5G will dramatically expand the number of internet-connected devices, generating enormous volumes of data. At the same time, however, it will broaden the attack surface and introduce new security challenges that organizations must address.
In November, AT&T published its latest Cybersecurity Insights Report, which examined security considerations for 5G networks. The findings emphasize critical security concerns and highlight how organizations are responding to secure 5G deployments.
According to the report, 44% of respondents consider the expanded attack surface caused by increased connectivity a primary security concern. Another 39% cited the rapid growth in the number of devices—combined with higher network speeds—as a key risk factor. More than a third (36%) expect a proliferation of new IoT device types on 5G, and they emphasize the need to extend IoT security policies across the organization to address these risks.
Over the past decade, many enterprises have adopted the Zero Trust security model for private networks. Zero Trust is increasingly seen as a promising approach to mitigate many security concerns associated with 5G. The model minimizes risk by treating all users and devices—whether inside or outside the network—as untrusted until explicitly verified, helping detect and limit malicious activity.
Traditionally, once an attacker breached an internal network, they could assume the privileges of legitimate internal users and move laterally to steal data or disrupt infrastructure. Zero Trust reduces this risk by granting users and devices only the minimal access required to perform specific tasks. It also supports continuous monitoring of activity and automated reporting to detect anomalies quickly.
Enterprises are drawn to Zero Trust because it enforces granular identity and authentication controls across all parts of the network. As 5G connects vastly more devices, Zero Trust can help authenticate and track these devices and their behaviors, making it easier to spot misuse or compromise.
Many organizations are replacing traditional VPNs with Zero Trust Network Access (ZTNA) solutions to protect business applications and data from attackers. While VPNs can still be effective for smaller environments where security patches and encryption are carefully maintained, ZTNA provides finer-grained control and visibility that scale better for modern distributed architectures.
That said, Zero Trust is not a cure-all; it presents its own implementation challenges.
Scale: Zero Trust has been implemented successfully in enterprise private networks—Google’s internal systems are a well-known example. But 5G is a global telecom platform that will connect millions of devices across public networks. Defining and enforcing consistent security policies at that scale will be difficult. 5G architectures include Multi-Access Edge Computing and network slicing, which can create hybrid policy domains that are complex for telecom operators to manage.
Latency impact: The Zero Trust approach relies on continuous verification and monitoring of devices and user activity. That constant inspection and the need to relay telemetry to centralized systems can introduce processing overhead. In latency-sensitive 5G applications, this additional step has the potential to affect performance unless monitoring and enforcement are optimized and deployed at appropriate network edges.
Conclusion
Zero Trust offers a robust framework for identity, authentication, and continuous monitoring that can strengthen 5G security. It has proven effective in private enterprise environments, but applying Zero Trust across public 5G networks will require further maturation of tools, policies, and operational practices to handle the diversity of devices, infrastructures, and use cases inherent to telecom-scale deployments.
Interested in discussions and real-world use cases from industry leaders? Consider attending industry expos and conferences that focus on IoT, blockchain, AI and big data, cybersecurity and cloud technologies, and 5G—events where practitioners share lessons learned and practical approaches to securing next-generation networks.