So, the green zone, or the high-profit zone, is where you want to be as a mobile operator. The question is: will a dedicated mobile core for IoT take you there? Before we try to answer this question, let’s first examine some of the use cases the mobile core and OSS/BSS need to support.

IoT complexity

In the utilities market, a customer may need to connect hundreds of thousands—perhaps even millions—of “dumb” IoT devices such as electrical meters. They are dumb in the sense that they are simple and cheap, so they often lack security features such as VPN connectivity. These devices have a vulnerable position in people’s homes. Thus, they need to be protected by firewalls and you may need to detect anomalies in the traffic patterns.

Let’s now move to a more complex use case: the connected vehicle. A modern car is a hub of multiple IoT devices. These devices include suspension systems, batteries, brakes, security systems, entertainment systems and more. They all need private connectivity for firmware upgrades and predictive maintenance. So, the mobile core needs to deliver multiple VPN connections from a single physical connection. The car manufacturer needs to be in control of the policies for this. In addition, the Internet connection for the entertainment system may also need complex routing rules. For instance, some traffic needs to go to the home country so that the passengers can watch their local streaming content while abroad.

The small and medium enterprises (SME) market is the direct opposite of the automotive industry in that companies have very limited IT resources. For most small companies, setting up a VPN tunnel is an impossible task. Many of them also have legacy systems with limited security features. In order to address this mass market, mobile operators must offer managed security. To scale with profit, operators likely also need to develop an easy-to-use app for self-management of the service.

Global challenges

For customers with things crossing national borders, operators cannot rely on roaming alone. Regulators in many countries—including Australia, Brazil, China, India and Turkey—prohibit the use of IoT devices managed by foreign operators via roaming agreements. There are also cases in the United States and Canada in which the operators themselves, for commercial reasons, prevent permanent roaming. As a result, compliance with roaming partner and regulator rules has become critical for global connectivity. 

The answer is of course to use eSIM (eUICC) and localize the device to the right country by changing the SIM profile over-the-air (OTA). This is important also for stationary things. The analyst firm Transforma Insights estimates that at least 70 percent of cellular connections remain active in just one country for the lifetime of the device. 

To see how this plays out, let’s look at an example of a manufacturer of coffee machines rented out to coffee shops all over the world. Just imagine the benefits in simplicity and freer capital of producing a single version of the machine instead of individual versions for each country. Imagine how the risk is lower of being blocked for violating local regulations and rules for permanent roaming. This approach is much simpler than finding a local IoT connectivity provider in each territory and making integrations with each one of them.

But localization introduces new challenges. In order to have full control and also apply managed security and other value-added services, the home operator would have to arrange with each local operator partner to have the traffic home-routed.

In addition, some customers require a unified IoT service in which the device, for instance, keeps its IP address no matter what network it connects to. This is a challenge both in the roaming and localization case, as normally the visited operator assigns the IP addresses.

It is also costly to provide customers with their own private APN and VPNs across territories to create seamless and unified connectivity across partner operators. What if customers want some traffic routed back home through VPNs and the rest routed to the Internet?