Communications service providers are implementing mobile 4G LTE (News - Alert) networks at an ever increasing pace. This means that subscribers are accessing data and services on the Internet and intranet more frequently and they are depending on mobile data access for their daily needs. Security is important as applications are delivered to provide access to sensitive content as well as to post content from the mobile subscribers.
Security in the mobile environment needs to be evaluated from different perspectives and applied appropriately. One can look at the security model in three different areas. First, there are consumers who are concerned about the security of their mobile devices and the personal data that they send over the network. Second, the enterprise is delivering intranet access to the individual subscribers or employees through BYOD services where VPN access is made available. They may also be providing mobile applications such as e-mail, chat, or file sharing that are connected to the corporate network. Last, there is the CSP (News - Alert) that must understand the all-IP nature of the LTE network, how the security model differs from the older 3G and 3.5G mobile networks, and how to secure the infrastructure that transports all of this critical and sensitive data.
Consumers are leveraging the availability and high speeds on the 4G LTE networks, and smartphone adoption is increasing rapidly. According to one survey, subscribers on 4G LTE networks are consuming 23 times more data than subscribers on the older 3G and 3.5G networks. Much of the data being consumed is streaming video, but subscribers are also using the data network for mobile banking, location-based services such as hailing taxis, self-guided tours, and, of course, GPS navigation. It is critical that the mobile device, the applications, and their data be secured. Consumers must know that their personal data is secure for them to be comfortable using these services.
Many companies are also leveraging mobile services to extend the reach of the corporate environment. Access to company e-mail is the most common use, though enterprises are also looking to make CRM databases, internal applications, and other confidential and proprietary data available to the customer. These companies, in conjunction with the service provider, are responsible for making sure this data is delivered in a secure manner and only to the employees (and their devices) who have the appropriate privileges to access this information.
With the introduction of LTE networks, all communications in the mobile network are IP-based. This introduces new security concerns for the CSP. They need to be able to manage and protect the core network infrastructure within the evolved packet core to ensure the privacy and integrity of the data being utilized by the subscribers and companies that use their network. Control plane messaging such as Diameter and SIP become exposed in the new network architecture. DNS continues to be vulnerable. The speed and availability of these new networks along with the architectural changes make it easier for one to purposefully or accidentally attack the CSP network and compromise the data.
It is important to take measures to protect the components within the mobile network infrastructure that one has control over. But, one would be short sighted to believe that securing any single perspective will ensure the protection of their data. Take care and secure the aspects of the network and application where you have control. Also, you must make sure that the other parties involved in the content storage, delivery, and presentation validate their security policies as they apply to your situations. All three parties – the subscriber, the enterprise, and especially the CSP – must be involved in the availability and delivery of the sensitive content. Until everyone works together to ensure that the entire mobile ecosystem is secure, there will always be potential for abuse.
Frank Yue is the Technical Marketing Manager for the Service Provider vertical at F5 Networks. Mr. Yue has over 15 years of experience building large-scale networks and working with high performance application technologies, including deep packet inspection, network security, and application delivery. He is based in North Carolina and is a scuba diving instructor in his spare time.
Edited by Stefania Viscusi