• United States




5G without governance is risky business

Mar 27, 20204 mins
Network SecuritySecurity

5G implementations that fail to include baking in the needed governance safeguards will be subject to cost overages, inefficiencies and erosion of customer trust. Can your business afford that risk?

5G light trails
Credit: PLEJ92 / Getty Images

It is easy to understand the enthusiasm around the rise of 5G technology. In an era in which speed and connectivity are foundational ingredients in enterprises’ growth strategy, 5G presents unprecedented potential for businesses to innovate rapidly. Factor in the widespread proliferation of internet of things (IoT) devices in recent years — and how 5G’s vaunted bandwidth can accelerate IoT implementations — and the table is set for 5G to make a major impact in the new decade. But before racing toward a project at 5G-like speed, enterprises should ensure a governance framework is in place to support the project and make the time, effort and expense worthwhile.

According to the US Department of Homeland Security, 5G “will enable new innovation, new markets, and economic growth around the world. Tens of billions of new devices will be connected to the internet through 5G technology. These connections will empower a vast array of new and enhanced critical services, from autonomous vehicles and telemedicine, to automated manufacturing and advances to traditional critical infrastructure, such as smart grid electricity distribution.” The ways in which 5G is expected to deliver transformative impact are likely to extend even more broadly into emerging areas such as connected drones, wireless healthcare and personal AI assistants that are enabled by high-bandwidth 5G networks. The technology could be especially helpful for industrial companies that are enthused about 5G’s ability to triumph over connectivity challenges that can sink digital transformation projects.

This is the decade in which many of these advancements will become reality. While 5G deployment became much more common in 2019, it is expected to accelerate at a dizzying rate in the coming years. By 2023, there will be more than one billion 5G connections, according to IDC. It is exciting to think about how all these 5G implementations can spur enterprise growth, but organizations that are headed down this path should do so judiciously, taking into account the potential security, privacy and risk concerns that could come into play.

5G challenges

As is the case with all new and emerging technologies, there are multiple challenges enterprises must consider when moving toward 5G implementations. For one, the adoption of 5G technology could make an already difficult privacy landscape much more complex. Outdoor surveillance cameras and other 5G-enabled IoT devices are expected to be among the popular use cases for the technology. It would not be surprising to see increasing push-back from citizens about how this added level of surveillance capabilities for municipalities as well as private enterprises erodes their expected level of privacy. Similarly, utilizing 5G raises the standard for an organization’s cybersecurity capabilities given that 5G can expand cyber risks in several ways, including virtualizing software network functions that otherwise would be performed by physical appliances. The much-faster data speeds 5G enables “will force cloud-based and data virtualization services to be as airtight as possible to protect user data and privacy. On the same token, their users will have to be more careful and vigilant as stewards of their data,” writes Ted Kritsonis in Futurithmic.

Governance needed

Given these dynamics, there is a critical need for a governance framework in order to ensure that all of the key factors — such as connecting the 5G implementation to enterprise goals, the needed IT skills to execute the implementation, and privacy, risk and security considerations — are given due attention before, during and after the transformation. 5G implementations that fail to include baking in the needed governance safeguards will be subject to cost overages, inefficiencies and erosion of customer trust. Governance frameworks that can be right-sized and tailored to the specific needs of the organization — and that were designed flexibly to support integration of emerging technologies such as 5G — are especially effective.

Standing up a 5G deployment can be complicated and expensive while introducing major risks to an enterprise. Executed responsibly, 5G can enable business transformations that are game changers for organizations and their customers. Prioritizing governance around 5G transformations is the best way to provide enterprise leaders peace of mind that the end results will match their intentions.


Experienced leader and board member, international authority in cybersecurity, with a proven track record in developing and managing strategy, programs and initiatives. Innovative thinker, with several international patents to his name, proven successful communicator and consensus builder across borders and cultures.

Chris is Director and Past Chair of the Board of ISACA, an international non-for-profit association with more than 200 Chapters, serving more than 160,000 IT, Cybersecurity, Information Security, Audit, Risk and Compliance professionals, in 180 countries. He has served ISACA as Chair of the Board for 2 consecutive terms (2015-2016 and 2016-2017) and as director of the BoD for 9 terms (2010-2014 and 2015-present).

Chris is also a Board Member at INTRALOT a leading gaming solutions supplier and operator active in 42 regulated jurisdictions around the world. Prior to his role he has served as Group CEO, Group Chief Services and Delivery Officer, Group Director of Technology Operations and Group Director of Information Security.

He has also served as a member of the Permanent Stakeholders Group (PSG) of the European Network and Information Security Agency (ENISA) from 2012 to 2015. Chris has been working in the area of information technology for 20 years, he holds 3 patents, 6 awards and has authored more than 150 publications.

He holds a degree in Electrical and Computer Engineering and a Ph.D. in Information Security.