OneLayer envisions enterprise-grade security for private cellular networks
As companies spanning verticals invest in digital transformation strategies with an eye to doing more with less, the global adoption of private networks, both 4G and 5G, is poised for a significant uptick in investment. While private networks are not necessarily new, the advancement of 4G and the arrival of 5G open up significant new opportunities to connect the Internet of Things and obtain information from sensors and other objects.
In fact, research house IDC estimates that the 4G/5G private wireless network infrastructure market will grow to $8.3 billion by 2026. According to an analysis by ABI Research, the total addressable market for private networks, including radio access, multi-access edge computing, core, and related services will grow from $3.7 billion in 2021 to more than $109.4 billion in 2030. But, as companies consider the role of private networks and the IoT, there are a number of of challenges, including enterprise-grade security for cellular networks.
“We offer enterprise-grade security for private cellular networks,” Dave Mor, Co-Founder and CEO of security specialist OneLayerhe told RCR Wireless News. “The IoT revolution is here. More and more devices are connected. We bring the business perspective to a new kind of network.”
The company, which recently came out of stealth mode, is keenly focused on enabling businesses to take advantage of private 4G and 5G without compromising security. This sheds light on what Mor called the security breach. This gap opens when companies used to using security tools tailored to Ethernet/IP networks (visibility, policy enforcement, zero trust, device and network posture, and anomaly detection/response) move to a cellular protocol.
In other words, when the type of network changes, the security needs remain the same. OneLayer seeks to help businesses make the changes necessary to bridge that gap and maintain the tools they are used to, while taking advantage of wireless technology.
“Security is not a move for companies,” Mor explained. “Almost all the security solutions we see in the domain today are firewalls and encrypted SIMs, encrypted data. Those are capabilities to secure the network, but the reason we built OneLayer is that all of those capabilities are missing when you switch to cellular. We have a dedicated solution for the 4G and 5G private market.”
In terms of the expanded attack surface created by the move to private cellular, consider a typical enterprise network where IT and OT environments are separate from each other and from public networks. In a private cellular network, those IT and OT environments can converge as traffic passes through the cellular core; at the same time, and depending on the network configuration, the private network can also share a core with the public network of an operator.
Now consider an IT device like a security camera that connects to an OT machine like a robotic arm. The vision of private 5G, in this case, would be to enable computer vision-type use cases like automated quality control. “Typically,” Mor said, “the separation of the IT/OT network protects the operating environment. If you take a cellular camera talking to an IT server and an OT machine, without OneLayer, you’re using two different network devices but it’s the same core, same path, so it breaks the separation. If a camera is compromised, it can attack core and IT/OT environments.”
OneLayer can provide automated rule-based segmentation based on policies such as device type, device manufacturer, location, or IP destination. This means that a user could enforce a policy that cameras cannot talk to autonomous guided vehicles, for example. But trying to apply enterprise security methodology to a cellular network is manual and insufficiently inadequate. “It’s not an efficient way to do policy on a cellular network in the same way that you’re used to doing policy on an enterprise network,” Mor said.
Bringing the best of enterprise security to private 4G and 5G enables enterprises to maintain ownership of key security capabilities while leveraging existing domain expertise rather than investing in cellular domain expertise. Removing this impediment is key to driving business investment in private mobile telephony so that users can trust security, people and processes.