Redefining security in mobile networks with clientless SASE

As organizations adapt their IT ecosystems to include IoT devices and expand remote work options by enabling employees to use personal mobile devices, enterprise mobility has become essential to modern business operations. However, this change presents numerous security challenges and lifecycle management issues, especially considering that mobile devices connecting to networks are often not compatible with traditional security solutions such as virtual private networks (VPN) or endpoint tools.

Mobile network operators (MNOs) and mobile virtual network operators (MVNOs) are at the forefront of this challenge. These service providers have a dual responsibility: ensuring optimal connectivity while protecting data privacy and user experience. As the market for basic communications services becomes increasingly commoditized, these operators are forced to look for new ways to generate revenue in the form of value-added services. Among them, security services stand out as a promising opportunity.

However, fulfilling these security responsibilities often becomes an ongoing obstacle, largely due to the limitations of traditional security architectures in meeting the needs of mobile and remote workers.

Challenges for MNOs and MVNOs

One of the main challenges facing mobile operators is the inadequacy of traditional security architectures designed for a more static and centralized IT environment. These architectures struggle to provide seamless and secure access to applications and data to users who are often located outside the boundaries of the traditional network.

Moreover, the proliferation of Internet of Things (IoT) devices adds another layer of complexity. Many IoT devices, referred to as “closed” systems, do not support the installation of traditional security clients or agents. This limitation not only creates potential security vulnerabilities, but also complicates the implementation of security solutions on these devices. In many cases, security controls impose heavy computational load and bandwidth on devices that are designed to be lightweight and require little processing power.

Moreover, the operational complexities and increasing expenses associated with overseeing multiple devices, operating systems and user profiles pose significant challenges. A conventional approach that relies heavily on client software for access and security results in piecemeal security measures that are cumbersome to manage and scale. Additionally, to accommodate agent-based security solutions, expensive firewall appliances are required to manage the large number of tunnels generated by endpoint devices.

Together, these challenges underscore the need for a new approach that can offer comprehensive, scalable and efficient security solutions tailored to the needs of mobile operators and their diverse user base.

Understanding SASE and its integration with SIM

Secure Access Service Edge (SASE) represents a revolutionary approach to network security for mobile operators. It integrates comprehensive security services with advanced network capabilities in one unified structure.

SASE is fundamentally designed to meet the dynamic access needs of modern enterprises by combining network security features such as Secure Web Gateways (SWG), Cloud Access Security Brokers (CASB), Firewall as a Service (FWaaS), and Network Zero -Trust (ZTNA) with the ability to work in a wide area network (WAN). This convergence enables organizations to securely connect users, devices and applications regardless of their geographical location, thus providing secure and seamless access to the distributed digital landscape.

However, there are several limitations to the use of SASE in cellular networks. Many mobile and IoT devices are ill-equipped to support traditional security clients, which complicates their integration into the SASE framework and introduces complexity in lifecycle management.

To address this, the SASE solution has now been integrated with Subscriber Identity Module (SIM) technology, referred to as Versa SASE on the SIM card. Using SIM-based identity, SASE on SIM provides reliable authentication and access control on cellular networks. This SIM-based approach makes it easy to apply dynamic SASE security policies directly to mobile devices, thereby extending security services to mobile and IoT devices without the need for traditional security clients.

SASE on SIM works by routing traffic from SIM-enabled devices through the SASE architecture, where it undergoes comprehensive security checks and policy enforcement before reaching its destination. This method ensures that only authenticated and authorized devices will have access to network resources, which significantly increases security. Moreover, by using SIM-based identity, this solution streamlines the authentication process, making it more secure and user-friendly.

So how does providing effective security as a value-added service and supporting enterprise mobility benefit mobile operators?

Benefits of implementing SASE on SIM for mobile operators

The key benefit of SASE on SIM is the ability to offer a scalable, agentless and secure connectivity solution, while saving bandwidth by bypassing the need to create individual tunnels through VPN clients. Eliminates the need to deploy separate private access point names (APNs) for each enterprise, simplifying network architecture and reducing operational complexity. This integration addresses the critical security and connectivity challenges faced by MNOs and MVNOs. At the same time, it adapts to the changing needs of modern enterprises, offering a scalable, secure and efficient solution to support today’s diverse and mobile workforce.

SASE on SIM enables mobile operators to efficiently scale security and connectivity services, adapting to the rapid growth and diverse needs of the evolving mobile and IoT ecosystem. Because operators can move away from managing multiple security agents across different devices and operating systems, their operations are simplified. By leveraging SIM-based identity for authentication and access control, SASE on SIM reduces operational complexity and costs, increasing network management efficiency.

It also provides enhanced security by combining comprehensive SASE security services with strong SIM authentication capabilities. This approach ensures consistent application of security policies at the network edge, close to user devices, offering advanced protection against threats and unauthorized access.

Most importantly, SASE on SIM complements the Zero Trust security model that advocates “never trust, always verify.” Such solutions maintain rigorous security standards, constantly verifying every device and user seeking access to the network, regardless of their location. This minimizes the attack surface and reduces the risk of data breaches, ensuring mobile operators can provide secure, efficient and user-friendly connectivity. This approach embodies the essence of built-in security measures in today’s mobile ecosystem, seamlessly adapting to Zero Trust principles.

Overall, SASE on SIM is a key innovation for MNOs and MVNOs, offering a path to providing secure and efficient mobile communications services. By combining the dynamic security capabilities of SASE with the ubiquity and reliability of SIM-based authentication, mobile operators can meet the evolving mobility needs of enterprises with security, scalability and operational simplicity. This approach not only solves the pressing challenges of today’s mobile ecosystems, but also paves the way for a future where secure and seamless connectivity can be maintained.

Image credit: mc_stockphoto.hotmail.com/depositphotos.com

Chitresh Yadav is Director of Sales Engineering at Versa Networks.