Security risks and requirements are changing as CSPs transition to 5G networks and O-RAN. The service-oriented architecture of the 5G core network introduces a broad range of data and services than 4G, increasing the attack surface. The common web protocols and APIs of 5G networks introduce more attack vectors. Containers used in the RAN shift the security context to Virtual Machines (VMs) or the container runtime engine and the development and operations lifecycle. Kubernetes and cloud-native architecture require security enhancements to lock API interfaces, manage microservices, and protect network endpoints.

This security guide explains how VMware technology addresses the security risks and requirements that communications service providers face as they transition to open radio access networks by adopting virtualization, containerized network functions (CNFs), Kubernetes, and multi-cloud networks through several guiding principles:

  • Open systems and open interfaces

  • Multi-vendor networks

  • Risk and threat assessment

  • Zero-trust architecture

  • Micro-segmentation

  • Isolation of the management plane and other critical security functions

  • Automation of security measures and automated management of security controls

  • Roots of trust and code provenance

  • Vulnerability management

  • Strong security boundaries, especially those provided by VMs