Everything you need to know about IoT SIMs, Part II

Part I of this two-part special on IoT SIMs delivered an in-depth overview of how SIM technology has been specially adapted to manage and meet the challenges of the rapidly growing IoT Industry. In Part II, we delve deeper into IoT SIM security essentials, low power and long-life solutions, and how 1GLOBAL’s IoT solutions can help businesses hyperscale their ambitions in IoT. 

Read Part I of our IoT SIMs Guide here. 

Security essentials 

Security is a paramount concern in IoT given the potential scale of deployments, the escalating sophistication of bad actors, and the fact that each connected device represents a potential network vulnerability. IoT SIM solutions incorporate security at multiple layers:    

Network security 

Private Access Point Name (APN) 
Instead of using the standard public APNs shared by consumer devices, IoT deployments can utilize private APNs. This creates a dedicated, private gateway between the IoT devices and the enterprise's backend network, effectively isolating device traffic from the public internet and allowing only authorized devices on to this private segment.

Fixed/Static IP Addresses 
Assigning a permanent, unchanging IP address (either public or private) to each IoT SIM/device allows for reliable identification and enables secure access control policies (e.g., firewall rules allowing traffic only from known device IPs).    

Virtual Private Network (VPN) 
For end-to-end data encryption between the device and the enterprise network, VPNs can be employed. Often, IoT providers offer network-based VPN solutions (like IPsec VPNs) where the encryption tunnel terminates at the provider's network edge. This secures the data path without requiring the often resource-constrained IoT device itself to handle the processing overhead of VPN encryption.    

Provider security 

Secure core network 
Providers emphasize the security of their core network infrastructure, through which all SIM traffic flows. 1GLOBAL, for instance, highlights its single, secure core IoT network.    

Platform security features 
CMPs incorporate security controls such as role-based user access permissions, detailed audit trails logging all platform actions, and secure API authentication mechanisms.    

Industry certifications 
Reputable providers often adhere to stringent international security standards and undergo external audits to achieve certifications. Key examples include ISO 27001 (for overall Information Security Management Systems), the GSMA's Security Accreditation Scheme (SAS), which certifies the security of sites involved in eUICC/eSIM manufacturing (SAS-UP) and remote subscription management (SAS-SM), and potentially national standards like the UK's Cyber Essentials Plus. 1GLOBAL  holds these certifications.    

eSIM/iSIM security architecture  
The underlying eUICC and iSIM technologies, as standardized by bodies like GSMA and ETSI, are designed with robust security features comparable to traditional SIMs, including secure storage of credentials and encrypted communication during RSP processes. The integration within a secure enclave in iSIM further enhances physical security.  

Supply chain security 
Providers often vet their own technology partners and suppliers to ensure they meet required security standards.    

Incident response 
Mature providers have established processes and dedicated teams (like 1GLOBAL's Computer Security Incident Response Team - CSIRT) to proactively monitor for threats and respond to security incidents.    

Low power & long life 

For many IoT devices, especially those operating on batteries for extended periods, minimizing power consumption is critical.  

IoT SIMs, in conjunction with compatible device modules and supporting networks, enable specific low-power features designed for M2M communication:    

• Power Saving Mode (PSM) 
  Allows the device to enter a deep sleep state for long durations while remaining registered on the network. It wakes up periodically based on a pre-negotiated timer to check for any pending data or commands, significantly reducing power draw during idle periods.    

• Extended Discontinuous Reception (eDRX) 
  An enhancement of a standard cellular feature (DRX), eDRX allows the device to extend the time it "listens" for network pages (notifications of incoming data) during its idle cycle. By sleeping for longer intervals between these listening windows, it conserves considerable power compared to the more frequent checks required by standard DRX, while still allowing the device to be reachable by the network, albeit with potentially increased latency.

• Wake Up Signal (WUS) 
  Provided by 1GLOBAL as a supported feature, WUS is a newer mechanism intended to allow the network to send a very low-power signal to wake the device only when there is actually data pending for it, further optimizing sleep time.    

It is crucial to understand that the effective use of these power-saving modes is not just a hardware solution but also depends on support from the cellular network operator, the device's cellular module firmware, and proper configuration, which is often managed via the CMP.  

The IoT SIM features and advantages detailed above are not an exhaustive list, but already clearly illustrate a trend that, while the physical characteristics of the SIM (form factor, durability) remain crucial considerations, the value and differentiation in the IoT SIM market are increasingly driven by software and connectivity standards.  

