Securing the cloud

5G Cloud Operators Urged to Cryptographically Isolate Network Containers

The National Security Agency and the Cybersecurity Infrastructure and Security Agency on Thursday published new guidance directing operators of 5G cloud networks to cryptographically isolate critical containers. In the document, the two agencies called on operators to focus on protecting data by using hardware techniques like Trusted Execution Environments, FedScoop reported Thursday.

The guidance defines a TEE as an area in memory protected by the processor in a computing device. The hardware ensures the confidentiality and integrity of code and data inside a TEE, it was explained.

Protecting locally stored data using powerful encryption like AES 256 is a common practice in cloud and enterprise. However, when the same data is being processed by the central processing unit, it is held as plain text in memory and is not protected by encryption. Therefore, “it is critical that data in memory has comparable protection to data at rest in storage devices,” the NSA/CISA guidance goes on to say.

The new document also recommends that the number of containers running in privileged mode with root capabilities should be limited.

The NSA and CISA published the guidance following a preliminary analysis and threat assessment carried out by a cloud working panel earlier in 2021.

The latest guidance is the second installment in a four-part series issued to help 5G cloud providers improve their cybersecurity measures. In the first installment published in October, the agencies highlighted the role that artificial intelligence and machine learning systems may play in helping cloud providers to detect the presence of sophisticated attackers and other security incidents.