MWC24: Rakuten and the Critical Importance of Automation

With the digital era revolutionising the telecom industry, businesses are facing calls to innovate further with AI and cloud-native technologies.

There are numerous benefits to the cloud-native approach, including increased network speeds, efficiency and agility in offering new services. As operators deploy new networks with expanded attack surfaces, perimeter-based defences are no longer viable. A new, more dynamic approach to security is now required. 

Significantly, many businesses are turning to  “zero trust” security principles to protect cloud networks. Zero trust implies that any internal or external user or service requesting access to a resource is a potential threat and so should be challenged to verify identity every time a request is made. 

Applying zero trust architecture

Rakuten Symphony, a Rakuten Group company, provides global B2B services to the telco industry. It was early to market delivering full-stack, Open RAN offerings to enable cloud-based international mobile services.

The company is playing a key role in defining O-RAN security specifications. It is leading  security specifications work for Open Front Haul interfaces and O-Cloud, an O-RAN Alliance defined cloud platform. 

Nagendra Bykampadi, Global Head of Product Security at Rakuten Symphony and co-chair of the O-RAN Alliance Security Work Group (WG11) , said at MWC Barcelona 2024: “We have taken some of our experiences and learnings from our deployment in RMI and worked closely with MITRE to begin a new work item in WG11 on zero trust architecture for O-RAN based networks.

“We feel zero trust is required to protect our networks for the future.”

The company has taken its expertise in standards to implement standards-compliant security controls for its Open RAN products and Rakuten’s cloud platform. 

“A lot of our software needs to be compliant with O-RAN Alliance standards,” Bykampadi says. “We have shifted to include what we call ‘product security guidelines/requirements’. The whole idea is that every Rakuten Symphony product adheres to a certain set of security principles.”

Bykampadi continues: “We also focus on DevSecOps plus additional practices like threat modelling, compliance to product baseline security requirements and so on. This is an evolving topic, but I'm happy to say that we are pretty much industry best when it comes to the adoption of security practices during software development.”

When it comes to building an Open RAN-based network, “You need to have a well-thought-out security design as you plan your network and build a network. One of the things that we are seeing is that we have already built the network, and now let's say we want to evolve to something like zero trust. There is always going to be a legacy problem that we have to face.” 

He adds: “My suggestion would be that when you design and build a network, consider security from day one. Device management and user management are very critical. These need to be incorporated into your planning phase rather than retrofitted later on.”

Automation as a driving force in cybersecurity

Moving forward, Bykampadi highlights that automation will be critical, as AI and machine learning (AI/ML) can be harnessed to improve business security posture and mitigate attacks.

“Security visibility is the key for you to solve security problems,” he says. “If you know exactly who is there in your network, what kind of devices are there in your network, it's always easy to manage it.

“On the contrary, lack of visibility is always a concern. My personal goal would be to somehow use AI/ML as enablers to improve our network visibility. But visibility of the issue is important, which is where I see a lot of emphasis going as we prepare for future networks.”

Bykampadi continues: “Rakuten Symphony is in a very unique position, as we don’t just have industry leading products - we also have the benefit of contributing to standards and specifications, which actually drive the product itself. We are thinking for the future with an emphasis on AI/ML, automation and self-autonomous networks.”

******

Make sure you check out the latest edition of Mobile Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Mobile Magazine is a BizClik brand