In 2020 the average cost to a company of a data breach, ransomware, or malware was $3.86 million, according to the latest IBM and Ponemon Institute report on the costs of weak security. The study identified stolen or compromised credentials and misconfigured clouds as the leading causes of breaches, which took an average of 280 days to identify and repair. Small wonder that, as engineers develop new network concepts beyond 5G, security and “trustworthiness” are spoken of as essential attributes – for example, as one of three fundamentals in Samsung’s 2020 white paper on 6G.
Against this background Exium emerged from stealth mode this month offering a zero-trust network and cloud security through an “intelligent cybersecurity mesh” on a 5G core.
Was this hype or a step towards a genuinely more trustworthy network experience for enterprises? 6GWorld™ spoke to CEO Farooq Khan to find out more.
“We have taken the 5G network standard and built this, if you like, over-the-top 5G core service,” Khan began. While hyperscalers like Amazon Web Services have depended upon telecom networks to deliver their global reach, “now we are bringing 5G on top of this hyperscaler infrastructure. So it is a 5G software layer – imagine it’s like the Netflix of 5G. Netflix is a global service over the top of the telcos and hyperscalers; now Exium has done this with a 5G overlay not limited to one country.
“But now we are creating this secure network, it should be available on any underlying network on any device. 5G is access-agnostic and device-agnostic. That means 5G can go over Wi-Fi, over fibre or satellite access. Similarly, 5G is not limited to smartphones.”
A Zero-Trust Environment
While this is certainly a novel approach to network-building compared to national 5G networks, in and of itself it does not seem to create a “zero-trust” environment. What brings that about?
Khan explained: “The way I would explain zero-trust is that we establish a trust path. And then on top of that, we inspect everything flowing back and forth through the network.” There are two main aspects to this – security “cybernodes” in the 5G core and on-device security.
“Whenever there is data in transit, it’s really the network security killer. When data goes through our cybernodes – and everything has to go through the cybernodes – we inspect everything. So even if there is a virus or a phishing attack or botnet that’s made it onto the system, we can catch all these attacks and block them,” Khan said.
Exium also created the software for the device side. “Native 5G devices have great security because they have SIM and eSIM guarding cryptographic keys – the Root of Trust,” Khan explained. “What Exium’s software does is echo that in any device. It doesn’t matter what modem’s in the devices, you make this 5G-native security by putting in the 5G stack that Exium created as the Root of Trust.”
On the surface this sounds like a good thing, but what does it mean in practice? The answer comes down to the way that cryptographic keys work, using a “shared secret” to authenticate.
“Say for example you’re in an unfriendly country and you’re trying to access a Wi-Fi access point. In the advanced TLS [Transport Layer Security] exchange and those protocols – even in HTTPS – the shared secret is transmitted; and, if somebody intercepts it, then with advanced computing they can hack that. But, for us, the keys are always in the hardware at both ends and the shared secret is derived through cryptographic computations. It is never transmitted over the network.”
“In this scenario somebody can intercept your data packets, but they can never read them. In a worst case they might decide to block your communications because of this, but at least that way you know, right?”
The example above may sound like something from a spy thriller, but the IBM report also pointed to suspected nation-state actors in around 13% of intrusions on major companies. In an era where cyber-warfare and cyber-terrorism may be cheaper and more deniable than the alternative (the podcast series Darknet Diaries has some illuminating and digestible examples for non-specialists, such as this episode) Khan sees enterprises taking these risks seriously.
“Certain extremely critical sectors like military and nuclear power I don’t think are going to connect to the Internet, because the risk is way too high. But other than that, in utilities and other industries, everyone can see the benefit of feeding back data to the cloud for analytics, predictive maintenance, and all that. So these are the type of enterprises and customers we are resonating with, because of this grid of security. Then also there is the 5G angle here because in the future two out of the three use cases for 5G are focused on IoT and industrial automation. So we say if you deploy this technology today, you can protect from cyberattacks. And then it’s also future-proof and you incrementally add 5G for mission-critical applications.”
This is true, but not necessarily a surprise for telecoms providers who have been advocating for enterprise 5G before. What would make Exium stand out from, for example, an AT&T or Deutsche Telekom?
“For the enterprise you need a multi-tenant solution, and it needs to be very easy to use. Operators are generally very network-savvy, so they can deploy complex systems such as OSS with hundreds of people to operate and maintain them,” Khan explained.
“But for enterprise customers we have taken the approach that enterprises themselves use, where there’s no OSS. It is all enterprise-friendly and self-service. You can go to the Exium servers for free, set yourself up, and you can be on this 5G network. It shouldn’t take more than five minutes.”
Alex Lawrence is Managing Editor at 6GWorld. His mission is to bring together stakeholders from across industries, countries and disciplines to make sure that, as technology evolves in the coming decade, it’s meeting the changing demands of society, government and business.
He has been involved as a professional nosy person in the telecoms sphere since 2004, with short detours through industrial O&M and marketing.
If you’d like to talk to Alex about your ideas or projects he’d love to hear from you. @animalawrence or firstname.lastname@example.org.