Examining Zero Trust with Ericsson's Amanda Chen

Cyber Magazine speaks with Ericsson's Amanda Chen on why Zero Trust will take centre stage in 2024

The cyber security landscape it is undergoing significant strain. Riddled with ransomware, and aided by AI, security systems are being hit by a barrage of attacks.

Amid this onslaught, cybersecurity professionals are compelled to adopt new methods to not keep their systems safe, and stay ahead of the latest trend of threats. 

One such idea being floated around is a Zero-Trust approach. Zero Trust, in a nutshell, treats everything inside and outside the network as a potential threat, and always 'asks' and doesn't assume.

Zero-trust models can help organisations fortify their defences against these advanced threats where signature-based solutions are failing. To find out how, we spoke with Amanda (Hsin-Yi) Chen, Security Solution Manager at Ericsson, about the company’s drive to help companies security operational challenges worldwide.

Amanda (Hsin-Yi) Chen bio
  • Amanda (Hsin-Yi) Chen serves as the Security Solution Manager at Ericsson, where she consults and spearheads security operational challenges for customers worldwide. She plays a pivotal role in advocating and championing for secure network deployment and operations, leveraging Ericsson’s cutting-edge security solutions to automate processes and mitigate risks effectively.

What is Zero Trust Framework, and why is it important? 

Zero Trust Architecture (ZTA) has emerged as a critical framework amidst the comprehensive transformation of telecom networks in recent years. It operates on the principle of “never trust, always verify.” Regulatory bodies globally, particularly focusing on critical infrastructure, advocate for ZTA to complement traditional perimeter-based defenses, emphasising continuous verification and monitoring. 

This concept has proven to be successful across various industries, from finance to healthcare. However, its next frontier lies in motivating mobile operators to pursue ZTA and integrate with 5G networks. As the telecom industry fully transitions into the 5G era, security concerns loom large, particularly during the deployment and operationalisation phases. Few mobile operators have embarked on this security journey, presenting both a challenge and an opportunity. That’s why at MWC this year, we chose to bring to life some of the day-to-day challenges operators face through a physical Security Operations Center. We wanted to provide a tangible and real-time interactive experience that demonstrates the criticality of ZTA. 

With real-time detection of unauthorised access facilitated by strict access control and continuous authentication, ZTA becomes pivotal for security management in the telecoms sector. It revolutionises the telecom security posture by reducing risk and minimising the time threat actors have to perform lateral movement within the network.

Why is 2024 the year that Zero Trust takes centre stage?

2024 marks a pivotal moment in cybersecurity as regulatory focus intensifies globally, building on legislative initiatives implemented in 2023. Directives such as the EU's Cyber Resiliency Act, the NIS2 directive, and the U.S.’s Executive Order on Improving the Nation’s Cybersecurity lay the groundwork for a significant shift in the cybersecurity landscape towards ZTA.

The convergence of heightened regulatory demands with evolving frameworks and unique 5G characteristics has made ZTA an imperative. Despite efforts to implement, the lack of standardisation across telecoms has resulted in gaps. Increased reliance on cloud services, remote work trends, and ongoing digital transformations further underscore the need for an adaptive security framework, positioning ZTA as the strategic model for telecom security management. 

Why are individualised security measures more effective than one-size-fits-all strategy?

In the telecom sector, individualised security measures are essential due to its multi-vendor nature and diverse network landscapes. Sole reliance on perimeter security is inadequate against advanced threats. By adopting tailored solutions spanning individual components, operators can mitigate vulnerabilities and shift from reactive to proactive threat anticipation. Mobile network nodes have different characteristics and capabilities dependent on their presence in the mobile network architecture. Therefore, the protective and detective measures must vary and be contextualised and individualised rather than using one-size-fits-all approach.

Our recent whitepaper “Zero Trust Architecture for advancing mobile network security operations” emphasises the need for dynamism and flexibility in security to safeguard critical infrastructure effectively.

What are "defence in depth" (DiD) principles, and why is there increased pressure on them?

Holistic protection is achieved through ‘defense in depth’ (DiD) principles, which advocate for a multi-layered security approach. In an ever-evolving security landscape, industries must implement security principles that are far-reaching and multi-faceted. The increasing prevalence of novel risks underscores the necessity for robust security measures that extend across multiple layers of defense.

The Zero Trust principle on micro-perimeter protection is asset-centric. At the core of the DiD chain is the individual micro-perimeter which needs to be appropriately and effectively protected against internal and external threats. This approach enables ZTA to detect and prevent lateral movement of threat actors. 

What is the future of Zero Trust?

Zero Trust embodies a strategic leap towards bolstered security and regulatory adherence. With stringent data protection regulations reigning over the telecoms industry, ZTA emerges as a barrier to safeguarding sensitive data. The imminent future of Zero Trust in telecoms hinges on its widespread adoption, positioning it as the resilient shield against emerging threats in an era of unprecedented connectivity. It also serves to mitigate the risk of fines stemming from regulatory violations.

However, achieving ZTA in mobile networks necessitates collaborative efforts among all industry stakeholders. In a landscape characterised by rapid technological advancements, ZTA secures the resilience essential for defending against evolving threats and ensuring the future security of telecom networks.

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

Share

Featured Articles

SolarWinds: IT Staff Dubious on Organisation's AI Readiness

A recent trends report by SolarWinds reveals that very few IT professionals are confident in their organisation's readiness to integrate AI

Is Stress a Driving Force Behind the Cyber Skills Shortage?

A SenseOn study has showed 95% of IT leaders in the UK and Ireland say stress impacts their ability to retain staff

Rapid7 AI Engine Update Sees Gen AI Supporting SOC With MDR

Rapid7's enhanced AI Engine will now use machine learning models and new Gen AI models to separate real attacks from false alarms

Google Securing WFH with Zscaler and Netskope Partnership

Network Security

Why Have Cybersecurity Budgets Soared for TMT Companies?

Operational Security

Mandiant's Analysis Unveils Cause of Snowflake Data Theft

Operational Security