Cloudflare Launches an eSIM for Mobile Security

Cloudflare will launch its own eSIM card alternative, claiming to be the world's first "Zero Trust" SIM card. This new functionality may assist businesses in defending against mobile-based cyber threats. The new Cloudflare SIM follows the zero-trust security model, which stipulates a "never trust, always verify" approach in which devices are never automatically trusted, even if they have been verified or are already connected to a gated corporate network. It's not surprising that there's interest in such technology; mobile devices remain an extremely popular endpoint for hackers attempting to gain access to corporate networks; and in 2022, cybersecurity firm Zimperium examined over 500,000 phishing sites and discovered that the number of mobile-specific phishing websites increased by 50%. Employees who agree to allow Cloudflare to direct their work-related traffic via the SIM over a network with Zero Trust safeguards will be able to have their monthly data bills paid by their company.

Cloudflare claims the solution will be simple to implement, with users only required to scan a QR code from their phone's camera, which may be included in an employee's onboarding material. According to Cloudflare, the new SIM will enable organisations to prevent employees from visiting phishing and malware sites because DNS requests exiting the device will use the Cloudflare Gateway for DNS filtering automatically and implicitly. Furthermore, the new SIM will assist organisations in mitigating common SIM-based attacks. An eSIM-first strategy prohibits SIM-swapping or cloning risks, and physical SIMs are protected in the same way by locking SIMs to certain staff devices. Cloudflare also claims that the new SIM will allow secure, identity-based private connectivity to cloud services, on-premise infrastructure, and fleets of IoT devices via its WAN-as-a-service solution, Magic WAN. Zero Trust SIM has yet to be released, but it is planned to be available to clients on a regional basis, and Cloudflare is already testing the technology on its own network.

Cloudflare Zero Trust SIM will function in conjunction with Cloudflare's complete Zero Trust stack to enforce security rules on all traffic leaving the device. Furthermore, because the Zero Trust SIM is built on an eSIM (embedded SIM) first approach, SIMs may be automatically deployed and locked to a specific device, lowering the risk of SIM-swapping attacks, and saving security teams’ time.