Are smartphones always fully secure? It depends on how “secure” is defined, especially when it comes to enterprise environments. Most companies with bring your own device policies install apps or agents on employee smartphones to help secure them, leveraging management capabilities built into operating systems like Android and iOS. But these might not be enough.
That’s what Cloudflare argues, at least, in the pitch for the new services it’s launching this week. Today, the company announced Zero Trust SIM and Zero Trust for Mobile Operators, two product offerings targeting smartphone users, companies securing business phones and operators selling data services.
Let’s start with Zero Trust SIM. Designed to secure all data packets exiting a smartphone, Zero Trust SIM – once launched in the US (to begin with) – will be available as a deployable eSIM through existing mobile device management platforms on iOS and Android devices. It will be locked to a specific device, mitigating the risk of SIM swapping attacks, and usable either in a standalone configuration or in tandem with Cloudflare’s mobile agent, WARP.
In a recent email interview, Cloudflare CTO John Graham-Cumming explained that Zero Trust SIM can accomplish what VPNs and other secure layers cannot: cell-level protection. A SIM card can act as another security factor and, in combination with hardware keys, make it nearly impossible to impersonate an employee, he argued.
“Zero Trust SIM provides defense in depth. A VPN layer is one such component, but doesn’t remove the need to deploy cellular connectivity to all your mobile devices today, and traditional “AnyConnect”-style VPNs do nothing to stop attackers from roaming around. laterally once they are inside the VPN,” Graham-Cumming said. “We continue to see organizations breached due to issues securing their applications and networks, and what was once a real estate budget is quickly becoming a ‘secure my remote and distributed workforce’ budget from the perspective computer security”.
Specifically, Graham-Cumming said Zero Trust SIM will allow Cloudflare to rewrite DNS queries by letting a device use Cloudflare Gateway for DNS filtering instead. It will also support validation of each host and IP address before it reaches the Internet and identity-based connectivity to services and other devices, and it can be used as a second factor of authentication, a-t -he adds.
While pricing hasn’t been decided, Zero Trust SIM – which will launch in the coming months – will be treated as part of Cloudflare’s Zero Trust platform from a billing perspective – Graham-Cumming says it will be an extension of the per-price per seat that Zero Trust customers have today. It expects most devices to be compatible, and even more so once Cloudflare starts providing physical SIM cards for the service, which it plans to do in the near future.
“Our intention is to start in the United States, but work quickly to make this a global service – running a global network is at the heart of what we do,” Graham-Cumming said. “Although we are in early development here, we are already working on a parallel initiative in the Internet of Things (IoT) industrial space (e.g. vehicles, payment terminals, shipping containers, vending machines). The Zero Trust SIM card itself is a foundational technology that opens up many new use cases.
When it comes to IoT, Cloudflare today previewed a platform for IoT devices – aptly called IoT Platform – with the goal of providing a single, panoramic view of a fleet of connected devices. . Intended to compete with IoT management services from Microsoft Azure, Amazon Web Services, and Google Cloud, Cloudflare’s offering manages the ordering, provisioning, and management of cellular connectivity and security for the IoT.
According to Cloudflare, every packet that leaves every IoT device can be inspected, approved, or rejected by customer-created policies before it reaches the internet, cloud, or other devices. Additionally, devices can be locked to a specific geographic area to ensure that sensitive traffic does not reach public channels.
More information will be available in the coming months closer to the official launch of the IoT platform, says Cloudflare.
Cloudflare had less to share on the Zero Trust front for mobile operators. An operator partnership program, Zero Trust for Mobile Operators, will allow service providers to offer subscriptions to Cloudflare’s Zero Trust Platform mobile security tools, Graham-Cumming said. Interested operators can register today for more information.
It’s speculated that Zero Trust for Mobile Operators — and, for that matter, the new Zero Trust SIM card — is piloting what could become a lucrative line of business for Cloudflare beyond WARP, which the company launched on a freemium model three years ago. According to Allied Market Research, the global mobile security market was valued at $3.3 billion in 2020 and could reach $22.1 billion by 2030.
IoT Platform also makes sense for Cloudflare, given the strength of the IoT market. According to one source, business spending on IoT grew 22.4% in 2021 to $158 billion, as tailwinds such as supply chain challenges strengthened. The segment is teeming with incumbents, but Cloudflare is obviously betting it can weigh in enough to make a significant dent.