The Zero Trust Security Strategy in a 5G World

Chris Howell, Wickr CTO
June 11, 2019

5G isn’t significantly rolled out across the U.S. yet and already, security experts in sensitive government and private sector circles are recognizing that hostile 5G networks could be a credible threat. The primary concern is that 5G networks will be reliant upon Chinese technology (called mmWave), and that China’s investment in 5G (and the government’s ability to control their market) will give Chinese companies the ability to hit an efficiency of scale at speeds difficult for U.S. companies to match. Some are advocating that the U.S. open up the spectrum held by the DoD (called sub-6) and provide government funding to compete with the Chinese so that we have a network that can be trusted.

So much in security comes down to who to trust. It’s a key element in virtually every security best practice from the principle of least privilege to the DENY_ALL firewall rule. Get it right, and you have a chance. Get it wrong, and the consequences could be dramatic.

So, who or what should we trust? Experts would tell us to scrutinize well and place trust in as few people or things as possible. Take that to its logical conclusion and we land at the ideal case for security: Zero Trust.

But how do we apply zero trust in the real world? Consider who and what is involved in sending a text message. Someone built the phone. Someone else built key components inside the phone. Someone else wrote the software that runs the phone, and someone else wrote the text messaging software. Once sent, the message is handled by one or more mobile network providers, backbone network providers, Wi-Fi networks or local area networks — each of which depend on a dizzying number of systems and components to complete their task. All of those systems and components are, of course, built by different technology companies.

This is the world we live in. A real world zero trust strategy is not literally to trust no one, which we can’t do. It’s to trust as few people as possible and to trust no one with everything. We trust some systems or providers to do x and others to do y — the thought being if we choose each provider carefully and separate our exposure to each, our risk is minimized.

“Zero trust” products like AWS Wickr are designed to promote this strategy. Borne from a zero trust mindset, our multi-layered encryption and security controls significantly reduce or eliminate risks posed by other parties and components in the messaging delivery chain, including those posed by hostile networks — 5G or otherwise.

We also know that organizations with advanced security strategies also need products that they can control, have the ability to scale, and have the power and flexibility to meet their compliance, data retention, and integration needs. That’s why we built AWS Wickr and Wickr Enterprise — our private hosted product — with these needs in mind.

Our products provide complete administrative control of the secure messaging system in managed device or BYOD environments, and offer a powerful answer to “shadow IT” and the over-proliferation of non-compliant consumer products. Our products are scalable to work securely and reliably for small teams and large enterprises, and capable of supporting complex data retention requirements by incorporating both centralized, long-term message archiving features and risk-reducing ephemeral messaging for clients. And importantly, they’re easy enough for anyone to use.

A zero trust security strategy and AWS Wickr can help your organization manage real-world risk in the technology real world. Try us today at https://wickr.com or contact us for more information.