You can’t overstate the importance of the current 5G rollout to the wireless industry. Nor can you exaggerate the seriousness of that rollout’s security risks without the right tools in place.
A couple of factors are driving those risks. The sheer pace and scale of fiber, tower, and small cell installation and maintenance jobs has stretched the limits of the contractors doing the work, even as those contractors struggle to find and retain qualified staff. Further, contractors typically work for more than one carrier and thus have access to the proprietary data of fierce competitors. The limits of legacy project management and work management systems that weren’t designed to deal with massive, repeatable installations such as 5G networks introduce a variety of security concerns.
A new breed of a cloud-based solution combining project management and work management capabilities across hundreds or thousands of distributed job sites is gaining traction in the wireless business for good reason. These deployment operations management solutions address security both deliberately and indirectly.
Consider the 5G rollout from the project-oversight perspective. The status quo often consists of a patchwork of systems and tools including — way too often — spreadsheets specific to each contractor. Those tools have wildly different robustness from a security standpoint, and even the solid solutions can end up compromised by the need to build ad-hoc interfaces with lesser products. Multiply that potpourri of tools by myriad contractors dealing with thousands of job sites, and the security issues posed by disparate systems are clear. A single, overarching system with robust credentialing and access controls does a lot to address this problem, and the potential such systems have to enhance security has been a major driver of deployment operations management solution development.
A related security risk of using multiple systems and tools to manage something as huge and complex as a 5G rollout has to do with data access and visibility. Contractors, in particular, should see only what they must as it relates to scheduled installations. A deployment operations management solution can control who sees what, with confidence, at a granular level. For example, if you’ve got 10,000 sites going up in the next quarter and a particular contractor will be handling 500 of them, it only sees its 500 — and only the data fields relevant to them completing the work. This must be controlled by simple and clear conditional rules that can be managed with different levels of fidelity at both the administrative- and project-manager levels. An added benefit here is that overworked contractors are presented with only what they need — say, related to their specific job sites over the next month — without having to root around in one or multiple systems in which they might come across the information they shouldn’t be accessing.
Dire staffing shortages heighten the need to be able to craft data-access rules specifically for contractors, as the contractors themselves — much less the carriers hiring those contractors — may not have a grip on whom exactly they’re giving the keys to when they do manage to hire.
Often left unspoken is the importance of usability beyond the realms of functional utility and user satisfaction. With the time pressures and enormous workloads 5G is levying on the industry, if project management and work management systems are cumbersome to use or suffer from frequent downtime, the teams doing the installs and the managers overseeing them will find ways to work around them. Those workarounds foster shadow IT environments that lack controls. Unless your people work in it exclusively and without the need to capture data elsewhere, the most secure system in the world is useless.
What’s more, work processes themselves regularly throw security out the window. When it comes to critical communications infrastructure, you don’t want a job foreman cranking out closeout reports using Word documents and spreadsheets on his personal laptop. But it happens all the time. Deployment operations management solutions have been developed with an acute awareness of these sorts of risks and include intuitive functionality to, for example, ensure that closeouts happen entirely within the system’s confines.
Note also that the national security and law-enforcement establishments depend on private 5G networks managed by the same carriers serving the consumer market. That introduces another security-related consideration. Information related to the composition and locations of towers, switches, network operations centers, and other 5G infrastructure is sensitive anyway. With national-security-related infrastructure, in particular, that information needs to be highly protected. Government customers demand stringent data-residency enforcement as well as enhanced encryption requirements. That’s all but impossible to do without a single, comprehensive solution.
Urs Hölzle, Google’s first engineering vice president, famously said, “At scale, everything breaks.” Given the stakes of 5G, the telecom industry can’t afford that truism on any dimension — least of all when it comes to security.