 “As part of our zero-trust solution, we deliver client-based access for employee devices and clientless secure remote access for third parties,” he added.

Going beyond detection

A government’s cyber infrastructure often has many layers, but attackers continuously create new tactics to bypass security, which explains the rise of zero-day attacks.

Hackers take advantage of software flaws where no signature or fix is known, which means detection methods alone are not enough to protect systems against zero-day threats, Poh said.

For this reason, Ericsson implements isolation technology—an approach that works by isolating web and email traffic  in different cloud containers, and acts as a protective bubble against harmful content.

In the case of a web-based threat for example, the isolation technology separates web requests in different self-contained cloud environments to prevent attackers from accessing the network.

“This means users engage with content solely through a virtual browser confined within the isolated cloud container and are not directly connected to the web,” Poh explained.

In other words, with isolation and zero-trust architecture, users access a safe version of the web request without exposing their data or devices to potential risks.

To subscribe to the GovInsider bulletin click here.  

Resilient systems with zero-trust

While moving from legacy systems to new technologies is not easy, it is necessary to stay ahead of evolving threats, Poh said.

Taking the example of virtual private networks (VPNs), Poh noted that VPNs employ encryption to connect users to a corporate data centre, but they lack sufficient protection against malicious users who can still access sites and infiltrate internal networks.

To enable organisations to switch seamlessly from a VPN to a zero-trust architecture, Ericsson provides solutions like NetCloud Zero Trust Network Access (ZTNA) which grants secure and isolated connections with a deployment that is essentially the same as a VPN, Poh said.

“[Information technology] teams simply install a second headend alongside the existing VPN headend, which already has multiple routers connected to it,” explained Poh.

“The routers are [then] reassigned to the zero-trust network, establishing secure IoT connections in sites such as offices, vehicles, or even standalone.” 

Emerging tech shaping zero-trust

On the other side of legacy systems stand the emerging technologies that keep transforming the way public and private organisations work, such as generative artificial intelligence (GenAI).

While GenAI enhances operational efficiency in many cases, there is also the risk of disclosing sensitive information to these public systems.

Zero-trust principles are essential to protect organisations from potential liabilities, Poh said, adding that leveraging isolation technology for user entry protection prevents users from inputting unauthorised data into the GenAI system.