Nathan Howe, Global VP of Innovation at Zscaler
Most companies assume that a mobile device or thing is automatically secured as soon as it connects to a mobile network. Unfortunately, this assumption is rarely true in reality. As soon as a SIM card is active and a connection between the device and the network is established, data traffic can flow unhindered across mobile networks and even across provider boundaries. Such data transmission is rarely secured, leaving companies with a false sense of security for the majority of their IoT devices or mobile things.
Telecommunications companies do offer a certain degree of control at the network level. However, granular control tailored to a company’s specific security requirements is often not possible. As a result, most companies resort to traditional architectures such as firewalls, VPNs and backhauling into the corporate network. However, this move not only increases the complexity of the infrastructure and costs, but often fails to provide proactive, trustworthy control for modern IoT devices or mobile things. This is because once a connection to the network is established, the devices can communicate freely, granting attackers who have gained access to these data streams access to the entire IT infrastructure.
Mobile things also need seamless control
Instead, companies need granular control over every data packet that leaves a mobile device or thing. Rather than trusting that traffic will reach a network hub or firewall securely, every connection attempt should be evaluated immediately at the gateway and an access decision made. This early decision determines whether the data traffic can be forwarded to the Internet or a private application. Based on such a data path, companies can create and enforce policies before the data even leaves the device or thing. To do this, control over the data streams must be integrated into the base. With just one SIM or eSIM card for mobile data transmission, the company regains control over the device and data without having to set up a complex infrastructure. Activating the card ensures that data is forwarded to a zero trust security platform, which enforces the policies. The appeal here lies in the implementation of seamless security without the complex management of firewalls or tunnels for backhauling.
Such a zero trust approach enables the implementation of highly granular, context-sensitive policies based on identity, location, behaviour or risk factors. For example, a SIM card can be restricted for use in certain countries or regions to prevent unwanted roaming, data transfers or misuse. Data stream anomaly detection features further enhance security. These can be used to prevent or block unusual behaviour, such as attempts to access unauthorised resources or connect from unusual locations. These control mechanisms are global and consistent, ensuring seamless security without additional operational overhead anywhere in the world.
Zero Trust ensures universal control
Seamless integration is made possible by combining the previously separate areas of mobile operator connectivity and zero trust from the security provider. In a world where mobile devices increasingly control critical business functions, zero trust security from Zscaler Cellular is a decisive step forward in security. It provides mobile security without complexity. Once control over all data streams and the implementation of security policies is simplified, Zero Trust everywhere can be implemented. A universal service then applies not only to users, workloads or branch offices, but also to any mobile device.
