Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Zscaler: Cellular Network Evolution & IoT Security Challenges

Zscaler
07/09/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


new innovation that Zscaler has today, focusing specifically on Zscaler Cellular. Now Cellular in this case, I'm going to take you back and show you why and how things are working before, and then we'll jump in to the new in a minute. On both sides here I have diagrams, I'm going to show you basically on my right, how you are using your mobile phone today, on the left I'm going to show you how your IoT devices connect back into your corporate ecosystem. Very simply and very easily, when you have a SIM, and that SIM is provided to you by your telco or your operator, you're going to get an identity, and you're going to get some rules. Now those rules are pretty simple, they're going to be things like, you're allowed access to Spotify, or maybe you can go directly to the internet. Now what happens then is when your device connects in to the SIM, it connects into the mobile network, it passes through the mobile controls, applies the rules and your ID, and then sends you out via an egress firewall. The firewall is kind of like the delimitation point between the mobile network and the internet and other carriers for what it's worth, and that traffic will then pass through out to the internet and onto its merry way to your destination application, whatever that might be. Maybe it's an Apple website, maybe you're browsing YouTube, who knows. Now that's pretty simple and easy. Now this can also be utilised for IoT devices that may be going directly to these apps. Now these apps themselves are on the internet, therefore they have to have a listener, something to connect in to. So there's a risk, and that's where if it's an enterprise application, you have to put something kind of like a firewall or some sort of ingress control to protect it up here to wrap that app in security. Obviously that's a layout you have to think about from a protection point of view. Now if you want to connect your cellular connected devices to your own internal ecosystem, normally where you'd have a corporate data centre or a company ecosystem network, let me just write company here, what you're going to have is a series of applications, and those applications are corporate solutions that you may need access to. It could be cloud-based services that you're interconnecting here. It could be a cloud up here, maybe AWS or an Azure or something else. The whole idea is that when you want to connect your IoT device, your cellular connected devices to this, you have to extend your network to where the SIM is, and this is through what is called a private APN, or access point network. The APN itself is ultimately an extension so that when a SIM tries to connect here, it's still going to have that identity I mentioned before, as over with your own personal devices, and you're going to have rules. Those rules are going to be applied to the mobile network and say, oh, this is not going to connect to the internet. It's going to come up to that edge firewall, it's going to go through that APN tunnel and pop out into your company network. What that means then is this SIM is ultimately part, and the device running the SIM is part of your company ecosystem, and vice versa. Devices from here can actually also go back out and back down to the SIM. Now there's some advantages to this. Clearly you're able to pass information back and forward, you're able to access devices anywhere in the world, but then any of these devices can access your corporate infrastructure, and this plays into that whole flat network argument that is probably not the most modern and probably not the most secure, especially when thinking about it in terms of zero trust. Clearly the risks are if someone misuses this SIM, they could get access to your company infrastructure, and likewise someone could break into your infrastructure and make their way into those devices. Now these devices are cars, vehicles, infrastructure around the world that are outside the walls of your buildings and your company, therefore you need to be aware of them. What I'm going to show you next is how we solve this with Zscaler.

TL;DR

  • SIM cards provide identity and access rules within mobile networks, with telco operators controlling whether traffic routes to the internet or corporate infrastructure through egress firewalls and Private APN tunnels.
  • Traditional Private APN deployments create flat network architectures where cellular-connected IoT devices become part of the corporate network perimeter, enabling bidirectional access between globally distributed devices and internal systems.
  • This architecture introduces security risks inconsistent with zero trust principles, as compromised SIMs or corporate infrastructure breaches could provide unauthorized access to either IoT devices or corporate applications without continuous verification.

Summary

This technical explainer examines the architecture of cellular connectivity for both consumer mobile devices and enterprise IoT deployments. Nathan Howe walks through how SIM cards function as identity and access control mechanisms within mobile networks, with telco operators defining rules that determine whether traffic routes to the internet or corporate infrastructure. The presentation contrasts traditional mobile phone connectivity—where SIMs connect through mobile networks and egress firewalls to reach internet applications—with enterprise IoT scenarios that require Private APN tunnels to extend corporate networks to cellular-connected devices. Howe identifies the security implications of this flat network architecture, where compromised SIMs or corporate infrastructure breaches could provide bidirectional access between IoT devices deployed globally and internal corporate systems. The video sets up the problem statement that Zscaler's cellular security solution addresses, emphasizing the zero trust gap in traditional Private APN deployments where devices become part of the corporate network perimeter rather than being treated as untrusted endpoints requiring continuous verification.

