Examining Zero Trust with Ericsson's Amanda Chen

The cyber security landscape it is undergoing significant strain. Riddled with ransomware, and aided by AI, security systems are being hit by a barrage of attacks.

Amid this onslaught, cybersecurity professionals are compelled to adopt new methods to not keep their systems safe, and stay ahead of the latest trend of threats. 

One such idea being floated around is a Zero-Trust approach. Zero Trust, in a nutshell, treats everything inside and outside the network as a potential threat, and always 'asks' and doesn't assume.

Zero-trust models can help organisations fortify their defences against these advanced threats where signature-based solutions are failing. To find out how, we spoke with Amanda (Hsin-Yi) Chen, Security Solution Manager at Ericsson, about the company’s drive to help companies security operational challenges worldwide.

What is Zero Trust Framework, and why is it important? 

Zero Trust Architecture (ZTA) has emerged as a critical framework amidst the comprehensive transformation of telecom networks in recent years. It operates on the principle of “never trust, always verify.” Regulatory bodies globally, particularly focusing on critical infrastructure, advocate for ZTA to complement traditional perimeter-based defenses, emphasising continuous verification and monitoring. 

This concept has proven to be successful across various industries, from finance to healthcare. However, its next frontier lies in motivating mobile operators to pursue ZTA and integrate with 5G networks. As the telecom industry fully transitions into the 5G era, security concerns loom large, particularly during the deployment and operationalisation phases. Few mobile operators have embarked on this security journey, presenting both a challenge and an opportunity. That’s why at MWC this year, we chose to bring to life some of the day-to-day challenges operators face through a physical Security Operations Center. We wanted to provide a tangible and real-time interactive experience that demonstrates the criticality of ZTA. 

With real-time detection of unauthorised access facilitated by strict access control and continuous authentication, ZTA becomes pivotal for security management in the telecoms sector. It revolutionises the telecom security posture by reducing risk and minimising the time threat actors have to perform lateral movement within the network.

Why is 2024 the year that Zero Trust takes centre stage?

2024 marks a pivotal moment in cybersecurity as regulatory focus intensifies globally, building on legislative initiatives implemented in 2023. Directives such as the EU's Cyber Resiliency Act, the NIS2 directive, and the U.S.’s Executive Order on Improving the Nation’s Cybersecurity lay the groundwork for a significant shift in the cybersecurity landscape towards ZTA.

The convergence of heightened regulatory demands with evolving frameworks and unique 5G characteristics has made ZTA an imperative. Despite efforts to implement, the lack of standardisation across telecoms has resulted in gaps. Increased reliance on cloud services, remote work trends, and ongoing digital transformations further underscore the need for an adaptive security framework, positioning ZTA as the strategic model for telecom security management. 

Why are individualised security measures more effective than one-size-fits-all strategy?

In the telecom sector, individualised security measures are essential due to its multi-vendor nature and diverse network landscapes. Sole reliance on perimeter security is inadequate against advanced threats. By adopting tailored solutions spanning individual components, operators can mitigate vulnerabilities and shift from reactive to proactive threat anticipation. Mobile network nodes have different characteristics and capabilities dependent on their presence in the mobile network architecture. Therefore, the protective and detective measures must vary and be contextualised and individualised rather than using one-size-fits-all approach.

Our recent whitepaper “Zero Trust Architecture for advancing mobile network security operations” emphasises the need for dynamism and flexibility in security to safeguard critical infrastructure effectively.

What are "defence in depth" (DiD) principles, and why is there increased pressure on them?

Holistic protection is achieved through ‘defense in depth’ (DiD) principles, which advocate for a multi-layered security approach. In an ever-evolving security landscape, industries must implement security principles that are far-reaching and multi-faceted. The increasing prevalence of novel risks underscores the necessity for robust security measures that extend across multiple layers of defense.

The Zero Trust principle on micro-perimeter protection is asset-centric. At the core of the DiD chain is the individual micro-perimeter which needs to be appropriately and effectively protected against internal and external threats. This approach enables ZTA to detect and prevent lateral movement of threat actors. 

What is the future of Zero Trust?

Zero Trust embodies a strategic leap towards bolstered security and regulatory adherence. With stringent data protection regulations reigning over the telecoms industry, ZTA emerges as a barrier to safeguarding sensitive data. The imminent future of Zero Trust in telecoms hinges on its widespread adoption, positioning it as the resilient shield against emerging threats in an era of unprecedented connectivity. It also serves to mitigate the risk of fines stemming from regulatory violations.

However, achieving ZTA in mobile networks necessitates collaborative efforts among all industry stakeholders. In a landscape characterised by rapid technological advancements, ZTA secures the resilience essential for defending against evolving threats and ensuring the future security of telecom networks.

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand