As the managed IoT connectivity market evolves and matures, something of a pattern has emerged. With the number and range of use-cases expanding, IoT applications tend to gravitate to one of the three connectivity alternatives: permanent local, flexible localization, or ad hoc roaming. While each model has advantages and drawbacks, there’s no one-size-fits-all option, forcing organizations to continue making hard decisions with long-reaching consequences.
Or will they. While application-dependent connectivity alternatives remain a genuine consideration, we can now deploy and support all options with a single, consistent, and agile provisioning model. eSIM – the GSMA’s standardized solution for remote SIM provisioning – is now ready for prime-time. Admittedly, it’s probably taking longer than ideal to achieve critical mass, and attempting to fill the gap has been a hotchpotch of alternatives known broadly as Multi-IMSI. Fortunately, eSIM is now gaining traction up and down the service stack and is set to become the go-to solution for future-proofing managed IoT connectivity.
As the introduction previews, machine-to-machine (M2M) connectivity such as IoT comes in many flavors, serving multiple purposes. All that some use-cases will ever likely need is local connectivity permanently linked to one preferred network operator. Still, provisioning and activating connectivity remain burdensome, and who’s to say that today’s operator-of-choice will remain competitive in terms of access capabilities and usage costs over the extended lifespan of a typical IoT deployment. Additionally, while traditional roaming can accommodate some applications, either because the flexibility is advantageous, the duration is relatively short, or the data quantities are light, it is becoming problematic for specific use-cases.
It’s difficult for roaming tariffs to be competitive compared to a localized connection profile, and data volume capping can occur, although a commercially savvy MVNO/M2MSP like Pelion can offset these issues. From the local MNO’s perspective, there can be a mismatch between the scale of connections and the wholesale revenue generated. When allied to the implications for signaling resources needed to service an MNO’s domestic base, the impacts on network design and capacity can combine to make long-term M2M roaming an unattractive business proposition. In addition, some regulators are now imposing strict limits on the total number of foreign roamers or the periods that any single SIM can roam. As a result, permanent roaming is facing challenges as a viable option for global IoT deployments.
Increasingly, managed IoT connectivity needs to cater to higher levels of flexibility. Whether it’s an IoT OEM servicing a global market or IoT devices that regularly transition between network access areas, dynamically customized and localized connectivity is emerging as a vital strategic capability. There’s no getting away from the fact that IoT is a long-term business. The reality is that strategies change, regulatory frameworks evolve, MNO priorities and relationships come and go, and flexibility is king, as recent events have proven.
Life on the Bleeding Edge
Of course, none of this is new, and there have been attempts at delivering a degree of post-deployment flexibility. Multi-IMSI has been the most common approach, and this involves pre-provisioning multiple IMSI profiles to the SIM card (the UICC) – one for every possible localization requirement. However, Multi-IMSI was always something of a halfway house that was more flexible than a standard SIM but did not deliver genuine flexibility and complete independence.
Nevertheless, besides the historical limitations of Multi-IMSI – a restricted scope of in-field changes, SIM provider lock-in, and wholly proprietary implementations – significant factors are emerging that make it increasingly problematic for future deployments. Many MVNO Multi-IMSI implementations incorporate infrastructure elements hosted in the Cloud, which has mounting implications regarding subscriber sovereignty requirements. Some regulatory jurisdictions and certain MNOs are becoming progressively more hostile to subscribers not entirely hosted on in-country infrastructure. Additionally, Multi-IMSI security implementations are altogether proprietary, and MNOs are sensitive to the risk posed by a targeted hack causing knock-on impacts to their networks.
Despite the various caveats and limitations, Multi-IMSI gave hope to those who needed flexibility beyond what a single, fixed SIM could provide. And Multi-IMSI’s real-world capabilities notwithstanding – plus the fact its capabilities are often oversold – it did validate that market demand for localization and customization existed and needs servicing.
Roll-On Genuine Remote SIM Provisioning
So, against a background of recognized market acceptance and increasing demand, the industry has moved forward with a fully standards-based solution for remote SIM provisioning. Since 2010, the GSMA, the industry body representing the interests of mobile network operators worldwide, has been working towards a software-based solution. The result of all that discussion, negotiation, and design is eSIM. Initially intended to address the M2M use-case, eSIM is also aggressively championed in the consumer space, with Samsung and Apple embracing it for wearables and smartphones. However, the consumer and M2M use-cases are very different, and the corresponding workflows diverged to deliver two implementation models for eSIM, each optimized of the respective application.
Focussing on eSIM for M2M/IoT, the GSMA’s target was to improve and optimize every aspect of the SIM life cycle – whether pre-deployment and post-deployment – from manufacturing, through distribution and activation, to operation, and – when appropriate or necessary – swapping. eSIM delivers in spades, with a flexible ecosystem that also features another crucial characteristic: portability. Because, despite the talk of flexibility, Multi-IMSI maintains a significant degree of lock-in; by its very nature, each of these wholly proprietary implementations binds the user with one supplier. In contrast, the eSIM standard, courtesy of its distributed architecture, mandates portability and flexibility; different organizational entities can deliver the various components. While a detailed discussion of the GSMA’s eSIM architecture for M2M is beyond the scope of this article, the key takeaway is that virtually every aspect of the eSIM supply chain can, should the need arise, port from one supplier to another.
And finally, no exploration of IoT options would be complete without evaluating the competing security aspects. As previously alluded to, Multi-IMSI is a broad concept, not one defined specification or standard, and therefore its “security” is equally variable and intangible. In contrast, the GSMA’s eSIM ecosystem is built from the ground up to be secure, with each element and supplier required to demonstrate compliance to a series of verifiable core security requirements. These include eUICCs being Common Criteria EAL4+ compliant, plus security compliance for eUICC personalization and the Subscription Management platforms. Ultimately, functional compliance and accreditation are subject to the GSMA-approved test and qualification program.
Pelion eSIM as-a-service
Yes, words do matter, as does context. Especially when considering alternatives to future-proof an IoT/M2M rollout at a global scale that needs robust security, proven identity, cross-vendor interoperability, service portability, and solution longevity. So, when the words are “GSMA standards-compliant,” they matter. They most certainly do.