Zero Trust Security in Global IoT: 5 Key Considerations

Telia Company
Zero Trust Security in Global IoT: 5 Key Considerations
Illustration: © IoT For All

Cybersecurity experts discuss threats in terms of attack vectors, the points within a network that are vulnerable to unauthorized access. All of these attack vectors together make up your system’s attack surface. For obvious reasons, you want your attack surface to be as small as possible. 

Unfortunately, you can’t scale an IoT deployment without broadening your attack surface. Simply put, global IoT globalizes risk. Luckily, the Zero Trust Security framework offers a solution to effectively manage these global risks.

What Does Zero Trust Mean for Global IoT?     

The traditional approach to IoT security operates on the level of the network perimeter. The system “trusts” any network connection that originates from inside the perimeter. In other words, it assumes that the user or activity on the network has already been authenticated and authorized.  

The Zero Trust approach to IoT security takes a more cautious and proactive stance. It doesn’t assume a user, asset, or resource is continuously safe. It focuses on robust verification and authentication for each session or data transaction. This means implementing strict access controls, strong authentication, and continuous monitoring of all network traffic. 

But there’s a challenge: Most global IoT projects rely on cellular connectivity. You have to rely on mobile network operators (MNOs), each of which represents different security perimeters. The more MNOs you work with, the more security vulnerabilities you might face —and the less control you’ll keep.

“Every network operator has their own APIs and security processes,” said Rachit Saksena, Head of IoT Product Architecture at Telia “That variance creates a bigger attack surface because you could go wrong in so many places.”  

So how do you implement Zero Trust security when you don’t control the networks? The answer is simple, Saksena said. Rather than trusting the APIs and security protocols of many MNOs in many markets, global IoT providers should work with a single global connectivity partner that makes sure that other operators have implemented needed security to reduce the attack surface.  

Zero Trust Connectivity on a Global Scale: 5 Aspects of Security

The Zero Trust approach to security implements a comprehensive framework that ensures continuous verification and authentication for all assets, users, and resources within the network. These 5 security aspects that are steeped into the principles of Zero Trust are worth considering when looking at global IoT solutions.  

1. Secure SIM Provisioning

Ensuring Zero Trust security for SIM connections is the first security challenge in any global IoT deployment. That’s because of remote provisioning, in which eSIMs receive their identifications and credentials over the air (OTA). Provisioning involves lots of sensitive data and protection keys.  “Even a single compromised SIM card can compromise the entire network,” Saksena said. 

However, security can still be tested during provisioning flows. GSMA and 3GPP offer standards that provide a strong degree of protection for remote SIM provisioning. Select MNOs that follow the latest SGP specification to ensure compliant, secure SIM provisioning.   

2. Secure Data and SMS Connectivity

Another challenge is keeping your SMS and data connectivity secure. These connections use different network technologies like 2G, 3G, or LTE, linking your device to your system’s backend and vice versa.  

To solve the challenge, look for a connectivity partner that offers careful integrations of MNO data APNs and SMS connections, creating their own APN and SMS hub gateways across the world. These gateways enforce Zero Trust security policies at the enterprise level.  

“We ensure that the pre-integrated MNO is verified for all security measures for SMS and data-bearer connections,” Saksena said. “We also provide our support teams and enterprise users with tools to continuously verify security and create alerts for any unusual activities.”  

“With just a single click, enterprises have visibility and control over all the MNOs they work with, ensuring that data remains secure while in transit.”  

This means that enterprises can define and control the source and destination of data transit endpoints, giving them full control over their security and routing policies across all underlying mobile networks. 

3. Securing Connectivity Management Platforms 

Global IoT deployment involves multiple MNO integrations with a Connectivity Management Platform (CMP), which allows the enterprise to control the lifecycle of subscriptions and connectivity through API and GUI. As mentioned, each MNO offers its own distinct API or GUI. Without a global connectivity partner, you would be required to learn new security protocols for all these platforms and implement governance to make sure that the security is in place at all times and is regularly updated. 

“We provide a single pane of glass and a single API integration end point, which means that our platform is integrated with underlying MNO CMPs. We also make sure the integrations are secured and robust” Saksena said. “It’s easier for enterprises to work with a single supplier, as the enterprise now has to integrate with only one CMP instead of several MNO CMPs. This ensures process and integration security.”  

4. Automated Security at Scale

There’s another security advantage to working with a single connectivity partner: You have fewer opportunities to make a mistake. You set your security policies once, and the connectivity platform automates their implementation across all MNOs.  

“Enterprise onboarding is automated,” Saksena said. “SIM ordering is automated. All data security policies and VPN creations are self-service. You do this only once, and the platform cascades the configuration toward all underlying MNOs, minimizing human error.”     

In other words, you just have to get your policies right once. That reduces the risk of vulnerability.  

5. Cloud and MNO Agnosticism

In addition to protecting data at rest and during transit, global IoT systems must be reliable. If you rely on a single cloud provider or data center to manage all your connectivity, you might have a business continuity risk. A single natural disaster or national security event can bring your whole IoT deployment down. Instead, look for connectivity partners that offer redundancy through layered network agreements.   

“If a customer has a single MNO subscription in the IoT device and the MNO infrastructure goes down, IoT devices get disconnected” Saksena explained. The way around this is to provide multiple subscriptions for key markets that will ensure fallback, in case one of the MNO networks is unavailable. 

Implementing Zero Trust for Global IoT Deployments

Traditional, perimeter-based security controls can miss advanced threats, leaving your IoT deployment at risk. A Zero Trust approach limits your exposure to these hazards. With security risks managed, you’re free to focus on scalability, automation, and the broader benefits of a global IoT deployment.  

To achieve better security in a global IoT, however, you need the right partnership. By finding the right global IoT connectivity provider, you can remove the complexity of multiple operators and integrations — and implement Zero Trust in your global IoT deployments. 

Author
Telia Company
Telia Company
With a focus on IoT for the real world, we digitalize your products and operations by delivering proven IoT solutions and IoT connectivity for a broad range of companies and industries. Whether you need reliable low-power-wide-area or high-perform...
With a focus on IoT for the real world, we digitalize your products and operations by delivering proven IoT solutions and IoT connectivity for a broad range of companies and industries. Whether you need reliable low-power-wide-area or high-perform...