When security is built into an open RAN platform, security is inherent in the system. Automation can deploy security controls for layers, APIs, VMs, and other elements.

VMware Telco Cloud Platform RAN has built-in security. Security controls that are integrated with the software and built into the infrastructure address the 5G RAN challenges by making security programmable, automated, adaptive, and context-aware. Built-in security improves visibility, reduces complexity, and focuses on defenses by letting you apply and automate adaptive measures such as micro-segmentation in the appropriate places such as the interfaces between RAN network functions and the SMO layer.

With Telco Cloud Platform RAN, you can architect the infrastructure with built-in security by using automated provisioning and automated management. In addition, when you use VMware Telco Cloud Operations with Telco Cloud Platform RAN, you can monitor the layers of a 5G network, including an Open RAN, to help protect availability, integrity, and confidentiality. VMware Telco Cloud Operations uses machine learning and closed-loop automation to analyze data and proactively prevent security threats and attacks.

Applying security principles and controls

The following sections describe the security principles and controls that Telco Cloud Platform RAN uses to protect an open RAN from security risks, threats, and vulnerabilities. The following key principles guide the application of security controls in an open RAN:

• Zero-trust architecture and zero-trust networking

• Automating network management

• Vulnerability management

• Micro-segmentation

• Secure boot, roots of trust, code signing, and certificates

• Isolation of the RAN management plane and other critical security functions

• Monitoring and auditing of the RAN

• Strong security boundaries, especially those provided by hypervisors and VMs

• Security for cloud-native development and CNF deployments.