Security risks and requirements are changing as CSPs transition to 5G networks and O-RAN. The service-oriented architecture of the 5G core network introduces a broad range of data and services than 4G, increasing the attack surface. The common web protocols and APIs of 5G networks introduce more attack vectors. Containers used in the RAN shift the security context to Virtual Machines (VMs) or the container runtime engine and the development and operations lifecycle. Kubernetes and cloud-native architecture require security enhancements to lock API interfaces, manage microservices, and protect network endpoints.
This security guide explains how VMware technology addresses the security risks and requirements that communications service providers face as they transition to open radio access networks by adopting virtualization, containerized network functions (CNFs), Kubernetes, and multi-cloud networks through several guiding principles:
Open systems and open interfaces
Multi-vendor networks
Risk and threat assessment
Zero-trust architecture
Micro-segmentation
Isolation of the management plane and other critical security functions
Automation of security measures and automated management of security controls
Roots of trust and code provenance
Vulnerability management
Strong security boundaries, especially those provided by VMs