Security

EXCLUSIVE INTERVIEW

Unresolved Conflicts Slow eSIM Upgrade Path to Better IoT Security

IoT internet of things

Misconceptions about embedded SIM cards (eSIMs) for IoT are keeping companies from adopting this new technology. That is detrimental, as eSIMs are crucial for patching and successful secure IoT deployment.

eSIMs are slowly replacing standard SIMs in IoT devices and products such as smartwatches. They are also making their way into the machine-to-machine world.

The rollout, however, is slowed by unresolved conflicts between competing technical standards and tightened restrictions on data management regulations globally. Despite the need for better IoT device security, clearing the adoption roadblocks is less than likely anytime soon.

Machine-to-machine, or M2M, is a broad label that can be used to describe any technology that enables networked devices to exchange information and perform actions without the manual assistance of humans.

Controversial Technology

Led mostly by the automotive and transportation industries, eSIMS also contribute to tracking functions in health care, smart mobility, utilities, and other sectors. But eSIM technology so far remains controversial, noted Noam Lando, CEO and co-founder of global connectivity provider Webbing.

Webbing provides an enterprise-grade solution for Fortune 500 and IoT/M2M companies, as well as an embedded solution for various manufacturers across the globe. The deployment is part of a phasing process to ensure a secured and continuous internet connection for all devices, no matter where they are in the world.

Lando said that “eSIM technology is a game-changer in telecom. It completely digitizes the cellular subscription provisioning process. As with any technology that is disruptive, there are a lot of debates and discussions around it to better understand its benefits, dispel misconceptions, and its impact on accelerating IoT use cases.”

Why all the Fuss?

We asked Lando to go below the circuit boards to reveal why eSIM technology is creating such an industry-wide furor.

TechNewsWorld: Is the technology upgrade to eSIMS worth the ongoing unrest?

Noam Lando: eSIM technology promises the establishment and maintenance of cost-effective connectivity that is accessible anywhere in the world regardless of where the device is manufactured or deployed as well as ultimate control. With the promise of eSIM technology, enterprises can scale their IoT deployments globally, reduce total ownership and business process management costs, and reduce time to market.

This creates great hype, especially when you have device makers such as Apple, Microsoft, and Google including eSIM as a standard feature in their new devices.

I sense a “BUT” here. Always there seems to be a BUT in the works. So what is the big BUT surrounding eSIM development?

Lando: However, when companies look deeper into implementing eSIM technology, they realize there are two standards: consumer and machine-to-machine (M2M). They are not sure which standard to use and often realize the implementation of eSIM technology is not as simple for their IoT devices as it is for smartphones, laptops, and tablets.

So, there are a lot of discussions around the two standards and their pros and cons, especially around M2M.

What are the drawbacks to standard SIMs?

Lando: For traditional SIM cards, carrier provisioning is done at the manufacturing level. They can host only one profile and are not reprogrammable. That is why you need a new SIM when switching cellular providers. This is not ideal for IoT deployments. Especially global ones.

Noam Lando, CEO and co-founder Webbing
Noam Lando, CEO at Webbing

Once the SIM has been implemented, you have vendor lock-in. With thousands and even millions of devices in an IoT deployment, it is impractical to change SIM cards when you want to change wireless carriers. It requires a site visit, and the card may be physically difficult to access.

In addition, issues surround complying with the global trend to enforce regulatory requirements on communication services and data management. These include restrictions on data leaving the country and global enterprises needing localized deployments with local wireless carriers.

This requires warehousing, managing, and deploying a number of wireless carrier-specific product SKUs which drive up production and logistics costs.

The attraction to eSIMs seems obvious. What are the main benefits?

Lando: eSIM technology offers a robust, scalable solution to the limitations of the traditional SIM. What makes an eSIM unique is the technological advancements made to the UICC, the software of the SIM, which is now called the eUICC.

That new technology follows a new standard developed by the GSMA. It is remotely programmable and reprogrammable, can host multiple cellular carrier subscriptions, and makes the selection, contracting, and onboarding of cellular providers easier with over-the-air (OTA) provisioning.

I sense another BUT in the works here. What are the unresolved issues with eSIM replacements?

Lando: Consumer and M2M are implemented differently. The consumer standard targets consumer devices like mobile phones, tablets and laptops, wearables, and other IoT devices with an end-user interactive environment. It is secure by design, can host multiple wireless carrier profiles, and facilitates carrier swaps. However, it is designed for private consumer use.

How suitable for other uses are eSIMs?

Lando: The M2M standard targets industrial M2M and IoT devices such as cars, water meters, trackers, smart factories, and other components used in an industrial, non-end-user interactive environment.

The M2M eSIM standard is also secure by design. It facilitates carrier migration and, in theory, offers remote centralized management and provisioning of carrier profiles. However, it isn’t as cut and dry as it seems.

That said, why is upgrading not so promising yet?

Lando: M2M eSIM implementation is cumbersome, time-intensive, and has long capital investment cycles. It requires collaboration between the enterprise, eSIM manufacturers, and the wireless carrier throughout the manufacturing process for implementation.

What are the biggest misconceptions about eSIMs for IoT?

Lando: The biggest misconception about eSIM for IoT is that the benefits it provides to consumer devices can be applied to IoT. Enterprises quickly realize they must implement a different standard for IoT/M2M, which requires an SM-DP (Subscription Manager – Data Preparation) and SM-SR (Subscription Manager – Secure Routing) to provision and remotely manage carrier subscriptions. The M2M standard is cumbersome, requiring a substantial investment of funds and time to orchestrate the implementation of wireless carriers.

Where do you see the battle between competing standards headed?

Lando: When looking at mobile data connectivity, there is no major difference between M2M and IoT device needs when it comes to Remote SIM Provisioning. If anything, the benefits of eSIM (eUICC) technology are greater for M2M devices since they usually have a longer life cycle, and the demand for changing a carrier at some point is high.

This could be for commercial or technical reasons. Therefore, M2M devices are also likely to get eSIMs instead of standard SIMs.

Developers favor eSIMs to solve IoT and embedded firmware patch issues. eSIM hardware and eUICC components are certified according to the GSMA’s Security Accreditation Scheme (SAS). This guarantees a very high level of security. Furthermore, cellular connectivity is secure by design: data is encrypted, and users are securely identified.

What are the most critical problems facing IoT and embedded technologies?

Lando: The most critical problem facing IoT deployments is carrier lock-in and dealing with different global regulatory requirements. In such cases, enterprises need local deployments and local wireless carriers. Enterprises with global deployment need the flexibility to change carriers easily and efficiently to meet local regulations.

Why are companies not proactively adopting eSIM technology?

Lando: From our experience, companies want the promise of eSIM technology, but the current ecosystem fails to provide it. The two eSIM standards disregard enterprises’ need to manage their fleet of devices.

On one hand, enterprise-based devices such as mobile phones, laptops, tablets, scanners, and the like fall under the consumer standard. So companies don’t have full control over the installation and management of carrier profiles with centralized eSIM management. The consumer standard requires the end-user with the device in their hand to consent to install carrier profiles.

Meanwhile, the M2M standard for IoT deployments are cumbersome. They require a substantial investment of funds and time to orchestrate the implementation of wireless carriers.

It also limits customer choice due to a complicated implementation to switch between carriers.

This is part of the reason we developed WebbingCTRL, an eSIM, with a management platform, that can easily and remotely be configured as any wireless carrier’s profile, paving the way for the adoption of eSIM technology in the IoT space.

Jack M. Germain

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Jack M. Germain
More in Security

Technewsworld Channels