Editor’s Note: Welcome to our weekly Reality Check column where C-level executives and advisory firms from across the mobile industry share unique insights and experiences.
Fueled by the availability of low-cost/high-functioning smartphones, the data demand on mobile networks is driving investments in LTE networks worldwide. In practice, the mobile network now resembles a mobile “Internet” rather than the rigid, and relatively safe, architecture of the voice-centric deployment.
While this transition from 2G/3G to LTE brings numerous benefits including low cost, high-performance IP transport, it also presents new security challenges for mobile providers and consumers that must be carefully managed. And the stakes are high. Getting it right can help maintain trust, both preserving loyal relationships with customers and decreasing liability due to a data breach or service outage. Yet, service providers are struggling with where and how to invest to adequately secure the mobile network and its users.
When securing the mobile Internet aka LTE, service providers must focus on three security imperatives: ensuring the reliability and availability of mobile network services, protecting subscriber information and preserving trusted relationships with consumers as a foundation for delivering new services.
Security=network reliability
LTE and IP turn the radio access network into a mobile “Internet,” complete with mini-computers (smartphones) that can launch attacks at the mobile network. This means that if a malicious actor launches a DDoS attack via Android on the mobile network, rather than impacting a single network node, signaling storms created by the attack can affect upwards of a million subscribers at once, creating scattered, undependable coverage.
In order to keep the network both reliable and available, service providers must wrap the mobile core and key infrastructure elements into a protective barrier, providing a layer of security to keep the network up and running, and ultimately produce a win-win situation: keeping customers happy and keeping the company out of the press (for the wrong reasons).
Vulnerability of subscribers’ personal information
Aside from making sure mobile network services are reliable and available, service providers also must be diligent in caring for the subscribers’ personal information, which is often the target of attackers. By transitioning to LTE, we’ve opened up security holes in the network. And because service providers hold loads of sensitive financial information on millions of subscribers, they must continue to treat this information with the utmost respect and responsibility.
When service providers fail to keep their subscriber information safe, this leads to displaced trust. In markets with aggressive competition, this loss of trust often results in an irreversible churn and millions lost in customer lifetime value. Customers will never use that service provider again. With today’s social networking platforms, this consequence will spread like wildfire, compounding exponentially. It’s necessary for service providers to secure the network to both keep the network reliable and available, and keep customers’ information shielded from intruders to retain that treasured trust.
Trust relationship: A foundation for delivering new services
Lastly, security deals with trust and ensuring future revenue opportunities. The mobile phone is now required when leaving the house along with keys and a wallet. Â But one day it has the potential to become the only “essential” we need, serving as keyless entry and a mobile wallet as well.
However, without trust, customers will be reluctant to buy these and other future services. Service providers must assure that they have their customers’ backs and will go that extra mile to protect them and their personal information. They must build, nurture and protect their role as a trusted entity in order to create a comfortable relationship and develop successful, prospective opportunities.
Where to secure the network
Although there are multiple reasons to secure the network, how can service providers actually do just that? There are three specific locations where threats tend to appear including the S/Gi interface, the S1 interface, and the S8/Gp interface. Each performs a different function and therefore the security profile must adapt to provide adequate protection.
For starters, the S/Gi interface, between the mobile core and the public internet, requires a high performance firewall to secure the mobile core from the rest of the Intranet. Some of its key functional requirements include scalability, fault tolerance/high availability and denial of service mitigation.
In comparison, the S1 interface in LTE is relatively new. Securing the S1 interface means securing traffic over the access network as well as firewalling malicious smartphone applications. It needs a high capacity, high performance security gateway. Similar to the S/Gi interface, S1 also needs fault tolerance/high availability including in-service software upgrades.
Finally, the S8/Gp interfaces interconnect mobile core networks to support roaming subscribers. Although connections and traffic are typically limited in this space, it’s at the edge of an untrusted access network, creating a potential security hole. But security can be achieved by utilizing an SCTP protocol conformance, and GTPv1 and GTPv2 protocol conformance.
By implementing a single, common platform capable of addressing each of the three key interfaces’ requirements, service providers can ensure their networks are secure. Security can seem like a daunting task, but the opportunities that can result shouldn’t be lost in the process. If mobile providers take the time to implement security, they’ll be the lucky ones who survive the signaling storms, helping maintain customer lifetime value and future revenue generation.
