Telecom organizations are rapidly automating the deployment and management of server infrastructure to meet the demands of 5G, edge computing, and network slicing. But, automation without embedded security can create vulnerabilities at scale, multiplying risk across thousands of distributed nodes. Security must be integrated into, not bolted onto, automation. This approach requires workflows that assume untrusted environments, enforce strict access controls, and ensure every server is secure, compliant, and observable from Day Zero. In today’s environment, where every node is a potential threat vector, automation without security is no longer an option. By aligning automation and security, telecoms can prevent misconfiguration, enforce zero trust policies across core and edge, and achieve compliance without slowing innovation.
Why security can’t wait
The stakes are higher than ever. High-profile breaches confirm it’s no longer a matter of if but when . In 2025, T-Mobile agreed to a $350M settlement after a 2021 breach exposed customer names, birthdays, and Social Security numbers. AT&T agreed to a $177 million class-action settlement covering two data breaches. The first was in 2019 and exposed customers’ names, Social Security numbers, and dates of birth. Then, in early 2024, a hacker gained access to call and text records for nearly all the company’s U.S. customers. To address this risk, it’s critical for automation strategies to directly integrate security controls rather than treat them as parallel efforts.
The future of telecom lies in disaggregation, which separates hardware from software, allowing operators to create more flexible and vendor-agnostic solutions. Previously, more monolithic architecture made sense, especially since adopting and deploying a network comprised of services from various vendors was cost prohibitive. Today’s shift toward disaggregation is driven partly by the increased affordability of this approach, but more importantly, disaggregation enables telecoms to keep up with cutting-edge solutions and technologies more easily than older black box architectures. Disaggregated architecture offers increased flexibility and has opened the door to innovation, fundamentally changing how telecoms think about security.
The disaggregation challenge
By utilizing services from various vendors, disaggregated 5G architectures create more potential entry points, which traditional security models are not always prepared to address. Unlike traditional monolithic networks with clear perimeters, disaggregated systems require new approaches to identity management, policy enforcement, and compliance validation.
The complex needs of a disaggregated architecture represent a mismatch between security tools designed for static infrastructure and the dynamic reality of modern telecom networks. The challenge intensifies with 5G’s high-speed, low-latency characteristics and the increased complexity of managing vast numbers of connected devices.
Rethinking security for disaggregated infrastructure
The US Cybersecurity and Infrastructure Security Agency (CISA) Secure-by-Design pledge includes broadly applicable principles that can be applied by almost any organization. A secure-by-design approach helps mitigate risk by embedding controls at every stage of development. Identity and access management (IAM), which includes multifactor authentication (MFA (News - Alert )), ensures that only authorized users can make changes. Automated compliance checks and vulnerability scans of the infrastructure identify issues early, and logging and auditing provide a verifiable record of changes.
Another critical security approach is the zero trust model, which eliminates the “trust but verify” approach in favor of “never trust, always verify” for every user, device, and network, whether inside or outside the organization. With zero trust, an organization’s security posture defaults to continuous verification because, as IBM put it, “every endpoint, user and connection request is considered a potential threat.” Still, adaptations are required for telecom-specific security challenges. Consider that zero trust principles generally focus on user access, while the bulk of 5G traffic is network-to-network communication. Cryptographic identity verification can be challenging to provide at telecom scale, but it is critical for true zero trust.
Preparing for future challenges
Effective security postures are proactive, continually monitoring emerging technologies that may introduce new security concerns or solutions. Forward-thinking operators are increasingly aware of the potential future risks posed by artificial intelligence (AI) and quantum computing. AI provides new tools for both security teams and cybercriminals to wield in the never-ending battle over data, so staying on top of advances in this technology is critical.
Researchers around the world are advancing quantum computing, which puts current encryption standards at risk, upending many organizations’ security postures. Post-quantum encryption tools, such as those released by the National Institute of Standards and Technology (NIST) in 2024, can help organizations future-proof their infrastructure.
Automation as a security tool
Automation is the linchpin for managing disaggregated infrastructure, helping diverse systems from multiple vendors work together securely and reliably. A disaggregated system can be quite complex, and automation can reduce or prevent misconfiguration and unauthorized changes. Automation also helps telecoms achieve compliance and auditability without impacting innovation or deployment.
Organizations can maximize automation by utilizing zero trust models. As Howard Holton notes in technology research and analysis, whereas traditional security models are “manual, reactive, and siloed,” a zero-trust model “must be dynamic, adaptive, and continuous.” One of the cornerstones of zero trust is continuous monitoring, which can be simplified with automation.
Secure server automation and zero trust models incorporate security frameworks and tools, such as 802.1X for device identification and network authentication at the hardware layer. They also include IAM systems to define and enforce fine-grained, role-based access to infrastructure resources and application programming interfaces (APIs), and MFA for all privileged actions, preventing credential misuse and unauthorized access.
Continuous monitoring and drift detection help maintain security policies and act as prevention guardrails. Automated drift detection can identify when a server’s configuration has deviated and alert administrators to correct the issue before it affects performance or security. Automating real-time infrastructure telemetry enhances visibility into the system’s state, compliance posture, and anomaly detection, enabling administrators to identify and respond to security incidents promptly. Automation also ensures that security policies are configured and enforced consistently throughout the organization and reduces human error by automating repetitive or manual tasks. Aligning automation and security allows telecoms to prevent misconfiguration and unauthorized changes and enforce zero trust policies across all assets.
The security team
Technology alone is not enough. Implementing a robust security posture is a complex task requiring time, money, and expertise. In automated environments, effective security teams focus on three priorities: policy as code to define security requirements that can be automatically enforced, observable security to make security status visible to development and operations teams, and balanced controls to ensure that security measures support rather than hinder operations. The most successful organizations have the correct people and processes in place, making security a partner with infrastructure and operations teams in defining this balance to ensure that security and function are mutually maintained without compromise.
Serious security breaches have already affected some of the largest telecom companies in the world. By baking security into each layer of infrastructure, telecoms can more securely leverage the benefits of automation and build an infrastructure that will be a foundation for future innovation. While there are benefits to disaggregation, embracing this model also exposes more potential security vulnerabilities. When appropriately and adequately deployed, automation is a powerful asset for monitoring security, managing complex infrastructure, and improving performance for companies willing to invest their time and talent.
About the Author: Medha Pant is a product lead for telecom product management at Dell (News - Alert ) Technologies with more than 15 years of experience. She has deep expertise in information technology for enterprise and telecom in a variety of functions, including product management, engineering, corporate strategy, and product operations/commercials at Fortune 500 companies like Goldman Sachs and Dell Technologies. Medha works at the intersection of business and technology and launched several products, seeing them through the end-to-end lifecycle. She received a Master of Business Administration from the Tuck School of Business at Dartmouth and a Bachelor of Technology from the Motilal Nehru National Institute of Technology. Connect with her on LinkedIn .
Edited by
Erik Linask
