5G Networks and the Future of Authentication
One of the most promising technological advances of the decade is the debut of the fifth generation of mobile networks, 5G. The huge promise of 5G is due to its ability to provide ubiquitous internet coverage at ultra-speeds (~20 Gbps), with high capacity and very low latency.
The advent of 5G will pave the way for new applications in many different domains, including the internet of things (IoT), telemedicine, autonomous vehicles (cars and drones), augmented and virtual reality, and much more. Consumers, businesses, and enterprises all stand to gain a lot from the expansion of 5G networks.
Doctors will be able to perform remote surgery with real-time visual access and haptic feedback. Industrial agricultural companies will be able to benefit from improved precision farming by mining and analyzing pertinent data gathered from thousands and millions of smart sensors monitoring their crops and livestock. Enterprises will be able to deploy more devices at the edge, to help their on-field employees and collect important data that will enable them to optimize their operations at every level. According to some estimates, the number of internet-connected devices will soar to a whopping 75 billion by 2025, nearly 10 times the human population of the planet.
But to all good things is a dark side, and the benefits of 5G come with a security tradeoff. The growth of internet-connected devices and the ubiquity of network access will expand the attack surface of organizations and enterprises and will change the security structure in corporate networks. Here are some of the changes to expect:
- Users and employees will be accessing corporate networks much more often, from many more different locations, and using many more devices.
- Headless devices will outnumber user-held devices. Many of the devices interacting with company servers will be IoT sensors and autonomous devices that do not necessarily require a user to control them. Many of these devices will be deployed in open environments without physical protection.
- Sessions will last much longer. In the case of corporate IoT devices, some sessions will span months or even years as the devices are installed, set up, and left to autonomously carry out their functions.
The looming threat
All these changes will require upgrades to the physical and structural security of networks. But perhaps equally important are the changes that must come to authentication and access control solutions. To understand the impact, consider this: Twenty-five years ago, to access a corporate network, you had to enter a highly secure building and find a network-connected computer to gain access to valuable information. With so many physical barriers, a simple password would usually be enough to make sure only authorized people gained access to company assets and information.
But in today’s world, the remaining physical barriers of corporate networks are fast fading. The coronavirus pandemic taught us that the future of work is corporate decentralization and everywhere-access to work assets. This is a trend that is likely to grow in the 5G era, where companies will try to redefine themselves and gain a competitive edge by leveraging the massive data that universal connectivity brings. But that also means that every location can effectively become an attack vector and an opportunity for hackers to gain a foothold into corporate networks.
We already know what happens when connected devices are not authenticated and secured correctly. In 2016, the biggest DDoS attack in history knocked down access to many pertinent websites across large swaths of the U.S. The culprit was Mirai, a botnet composed of tens of thousands of insecure IoT devices, easily hijacked by hackers.
Press rewind a couple more years: In 2013, a group of hackers broke into the network of retail giant Target and stole millions of credit and debit card details. Their window of access was the insecure credentials of the HVAC system at one of the facilities of the company.
These are just two of the many similar security incidents that have happened in the past decade. And this is before widespread 5G deployment, when the number of connected devices is still relatively manageable. Think about the scale of the damage that an insecure digital landscape can cause when anything and everything becomes connected to the internet.
The passwordless solution
Many things need to happen at the network, device, and software level to make sure that 5G can safely advance corporate networks, and the internet as a whole, without causing a security meltdown.
But perhaps an equally important first step toward securing the corporate network in the 5G era is to adopt the right mindset. That may starts with giving more attention to concepts like zero-trust security, in which organizations constantly re-verify users’ identity whether inside or outside their perimeter. No person or device should get a free pass to digital assets and everything needs to be authenticated continuously.
But how do you authenticate countless devices, accounts, and users trying to access corporate networks from unlimited locations, without sacrificing security, bogging down operations, and causing massive headaches for all? It is clear that as our network technology evolves, so should our authentication mechanisms. Passwords, still regarded staple of online protection despite being related to more than 80% of security breaches, are the place to start.
Passwordless Authentication has rightfully gained traction and popularity in past years by ditching hard to memorize passphrases for sturdier and more secure alternatives. Understanding the threats of password-centric authentication, more and more organizations and leading tech companies are gravitating toward passwordless technologies.
When done correctly, passwordless authentication provides an alternative that is both secure and easy to use and manage. This means that organizations can increase the frequency of identity verification without annoying users, and at the same time ensure that their network security is robust against phishing, man-in-the-middle, credential stuffing and more common attacks. As the number of remote locations and connected devices increase, the ability to deploy easy, stong and flexible authentication solutions is more crucial than ever.
With the present and future requirement of authentication in mind, Secret Double Octopus has developed a passwordless authentication solution that combines security, flexibility, and ease-of-use.
Where should CISOs put their money in 2021?
Where should CISOs put their money in 2021?
Best of 2020: Our most-read blogs of the year