Chapters

0:00 - Introduction to Zscaler Cellular
0:22 - Consumer Mobile Connectivity Architecture
1:46 - Enterprise IoT and Private APN
3:06 - Security Risks and Zero Trust Gaps

Key Quotes

1:32 "So there's a risk, and that's where if it's an enterprise application, you have to put something kind of like a firewall or some sort of ingress control to protect it up here to wrap that app in security."
2:51 "What that means then is this SIM is ultimately part, and the device running the SIM is part of your company ecosystem, and vice versa."
3:13 "Any of these devices can access your corporate infrastructure, and this plays into that whole flat network argument that is probably not the most modern and probably not the most secure, especially when thinking about it in terms of zero trust."

FAQ

What security risks does Private APN introduce for enterprise IoT deployments?

Private APN creates a flat network where cellular-connected devices become part of the corporate network perimeter, enabling bidirectional access. If a SIM is compromised or misused, attackers could access corporate infrastructure. Conversely, if corporate infrastructure is breached, attackers could reach IoT devices deployed globally—vehicles, infrastructure, and equipment outside physical security controls.

How do SIM cards control access in cellular networks?

SIM cards provide both identity and access rules defined by telco operators. These rules determine whether a device can access the internet directly, specific applications like Spotify, or corporate networks through Private APN tunnels. The mobile network applies these rules before routing traffic through egress firewalls to destinations.


Categories:
  • » Webinar Library » Zscaler
  • » Cybersecurity » Network Security
  • » Cybersecurity » Zero Trust
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Zero Trust
  • OT
  • IoT Security
  • Network Security
  • Technical Deep Dive
  • Cellular Network Architecture
  • IoT Security
  • Private APN
  • SIM-Based Identity Management
  • Zero Trust Networking
  • Mobile Network Security
  • Enterprise IoT Connectivity
  • Flat Network Risks
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Zscaler: Cellular Network Evolution & IoT Security Challenges

              Upcoming Webinar Calendar

              • 07/09/2026
                01:00 PM
                07/09/2026
                The HUMAN Experience: Empowering Agentic Trust in Practice
                https://www.truthinit.com/index.php/channel/2026/the-human-experience-empowering-agentic-trust-in-practice/
              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting a Championship-Worthy Security Team for Unmatched Defense
                https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-worthy-security-team-for-unmatched-defense/
              • 07/14/2026
                02:00 PM
                07/14/2026
                Understanding the Crucial Role of Context in Safeguarding AI-Accessible Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-safeguarding-ai-accessible-data/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Strategies for Effective Data Privacy and Protection
                https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-for-effective-data-privacy-and-protection/
              • 07/22/2026
                01:00 PM
                07/22/2026
                Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue
                https://www.truthinit.com/index.php/channel/2029/insights-from-attackers-during-the-fifa-world-cup-a-human-dialogue/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 07/29/2026
                12:00 PM
                07/29/2026
                Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
              • 07/29/2026
                01:00 PM
                07/29/2026
                Ask Your Cloud Anything: Unlocking Governance Silos in your Environments
                https://www.truthinit.com/index.php/channel/2048/ask-your-cloud-anything-unlocking-governance-silos-in-your-environments/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Becoming Agent Ready: Insights from Cyera's Expertise
                https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jul
                09

                The HUMAN Experience: Empowering Agentic Trust in Practice

                07/09/202601:00 PM ET
                • Jul
                  14

                  Crafting a Championship-Worthy Security Team for Unmatched Defense

                  07/14/202601:00 PM ET
                  • Jul
                    14

                    Understanding the Crucial Role of Context in Safeguarding AI-Accessible Data

                    07/14/202602:00 PM ET
                    • Jul
                      21

                      Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

                      07/21/202604:00 AM ET
                      • Jul
                        22

                        Insights and Strategies for Effective Data Privacy and Protection

                        07/22/202606:30 AM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version