In August, Zscaler will launch a cellular solution that brings Zero Trust security to IoT and OT devices. With just a SIM card, companies can secure their devices worldwide, eliminating the need for VPNs or additional software.
The number of IoT and OT devices on corporate networks has increased significantly in recent years. Zscaler has observed that these devices are becoming an increasingly weak link in corporate cybersecurity. That is why Zscaler is introducing Zscaler Cellular, a solution that brings Zero Trust principles to cellular connections. This is accomplished through the use of a SIM card. According to Group VP of Emerging Technologies Nathan Howe, most IoT and OT devices have SIM slots. This includes devices where you would not expect it. In an interview with Techzine, he cites vending machines and smart city equipment such as traffic lights as examples.
Collaboration with telecom providers
Zscaler is collaborating with telecom providers to bring Zero Trust security to cellular networks. This involves the two or three largest telecom providers in each country. In most countries, the majority of connections will run through these telecom networks. This is exactly the case in the Netherlands and Belgium, for example, where KPN, VodafoneZiggo, and Odido and Proximus, Orange, and Telenet are the dominant players. Combining telecom infrastructure with the Zscaler Zero Trust Exchange platform creates secure and scalable connections for IoT and OT devices. If a partner’s network goes down, the connection will be switched to an alternative telecom provider within the country.
Partnerships with companies such as Stacuity and BT provide managed security services that address the specific challenges of distributed, cellular-connected environments. This enables organizations to extend Zero Trust principles across global cellular networks.
Implementation
The solution works with a SIM card that can be inserted into any IoT or OT device. Without additional software or VPN connections, devices automatically gain access to any cellular network worldwide. At the same time, the system isolates each device on its own “private island.”
All connections run through the Zscaler platform, which provides complete visibility and control. This represents a significant improvement over traditional approaches, where companies are often unaware of what their cellular devices are doing.
Visibility as a foundation
Howe explains to Techzine that Zscaler Cellular, the project in which Daan Huybregts is also involved as Zscaler’s Head of Innovation, was launched several years ago. As a result, it has now been tested in practice on several occasions. For example, a SIM card was placed in a vending machine. Based on the data that could be read thanks to the secure connection, it was discovered that the vending machine was connecting to China. This kind of information cannot be obtained without monitoring, but can be retrieved by Zscaler Cellular.
From a security perspective, a core problem with IoT and OT devices is usually the lack of visibility. Many organizations are unaware of exactly what their cellular devices are doing. These devices often communicate unnoticed via the internet and private networks, outside traditional security controls. The vending machine example illustrates this perfectly. Zscaler Cellular addresses this problem by routing every data packet from cellular devices through the Zero Trust platform. This gives security teams complete visibility into device behavior, even for devices that were previously out of reach.
Granular management
In addition to visibility, Zscaler Cellular also provides granular control over every packet leaving the device. Instead of waiting for traffic to reach a network hub or firewall, connection attempts are evaluated and assessed immediately at the edge of the network. This early decision-making determines whether traffic is forwarded to the internet or a private application. Organizations can implement highly specific, context-aware policies based on identity, location, behavior, or risk factors.
For example, a SIM card can be restricted to operating only within specific countries or regions, preventing unwanted roaming, data transfers, or misuse. Anomaly detection flags or blocks unusual behavior such as access attempts to unauthorized resources.
Ultimately, Zscaler has prioritized simplicity in its design. Organizations gain immediate visibility into what is happening and can enforce policies according to the zero trust principles for which Zscaler is known. This also includes the idea of eliminating tasks such as firewall management and tunneling. Zscaler considers this approach outdated and unnecessary. By extending zero trust principles to cellular connections, organizations can maintain a consistent security policy regardless of the location or network of their devices.
Zscaler Cellular will be available worldwide in August 2025.
Tip: “Firewalls will become like mainframes, Zero Trust is the way forward”