Because wide area network (WAN) connectivity has been predominantly wired broadband, cellular connectivity has often been relegated to a failover connection option. Now, organizations recognize 5G for its agility in supporting networks because it takes reliable connectivity past fixed sites and expands it to vehicle fleets, IoT devices and remote workers in places where wired broadband wouldn’t work or can’t be obtained. According to Cradlepoint’s 2024 Global State of Connectivity Report, executives believe 5G will be a key enabler for IoT, supply chain optimizations, AI/ML, and even sustainability initiatives.
However, the broader definition of WAN brings up some very important concerns. With more and more devices on the edge of the network, how does an enterprise protect this larger attack surface they are laying in front of bad actors? Enter Secure Access Service Edge (SASE), a cybersecurity model that is finally becoming mainstream. SASE, a cloud-based architecture, is designed to secure today’s corporate networks as they demand simplicity, flexibility, low latency, and security at the WAN edge. This network security model proves to be more critical in protecting enterprises with expanded attack surfaces and distributed workforces. This includes workforces that have remote and mobile users with BYODs, as well as third-party contractors with unmanaged devices who need network access.
The key to truly untethering your WAN lies in bringing these two technologies – 5G and SASE – together to create a complete reimagination of your WAN architecture.
Understanding the differences between 5G and wired broadband
The flexibility 5G WAN provides is enticing but, before leveraging this technology, businesses must understand how it is different from wired broadband and why combining it with SASE for an agile, secure network makes sense.
First, 5G allows a mobile component for your network. This creates mobile WAN connectivity for every organization from small businesses with delivery trucks to a public safety organization with a fleet of emergency vehicles. 5G also means a variability in bandwidth. If you leverage a wired network, a 1 gigabyte link remains a 1 gigabyte link. However, 5G bandwidth fluctuates depending on signal strength and signal quality from the connected cell tower.
Metered links can also be an important consideration. While it’s true in certain countries, unlimited data plans are starting to emerge, most organizations still need to track data plan usage across WAN connections.
Then there are quality of service QoS) considerations. An IP network uses Differentiate Services Code Points (DSCP), which is a 6-bit field in the IP header that enables the identification of up to 64 distinct traffic classes to help define and create a class schema. Networking devices, such as routers and switches use the DSCP code to assign a numerical value to determine the handling and queue placement of each packet. Similarly, 5G networks have a 5QoS Identifier (5QI) value, which is a pointer to a set of QoS characteristics such as priority level, packet delay or packet error rate to support QoS across a connection to enable class of service differentiation.
The possibilities become even more intriguing as carriers complete their roll-outs of 5G standalone (SA) networks, where enterprises can take advantage of true differentiated services through network slicing. Carriers will be able to provide “slices” of their 5G spectrum networks to offer specialized technical requirements such as low latency and higher bandwidth. Organizations will be able to subscribe to those services (or slices) based on specific application or organizational needs.
Lastly, when your WAN connectivity is delivered through cellular, there are no physical links to help you understand all the connections and dependencies in your network. This can make troubleshooting more complicated if the proper visibility tools are not in place.
Combining 5G and SASE
These considerations require a custom SASE architecture that can secure your network as you look to 5G to deliver a more agile WAN. However, you’ll want a SASE solution and approach that doesn’t limit what 5G can offer. Your 5G network and SASE solution should complement each other.
For example, traffic steering is an important component of an agile WAN solution. It helps you prioritize certain data and makes sure there are no interruptions as data travels. When you’re leveraging 5G WAN traffic steering, the focus shouldn’t only be on latency, loss, or jitter — the solution should also steer traffic based on cellular attributes such as available bandwidth and data plan usage.
Considering bandwidth and data plan usage as you measure WAN performance is also important. Inserting synthetic traffic into your network, thereby using more bandwidth and data, could be costly and inefficient. Instead, a smart SASE approach will measure WAN performance metrics using inline traffic.
Efficiently securing your 5G WAN
In addition to network optimization, there’s also the “Secure” part of SASE. A SASE approach that complements 5G WAN, will not only secure your network but do it efficiently. There are times when implementing network security features will take up bandwidth and hamper network performance.
For example, IPsec tunneling is often used to secure data as it moves through your network. In certain instances, network security or IT personnel will leverage a solution that encrypts the tunnel to secure traffic from an application that is already encrypted. This “double encryption” negatively impacts bandwidth and can slow down the very application someone on the network is trying to use. Alternatively, micro tunneling, as a part of your 5G and SASE architecture, creates a network security approach that protects data in transport without hampering performance and bandwidth utilization.
While micro tunneling helps secure data transport, SIM authentication will play a starring role in securing endpoints in 5G WAN. For IoT devices, laptops, and mobile devices, SIM authentication provides a secure but simple way to provide an identity source that can be used to create a security policy for. This would allow for a clientless security solution across both unmanaged and managed devices.
SIM authentication will also be important as your organization’s devices move from public to private 5G networks. No matter where those devices connect, the SIM card helps maintain the security policy on each device. For example, if a certain device is not authorized to upload files to your network, then that device won’t be able to upload files regardless of which 5G network provides the connection.
Finally, the combination of 5G and SASE requires a comprehensive network management solution. Since visibility and analysis of a cellular network can be difficult, it will help if you can leverage a network management solution that brings in valuable cellular health metrics to make remediation less complex.
5G and SASE: Preparation for the future
For any business or organization, it’s always important to combine the latest technology with the best security features. 5G WAN is no different. 5G and SASE help you take your network to new places, while making sure your network is always safe. It’s like having a bodyguard for your mobile devices and data even as they move past the confines of an office space or headquarters.
And let’s not forget about the 5G network capabilities to come. As 5G standalone networks give way to more mainstream network slicing, a comprehensive network approach that combines 5G and SASE approach will provide efficiency and security for the networks of today — while setting the foundation for networks of the future.
