The need for mobile roaming security
Roaming is a key asset for mobile operators and needs to be secure
The COVID-19 pandemic continues to have a significant impact on travel. As a result, roaming traffic, which provides cellular services connectivity around the globe, is reduced. However, before the global COVID-19 outbreak, international mobile roaming traffic continued to increase year on year and it is expected that once the pandemic is better under control, traffic volumes will quickly return to the level prior to 2020, and from there continue to grow again with comparable figures.
In many aspects, roaming is a critical asset for mobile operators, fueled by many drivers:
- The number of mobile subscribers continues to increase with a global percentage of about 2% per year. Same for the number of cellular connected machine to machine and IoT devices, with around 1.8 billion devices connected in 2020 and forecasted to grow to over 4 billion by 2024.
- Regulation, like in Europe, is also forcing roaming costs to be kept at an acceptable level to allow a “roam-like-at-home” behavior and protect subscribers from excessive costs.
- Mobile standards also play a key role in roaming growth. Typically, 4G connected devices generated more data than previous generations and increased the number and usage of IoT devices, and how and where these devices are used. And 5G is accelerating this. Increased bandwidth, lower latency, and lower power consumption are just a few of advantages that 5G is offering, but also leveraging 5G as part of business processes (beyond just mobile connectivity) is driving the traffic growth and how mobile technology is used.
Therefore, cybersecurity of the roaming process is a key enabler for business despite the many challenges such as:
- Volume - With high performance and low latency, data traffic that needs to be inspected (signaling and user traffic) is increasing.
- Regulation - With cybersecurity-related incidents increasing in various areas, there is constant work related to cybersecurity measures and regulations at a national and global organization level, which requires adaptation.
- 5G - Though designed with security in mind from the beginning, 5G requires extra cybersecurity measures to protect networks, enterprises, and subscribers, as it allows for much more integration of devices in production environments, including roaming, and with that a higher risk for harmful business-impacting incidents.
Protecting the roaming process to ensure business growth
Signaling firewalls like GTP (GPRS Tunneling Protocol) firewall play an important role in roaming security for the signaling and user planes traffic. For example, the GTP inspection, which is key to detect any threat, can be done on the signaling traffic as well as on the user traffic. By inspecting the user traffic, we can detect things like, what applications are being used which can be valuable for business intelligence, or verify normal vs. abnormal behavior and take remediation actions.
GTP firewalls are key in many use case of roaming security:
- IoT - While the growth of roaming traffic has slowed down due to the pandemic, there has been an ongoing growth in the amount of cellular-connected IoT devices and how they are being used as part of business processes. When roaming behavior is back to “normal,” there will be many more IoT devices roaming, and often they have very different behavior than the regular broadband behavior of consumers and business travelers.
- Scalability - The number of sessions is ever increasing with the number of devices that are being used for roaming, especially with the increase of IoT devices on networks. A GTP firewall is often deployed as a geo-redundant system given its importance to protect the network against roaming related risks. And with the high number of sessions, maintaining the GTP state across multiple geographically diverse locations is an important aspect that can be very well-addressed by synchronized GTP firewalls.
- Adjusting network behavior - Session timers depending on RAT (Radio Access Technology) type can adjust the network behavior that is best suited for certain applications or usage. In case of a network or service outage, many IoT devices may try to reestablish sessions at the same time. This results in a high GTP session setup rate and many parallel connections that can easily create a signaling storm. This could be hard to recover if the connection attempts are not controlled. Having a granular way to rate limit traffic based on the type or source is an effective way to mitigate network problems when traffic spikes are experienced due to unexpected network issues. Devices and types of traffic can also be prioritised; for example, IoT devices that share information that is not crucial could be given lower priority versus devices that are crucial for safety.
Complete visibility is also key to what is happening in the network and with the devices. While roaming, it is important to make sure that maximum visibility is available for support reasons as well as business and operational reasons. The better the home operator knows how customers, applications, and devices are behaving while roaming, the better problem-solving can be achieved or even prevented. Visibility provides valuable information to the operator for trend analysis, growth planning, and business intelligence.
With the increasing relevance of IoT Roaming and 5G enabling many new business opportunities, the value of roaming will continue to increase and with that the need to secure this traffic.