Capabilities like the eUICC software enabling RSP, the sophisticated features offered by CMPs, complex logic for multi-IMSI management, and adherence to globally recognized security and interoperability standards administered by bodies like the GSMA and ETSI are increasingly pivotal.  

This shift towards software-defined connectivity is empowering businesses with greater flexibility, scalability, and operational control over their IoT deployments.    

IoT SIM challenges & considerations 

Despite the numerous advantages, deploying and managing IoT SIM connectivity also presents challenges that operators and professionals must consider: 

Management  
While robust security features are available, implementing and managing security consistently across potentially vast numbers of distributed devices remains a complex task.  

Proper configuration of features like APNs and firewalls, continuous monitoring for threats, and ensuring timely security updates or patches (where applicable) require dedicated effort and expertise. The interconnected nature of IoT means that a security lapse on one device will expose the broader network.    

Implementation 
Integrating newer technologies like eUICC/RSP into existing workflows and systems may require significant upfront effort, including thorough testing of OTA profile downloads and compatibility across different device types and network conditions.  

Implementing iSIM requires adjustments to the semiconductor manufacturing and personalization flow, demanding close collaboration between chip vendors, SIM providers, and device manufacturers. Ensuring seamless integration between the SIM provider, the mobile network operator(s), the CMP, and the enterprise's own backend systems can also pose challenges.    

Roaming 
While global roaming SIMs offer the convenience of a single provider relationship, coverage quality and performance may not be uniform across all regions. Roaming agreements underpinning the service can vary, potentially leading to suboptimal coverage or higher-than-expected costs in certain markets compared to using a local carrier profile.  

It's important to understand the specific network partners, supported technologies (e.g., availability of LTE-M or NB-IoT while roaming), and pricing structures associated with a global roaming solution to avoid coverage gaps or hidden costs. Technologies like eSIM/RSP can mitigate this by allowing switches to local profiles where necessary.    

Regeneration  
Although IoT SIMs boast long lifespans, it's crucial to align the SIM's expected operational life and data retention capabilities with the intended lifespan of the IoT device itself. This is particularly critical for embedded (MFF2) or integrated (iSIM) formats, as these cannot be easily replaced if the SIM fails before the device reaches its end-of-life.    

Fragmentation  
Due to its ferocious rate of development, the global cellular landscape is also fragmented, with different regions supporting different frequency bands and network technologies.  

Furthermore, older networks like 2G and 3G are being phased out (sunset) in many parts of the world. Selecting the right SIM and device module combination that supports the necessary bands and technologies (including 4G, 5G, and relevant LPWAN options) for all intended deployment regions is vital. Connectivity problems, often related to network compatibility or performance, remain a significant source of issues for deployed IoT devices.    

Organizations must consider the entire device lifecycle, encompassing hardware design (form factor selection, power budget), manufacturing processes (SIM provisioning strategy, SKU management), deployment logistics (activation, configuration), ongoing operations (monitoring via CMP, security management), and eventual decommissioning.  

The complexities highlighted emphasize that careful planning across hardware, software, connectivity services, security protocols, and operational procedures is essential for achieving a successful and sustainable IoT solution. 

The 1GLOBAL solution  

As an example of how leading providers are addressing the IoT SIM landscape, this section provides a snapshot of how all the concepts discussed earlier are implemented in practice by 1GLOBAL. 

Core offering  

At 1GLOBAL, we leverage modern SIM technologies to simplify global IoT deployments: 

eSIM as standard 
1GLOBAL’s eSIM technology (eUICC/RSP capabilities) is a critical part of our IoT offering, which future-proofs devices and enables simplified logistics through single-SKU manufacturing.    

Secure global solution 
1GLOBAL’s core value proposition is a secure, global IoT connectivity solution, manageable under a single contract via a unified platform.    

Remote SIM Provisioning  
The 1GLOBAL RSP solution isa key enabler , allowing remote management and profile switching at scale, supporting hardware across multiple generations (2G-5G, LPWAN). .    

Diverse form factors 
We offer a range of physical SIM formats, including 3-in-1 removable plastic SIMs, embedded MFF2 eSIMs, and potentially integrated WLCSP (Wafer Level Chip Scale Package, often associated with iSIM) solutions through partnerships.  

