Automating Security Operations in Telecommunication Networks with GitOps

Abstract

5G network operators are continuously seeking more efficient methods for network security management. Concurrently, GitOps has emerged as a novel and effective approach to manage applications, configurations, and infrastructure. However, there has been limited research on integrating these two advancements. This thesis explores the integration of GitOps into telecommunication network security operations, proposing a new workflow to address the challenges in traditional methods.

We identify the challenges presented in conventional network security operations and introduce a new workflow based on the GitOps principles. Our work includes designing a declarative model to describe and store resources in Git repositories and implementing GitOps operators to ensure alignment between the desired state in Git repositories and the actual state of the managed network. Additionally, we incorporate various validation strategies within the continuous integration pipeline to enhance the robustness of the workflow.

The evaluation of the workflow involves case studies that compare traditional and GitOps workflows in real-world scenarios, such as updating security configuration, establishing experimental environments, performing disaster recovery, and detecting configuration drift. The analysis shows that the GitOps workflow improves efficiency, visibility, and traceability, eases disaster recovery, and automates configuration drift correction. The findings suggest that mobile network operators should consider adopting the GitOps workflow to enhance their overall security operations.