SASE and Last Mile Redundancy: Is 5G the Answer?

5G SASE Resilience

Increasingly, I’m being asked about 5G and SASE. How are the two related? Which SASE vendors support 5G?  So let’s address it here. 

Last Mile: Where the Action Isn’t 

The last-mile has always been the Achilles heel of enterprise networking. In the core, we’ve had an abundance of bandwidth. The many paths comprising the core give it incredible resilience. By contrast, the last mile has been the place defined by “lacks” —  lack of geographic reach, lack of bandwidth, lack of redundancy.. 

To a large extent, SD-WAN made its mark by solving the last-mile problem. With MPLS, we were limited to specific geographic regions and then specific bandwidths within those regions. Availability, while in theory, was high as MPLS is a managed service. In practice, some sites were invariably located in regions where last mile availability was notoriously unpredictable or outside of the MPLS provider’s network coverage.  

SD-WAN let us aggregate last mile access for greater bandwidth and also greater reliability. As I’ve pointed out in the past, sites connected by even dual consumer-grade DSL or cable, and 3G/4G connection can achieve five 9s uptime. But we were still left with the last mile barrier. Whereas bandwidth in the network core would hit 10G, in the last mile, capacity was generally limited to a hundreds of megabits to a gigabit. While SD-WAN lets us balance traffic across multiple last-miles, you’re still left susceptible to the potential outage. And for workgroups that require quick setup and deployment, broadband, while an improvement over dedicated connections, is still too cumbersome for dynamic workgroups. 

5G: The Answer to Last-Mile Problems? 

5G removes the last-mile barrier.  It brings core bandwidth (up to 10G) to a 5G device. When used with edge appliances at the branch, 5G can effectively eliminate the need to aggregate multiple Internet connections together for more capacity.

As  a wireless technology, 5G also seemingly overcomes last mile provisioning and deployment issues. No longer do organizations have to wait for fiber to be pulled or DSL provisioned. With 5G, IT leaders get capacity they need, instantly, without worrying that the last mile might be cut or otherwise disrupted.  

Security and Availability Challenge 5G 

With so much going for 5G, one could think it’ll change how enterprises design their networks. At the very least, multiple last-mile connections should be unnecessary with 5G addressing the capacity limitations not to mention errant backhoe operators.  

But 5G is still too new for enterprises to rely heavily on the technology. There’s still too much being learned about the standard and how carriers will architect their 5G networks. Take the availability issue. It’s true as a wireless technology 5G might not be susceptible to the same physical outages from the carrier network to the customer premises as fiber or DSL but that’s not to say that 5G won’t have any physical layer vulnerabilities. 

The distribution layer of carrier networks, the network layer linking the 5G antennas accessed by the 5G radios at customer networks, is often a point of vulnerability. In many cases, this infrastructure is not fully redundant, representing a potential single point of failure in a provider network. 

Another area of concern are the security issues. Late last month, AdaptiveMobile Security reported details of a security flaw in 5G relating to Network Slicing, the technology that allows mobile operators to divide their networks in multiple virtual blocks to accommodate different types of traffic. 

In its research, AdaptiveMobile Security examined 5G core networks that contain both shared and dedicated network functions. The research found that when a network has these ‘hybrid’ network functions that support several slices, there is a lack of mapping between the application and transport layers identities. This flaw in the industry standards has the impact of creating an opportunity for an attacker to access data and launch denial of service attacks across multiple slices if they have access to the 5G Service Based Architecture. 

SASE Compliments 5G

Which brings us to SASE. At a high level, SASE abilities to form an end-to-end encrypted overlay should provide protection against vulnerabilities in the 5G infrastructure itself. And because SASE is an overlay, SASE platforms should support 5G. To learn more about 5G and how you can best leverage SASE in your enterprise without falling exposed to its weaknesses, contact us today

Share this post