I am writing this blog from the inside of a British Airways plane, waiting to take off from Barcelona, destined for London. It has been quite a week, probably a week I will never forget, all for good reasons.
There were many highlights from MWC that I could share with you and, being honest, the best all related to meeting customers, colleagues and friends in person. It has been so long since we all travelled that I am confident everyone felt the same. The excitement of sitting at the same table after more than a year (albeit with a face mask firmly bolted on) was palpable. Meetings were never rushed, lengthy considered conversation took place and of course, there was time for laughter and shared happiness. Whilst Zoom, Teams, Bluejeans and others have helped us survive the pandemic, nothing gets close to the richness and effectiveness of a face to face communication. It was refreshing.
The event could not have taken place were it not for the exceptional organisational capabilities of the GSMA Association. Whilst clearly a huge effort is placed on the agenda and content of an event like MWC, more than ever, the foundation to any large-scale event is security. And in today’s world that means COVID secure.
The combination of highly efficient testing facilities, permission to access the premises linked to current test status, strict (but polite) enforcement of FFP2 face mask rules, the event was carried off flawlessly. Whilst the number of attendees was lower than we all would have desired, we in Mobileum had a fantastic week.
You may have seen our press releases relating to the acquisition of Developing Solutions, Convene Networks, Niometrics. Each of these brings fantastic opportunity to augment the capability to the Mobileum family and I’m sure you will be hearing more about them from my colleagues in due course. Today I want to focus on 5G security. Throughout the event a consistent theme was the desire to prepare for the imminent expansion of 5G standalone networks and the need for interconnection to support global roaming.
In meeting after meeting we discussed Mobileum’s approach to 5G security. I wrote a blog on this theme last year and the very centre of our 5G push is the SEPP – Security Edge Protection Proxy. This critical platform will ensure that finally we will have a base layer of security between any two interconnected 5G networks. Whilst it won’t cover all potential security threats, use of the SEPP in combination with other solutions will ensure that a major step towards comprehensive, end to end security is achieved.
In the blog I wrote last year I referred to the debate within the industry on the role of SEPP and some of the challenges it faces. Whilst tier 1 operators have the resources to invest and maintain a SEPP, it is questionable whether high volumes of tier 3 and 4 operators will be in the same position. Additionally, it is widely recognised that IPXs provide invaluable hosted value added services to scores of operators around the world. From direct personal experience I can confirm that such services are not exclusive to smaller operators, in fact most operators benefit from this operating model.
With that in mind, it has been satisfying to see progress within the GSM Association’s Working Groups, particularly 5GMRR - 5G Mobile Roaming Revisited on addressing these challenges. My colleagues in Mobileum have been active contributors to this debate since we are committed to making 5G a success for our industry. So far there is consensus on transmitting the SUPI (5G equivalent of IMSI) in the clear meaning that many IPX hosted analytics services can continue to be supported. This is definitely a step in the right direction, albeit at a cost of a somewhat reduced level of security. Sadly, in the world of security, there is no such thing as a free lunch and it isn’t unusual that decisions taken for commercial reasons can be at the detriment of security. However, the risk is even greater if we standardise a model that doesn’t work commercially and is never adopted globally. Striking the right balance between providing continuity of the operator business models while still making 5G roaming the most secure to date, is the right thing for everyone.
The debate continues on the role of hosted SEPPs, that is, the capability of a CSP to delegate the operation of the SEPP to a trusted third party. This is something that is obviously of great interest to IPXs given their role in hosting value added services.
We in Mobileum have made great efforts to ensure that our SEPP adheres to all the 3GPP specifications and is ready to support the guidelines that GSMA will provide. This has been achieved whilst maintaining the standard Mobileum approach of high levels of operational efficiency, flexible design and architecture, all aimed at ensuring that platforms can be deployed, as we have done, in networks as small as 40,000 subscribers (or smaller) and larger than 400,000,000 subscribers! We recognise that in the case of SEPP key management will be critical. The impact of expired keys being overlooked is disastrous – 5G roaming will simply stop overnight! Just consider the well documented example of expired certificates on an Ericsson SGSN that impacted operators around the world. We have taken steps to ensure that the management of keys from potentially 600-800 mobile operator partners will be both seamless and simple for end users. We enjoy the benefit of having the world’s largest deployment of signalling firewalls and we believe it is critical to offer our customers the possibility of a fully integrated 5G firewall and SEPP, with full backwards capability to support cross-protocol SS7, Diameter, SIP and GTP protection.
This week I met several IPXs and they all mentioned that 5G security is a critical issue for them and that it is in the interest of many of their smaller customers that they are be able to host a SEPP. I am delighted to confirm that Mobileum’s SEPP will fully support this model, based upon our legacy of offering hosted value-added services for almost two decades. The experience gained from this has been invaluable and I am hopeful that it will continue to delight our customers – whether MNOs or IPXs!
For more information, please contact us.