Multi-access Edge Computing (MEC), sometimes referred to as Mobile Edge Computing, is a key architectural component in 5G networks as it is designed to bring computation and data storage closer to the network’s edge, specifically at the edge of the mobile network, near where data is generated and consumed. Because of MEC’s role, it presents a wide range of use cases across multiple industries, including autonomous driving, smart cities, industrial IoT, healthcare, gaming, and immersive media experiences. These use cases benefit from both the low latency and high-speed data processing capabilities offered by MEC in 5G networks.
That said, however, MEC introduces several security challenges that organizations need to address to ensure the integrity, confidentiality, and availability of edge services. These include:
- Network Observability: Decentralized MEC environments can limit visibility into network traffic and device behavior, making it difficult to monitor and identify potential security threats and anomalies.
- Authentication and Access Control: Authenticating and authorizing users and devices accessing resources from network edges in real-time requires robust and dynamic access control mechanisms.
- Complexity of Microsegmentation and Policy Enforcement: Implementing effective microsegmentation in dynamic and decentralized MEC networks can be complex. Defining and maintaining granular access policies for diverse edge services and ensuring consistent policy enforcement across microsegments can also be challenging.
- Compliance and Regulations: MEC deployments may need to adhere to industry-specific regulations and compliance standards, adding further complexity to security management.
- Edge Device Security and Interconnected Services: Edge devices, including IoT sensors and endpoints, may have limited security features and maintaining endpoints with updated security patches can prove challenging due to their distributed nature. MEC systems often involve interconnected services and applications. A vulnerability in one service can therefore potentially affect others. Proper isolation and segmentation are essential. Organizations need to monitor user and device behavior for suspicious activities to defend against insider threats.
- Low Latency: MEC reduces the time it takes for data to travel between user devices (e.g., smartphones, IoT devices) and edge servers. This low latency is critical for applications that demand real-time responses, such as autonomous vehicles, augmented reality (AR), virtual reality (VR), and industrial automation. However, this low latency also means that security threats and attacks can propagate quickly. Rapid threat detection and response are crucial.
- Scalability: As the number of edge devices and services grows, MEC deployments need to scale accordingly while maintaining security controls.
Genians NAC-driven ZTNA for Securing MEC in 5G
Genians recently completed its NAC-driven ZTNA solution testing by collaborating with major telecommunications companies in South Korea. A MEC environment augmented with Genian ZTNA was deployed for arbitrary base stations to verify how securely and quickly edge devices could access the services in MEC and cooperative systems.
The evaluation of this architecture included Network Access Control for policy enforcement, RADIUS for wired & wireless authentication, and VPN for remote access capability. Identification, classification (segmentation), and authentication for 5G devices and users attempting to access MEC was also performed, and SSL-VPN and IPSec VPN communication was verified for 5G-specific devices like smartphones and endpoint devices such as laptops with 5G Adapter dongles. Access control between VMs installed in MEC and access control to other networks was verified as well.
Overall, users and devices from edge environments can be authenticated with RADIUS and secure information sharing enabled through VPN (SSL, IPSec). Additionally, unauthorized endpoints can be blocked before a connection is established. Real-time compliance checks for connecting devices can immediately block non-compliant devices that violate security regulations discovered while in the process of attempting to connect.
As a result of these efforts, Genians proved its NAC-driven ZTNA capabilities for MEC in 5G networks, ensuring seamless secure access to services from various edges like campus, remote, and micro branches. Seeing is believing. Please contact us to learn more.