Network architecture & roaming 

1GLOBAL’s  network is designed for flexibility and resilience: 

Single core network 
1GLOBAL operates a single global core network that integrates connectivity from numerous sources. This includes direct Mobile Virtual Network Operator (MVNO) agreements within our defined "1GLOBAL Zone" (currently nine countries including the US, UK, Germany, Australia, Hong Kong) and a vast web of direct and indirect roaming agreements covering over 190 countries via partnerships with 600+ carriers.    

Multi-IMSI and steering 
1GLOBAL leverages patented multi-IMSI technology , allowing SIMs to switch between network identities. Network selection is managed via steering rules, remotely configurable and typically based on optimizing for cost or quality, aiming to provide resilience and access to the best available connection with our tailored IoT plans.    

Optimized performance 
1GLOBAL architecture includes multiple Points of Presence (POPs) globally, enabling local data breakouts. This means data traffic can exit the core network closer to the device's location, reducing latency and improving performance.    

Broad tech support 
The 1GLOBAL network supports 2G, 3G, 4G, 5G, and LTE-M technologies, with specific network profiles offered to optimize for different use cases (e.g., LPWAN, high-availability critical, standard roaming).  

Connectivity Management Platform (CMP) 

A central component of the 1GLOBAL offering is a unique Connectivity Management Platform: 

Comprehensive management 
The platform provides a web-based portal and APIs for managing the entire SIM lifecycle, from activation through monitoring to deactivation.    

Key functionality 
Features include a customizable dashboard, detailed SIM and device management, billing information access, real-time usage monitoring, configurable rules and alerts, notification systems, extensive reporting capabilities, full audit trails for tracking actions, and troubleshooting tools (like network status checks and SMS sending).    

Accessibility & scalability 
The platform is designed to be powerful yet user-friendly, scalable to support millions of devices, and is offered as part of the connectivity service without additional charge. API access facilitates integration with customer systems.    

Security Posture 

Network & infrastructure  
1GLOBAL offers the security benefits of a unique ‘single core’ network architecture. Infrastructure security practices are aligned with frameworks like CIS Top 20 and ISO 27001. Application development follows security best practices (e.g., OWASP), and third-party suppliers are vetted for security compliance.    

Dedicated Incident Response 
A formal Computer Security Incident Response Team (CSIRT) is in place to handle security incidents.    

Certifications 
1GLOBAL holds key industry security certifications, including ISO 27001, GSMA SAS (for our RSP data centers), and UK Cyber Essentials Plus, providing external validation of all security practices.    

Secure Partnerships 
Collaboration with security-focused partners, like JAMF and Synopsys for secure iSIM hardware modules, is part of the 1GLOBAL strategy.  

The strategic enhancements made by 1GLOBAL, such as the strong emphasis on eSIM/RSP for logistical simplification, the provision of a unified global management platform, and the focus on achieving recognized security certifications, directly address all of the key trends and challenges currently prevalent  in the IoT market.  

The need for simplified global deployment, effective remote management at scale, and a trustworthy security foundation are now essential strategic concerns for all market professionals.  

1GLOBAL’s network architecture, blending direct MVNO relationships with extensive roaming partnerships, is the ideal balance of cost, coverage quality, and global connectivity reach that characterize the most advanced IoT connectivity solutions.    

Next steps: Strategizing Your IoT Project 

Choosing the appropriate SIM solution for an IoT project extends far beyond selecting between plastic or silicon.  

As this blog illustrates, it involves a multifaceted decision-making process that requires a thorough understanding of the interplay between various factors:  

• The SIM physical form factor must align with the device's design and operating environment.

• Durability requirements dictate the necessary grade of SIM card.  

• Connectivity needs influence the choice of roaming capabilities and supported network technologies (including crucial LPWAN options).  

• The scale of deployment drives the need for sophisticated remote management platforms.  

• The sensitivity of the application underscores the importance of a robust security posture.  

• Power constraints necessitate consideration of low-power features.    

Ultimately, the selection of an IoT SIM solution must be driven by the specific technical and business requirements of the project.  

There is no single "best" answer. The optimal choice involves carefully evaluating the trade-offs between different form factors, features, and provider offerings.  

Organizations embarking on IoT initiatives can use the insights presented in this guide to assess their needs regarding coverage, durability, network features, management platform capabilities, security requirements, power budget, and overall total cost of ownership.  

However, the very best way to take the next steps on your IoT project is to contact us at 1GLOBAL, where we can help you form a winning strategy in an ever-changing market.