Is the telco cloud insecure? That’s what recent headlines suggest – blaring warnings about more devices, more attack surfaces and a lack of data security standards. This barrage of bad publicity could make even the most seasoned telecom veteran think twice about adopting this technology and being beset with these data security problems.
“When designed properly, the truth is 5G isn’t any easier to hack than other cloud-supported workloads.”
John Carse is not a telecom veteran, and so he has a different take on these challenges. He is the Chief Information Security Officer (CISO) of Rakuten Symphony and Rakuten Mobile. It is his first job in telecom after working in CISO roles for leading e-commerce, finance and healthcare organizations as well as military and defense agencies.
In a recent article published in Inform, the magazine for TM Forum, Carse says he sees no telecom cloud security challenge that hasn’t been faced and solved by other industries. In fact, he says, “When designed properly, the truth is 5G isn’t any easier to hack than other cloud-supported workloads.”
This requires that companies look differently at risk and how their networks are designed. In the article, Carse points to the way the Rakuten Mobile network was built with an emphasis on machine-to-machine security, zero-trust initiatives for devices being added to the network and creating nano segmentation policies.
He wants his fellow CISOs to think differently about telecom cloud security – learning from other industries and aligning risk and business objectives. With this information, the CISO can make practical design choices that balance security, business need and technology/operational costs.
To that end, the article lists several resources that are available to expand on the topic. These include “Securing Modern Telecom Networks: How To Begin Your Journey.” This on-demand virtual event brought together members of the hacking and mobile operator communities to discuss cloud-native and Open RAN network security at scale. Also available is the Rakuten Symphony “Definitive Guide to Telco Cloud Security," a five-step approach for securing modern telco cloud networks.
The negative dialogue around telco cloud security is biasing the discussion and not exposing the truth of the real security situation with the telco cloud. Through the TM Forum article and these other resources Carse hopes to create an industry conversation amongst those who have solved these challenges and can share experiences and knowledge to help the industry better manage risk.