Among the main motivations behind deploying private 5G networks at the edge for enterprises are the need for full and sole control of the network, according to an analyst at ABI Research

The implementation of private 5G networks provide large enterprises with the fine-grained level of control and visibility into all their operational aspects, according to  Michela Menting, senior research director at ABI Research.

Menting said that among the main motivations behind deploying private 5G networks at the edge for enterprises is the need for full and sole control of the network, as large multinationals are usually concerned with data and asset protection at the highest levels.

When asked about the main security risks associated with private 5G networks in industrial settings, the analyst noted that the risks are the same as with public networks. “We are talking about cloud-native, software-defined, virtualized networks– inheriting all the vulnerabilities and threat vectors from these worlds and importing them into 5G, regardless of its public or private nature,” Menting said. “With regards to industrial assets, they have their own set of vulnerabilities, and network connectivity, whether private or public, doesn’t really change that. It only affects perhaps it’s visibility to outside threat actors, but OT risks remain the same.” Menting added that some of these risks are weak authentication/access control, poor or no credentialing/identity, lack of on-device capabilities for endpoint protection agents and legacy protocols obfuscating network visibility, among others.

Commenting about the strategies that enterprises should adopt in order to enhance the security of private 5G networks in industrial environments, Menting highlighted that zero-trust is the way to go. “It’s not because it’s private, that it’s more secure than a public network,” Menting said. “Adopting a zero-trust approach ensures that assets are adequately protected, as if they were on a public network.”

She went on to explain what factors should enterprises consider when deciding between cellular and Wi-Fi technologies for their private networks in terms of security, stating that threat actors don’t care much about the type of connectivity – and enterprises should treat all types of connection types equally. “Of course, with cellular, there are solutions generally available by the provider, but these should never be taken for granted, and the same risk assessment methodology should be applied equally to cellular as to Wi-Fi,” she added.

“More connectivity simply means a greater threat landscape and more opportunities for threat actors to find and exploit vulnerabilities. Poor regulation, a fragmented market and low-cost devices make security an afterthought for many manufacturers and therefore users, creating an ecosystem full of vulnerabilities,” Menting said. “For enterprises, it means they need to be ever vigilant, and never take any asset’s security for granted. In fact, they should always proceed as if their assets and deployments were insecure and under attack.”

Original article can be seen at: