IoT Connectivity and Security

Cellular IoT Connectivity Control

Leave your Mobile Core untouched and create stunning cellular IoT connectivity services

Download our white paper – Hyperscale Cellular IoT

Programmable Layer of Automation, Security & Policy

Cellular IoT Connectivity Control Reinvented

The Enea IoT Connectivity Control Service™  (IoT CCS) is an award-winning programmable layer for cellular IoT connectivity control, security, and automation delivered as a unique instance per IoT Connectivity Services Provider (IoT CSP) on Amazon AWS.

Enea IoT CCS introduces a new solution category on the market—the IoT Connectivity Control Function (ICCF)—and works in concert with existing Connectivity Management Platforms (CMPs).

IoT CCS is a unique market offering that effectively solves multiple long-standing challenges for IoT CSPs. Let’s explore some of these challenges and how IoT CCS solves them.

The answers to your challenges

How Can I, as an IoT CSP…

Delivering a private APN with an enterprise VPN is normally a tedious process for both the service provider and their enterprise customers, which can take weeks to complete.
With Enea Aptilo IoT CCS, we can automate the delivery of VPNs for private APNs through a customer self-service portal.

Philipp Rimli, Product Manager Swisscom.

A Disruptor in IoT Connectivity Management

Layers in a hyperscale IoT connectivity solution

Many IoT CSPs offer basic connectivity management, where customers can manage their SIM cards. The next step up often requires a wholly customized IoT connectivity service. Each customer deployment becomes a costly project with extensive manual configuration efforts. IoT CSPs are missing out on a mass market with customers prepared to pay for value-added services but not bespoke development.

We suggest IoT CSPs leave their core networks untouched and use hyperscalers to add a programmable, flexible layer of IoT connectivity control to their mobile infrastructure. Here, they can automate most of the customization efforts. Self-management portals allow customers to tailor connectivity policies and manage IoT security settings.

IoT CSPs do not have to spend resources creating this hyperscale IoT connectivity control layer!

Welcome to Enea IoT Connectivity Control Service™ (IoT CCS), an award-winning service hosted on Amazon Web Services (AWS). IoT CSPs can go beyond traditional IoT connectivity services by providing a programmable, automated, secure, flexible, and scalable global IoT connectivity. The IoT CSP sends the IoT traffic to their instance of IoT CCS through a secure IPSec tunnel(s). Global IoT connectivity is obtained by connecting international MNO partners and connectivity hubs to IoT CCS similarly.

The extensive IoT CCS API enables customer self-management with the automation of Enterprise VPNs.

The industry has acknowledged the benefits of Enea IoT CCS, our hyperscale IoT connectivity control solution. To date, we have been esteemed finalists for 12 awards and proudly selected as winner for 8 of them.

Discover below how an average enterprise can save a substantial 28 percent of their cost of global IoT connectivity by choosing an IoT CSP that has embraced a hyperscale approach.

The key in this category was to bring real innovation in the market, and this is what Enea does. One jury member liked the fact that Enea IoT CCS addresses a real problem for mobile operators, enabling them to profitably launch IoT services while meeting the needs of enterprise customers, and another member said it had hyperscale potential.

Matt Hatton – Transforma Insights

Presenting the Jury’s motivation at the 2021 WCA IoT Innovation Award

Enea IoT CCS, winner of 8 in IoT Indujstry awards


Cellular IoT Connectivity Control

Enea IoT CCS architecture overview


Enea IoT CCS has the following integration interfaces towards IoT CSP core :
  • Traffic plane: Operators only have to extend one shared APN via IPsec to IoT CCS in the cloud.
  • Control plane: We use a standard 3GPP Gi/SGi/N6 interface for signaling.
  • Integration: IoT CCS integrates through REST API towards the operator’s customer self-service application and other systems, e.g., to provide analytics data, create secure private connections (Multitenancy Private APN) and assign the device’s IP address.
  • Global Connectivity: Partner MNOs and global connectivity services can be easily connected to IoT CCS, the same way an IoT CSP connects its own network.

IP Assignment is Key to the IoT CCS Magic

Policy-based IP assignment is crucial to the most critical IoT CCS features, including our Multitenancy Private APN functionality and the ability to enable a genuinely unified IoT connectivity service.

Flexible IP assignment is also vital for you as an IoT CSP to meet enterprise customers’ needs. One would expect that the IP address would not matter much in modern IT architecture. Dynamically assigned IP addresses should be sufficient, and there would be mechanisms that update the IoT back-end when the IP address changes.

However, many enterprise IoT customers rely on keeping the same IP address for an IoT device and even their custom IP range for all their devices.

There are many benefits to letting a programmable hyperscale layer handle the IP allocation. The most obvious one is the ability to maintain the same IP address even when a device moves across your MNO partners’ networks.

With IoT CCS, the allocated device IP address and the IP address of the primary and secondary DNS server for the IoT device are provided in the RADIUS response to the packet gateway.

The IP allocation is very flexible:
  • Dynamic IP: The IoT device gets a new IP address from the pool at every connection.
  • Static IP: Assigning a specific IP address that stays the same.
  • Sticky IP: The IP address is allocated from the pool at the first connection, and then the IoT device keeps this IP address as a static IP configuration.

Note that with IoT CCS, mobile operators can assign the same IP address to a device also when it is localized by changing its SIM identity to belong to a partner MNO’s network. Learn more about the localization of eSIM/eUICC on our unified global connectivity page. This and consistent use of policies and security settings will provide a unified IoT experience across all partner networks.

Add Agility and Automation to Your IoT Connectivity Management

Usually, an IoT CSP’s mobile core and OSS/BSS teams prioritize stability before being fast on their feet, implementing every change requested by demanding customers. With IoT CCS, IoT CSPs can free themselves from these limitations. It gives them the freedom to innovate IoT services that were impossible to achieve in a strict 3GPP environment. IoT CSPs can easily tailor IoT connectivity services to the specific needs of different customer types.

The IoT CSP’s self-management portals, enabled by IoT CCS’s extensive APIs, allow their customers to control IP assignment, authentication, security, policies, and global connectivity from a single user interface.

Through their customer self-management portals, IoT CSPs can automate the setup of VPNs and do not have to deal with the work of creating a unique APN for each customer. The first deployments have shown that IoT CSPs can dramatically reduce their manual Enterprise VPN setup process from many weeks to just a few minutes. Instead of the manual setup working with the IoT CSP’s engineers, customers can easily create as many Enterprise VPNs as they need using the self-management portal. Learn more about how Swisscom is leveraging the Multitenancy Private APN to chase the long-tail of IoT customers.

The FortiGate next-gen firewalls included in IoT CCS protect the IoT traffic.

Access our IoT Resources Library

You will get access to download all our IoT-related collaterals including White Papers and Solution Briefs. You may also want to visit our insights section.

If you have any questions, please do not hesitate to contact us!



Enea IoT CCS in 2 min video

Enea IoT CCS Introduction

Get an overview of IoT CCS in just 2 minutes.


Enea Overview and use cases 28 min

Enea IoT CCS – Use Cases

This 28 min video will overview the groundbreaking IoT CCS service and show some example use cases for different market segments, including automotive, utilities, and the vast Small and Medium Enterprise (SME) market.

IoT Enterprise VPN automation
Automation of Enterprise VPNs

Get the complete picture of the award-winning Multitenancy Private APN functionality of Enea Aptilo IoT CCS in less than 5 min.

Cater to a Wide Variety of Enterprise IoT Use Cases

The concept of IoT connectivity management has changed. Providing a standard SIM card with roaming capabilities will not cut it anymore. IoT enterprise customers are much more diverse and demanding than you might imagine. Let us examine some example enterprise use cases that are very different in characteristics. These are anonymized cases from enterprise customers and customer discussions that our IoT CSP clients have had.

The use cases show how IoT CSPs can deliver the required functionality with a IoT Connectivity Control Function such as the Enea IoT CCS. The granular policy control delivered as a service makes it possible to create more advanced and innovative IoT services. The IoT CSP can also put the enterprise in the driver’s seat by implementing a self-service enabled by the IoT CCS API.


Automotive – Multiple VPN Connections and Advanced Routing

Automotive Multiple Enterprise VPNs is needed

A modern car is a hub of multiple IoT devices. These devices come from subcontractors of suspension, batteries, brakes, security systems, entertainment systems, and more. They need private connectivity for firmware upgrades, sensitive data, and predictive maintenance.

There’s a wide variety of different needs and use cases:

Car-2-car communication requires low latency. Upload of extensive real-time analytics requires high upstream data capacity. The download of software or passenger entertainment needs high downstream data capacity. They may also need geographical routing rules determined by device profile settings. Furthermore, there may be a need to have localized Internet. The service must be able to route the Internet traffic to the home country’s Internet breakout to enable users to, e.g., watch their local streaming content while abroad.

There’s a need to secure the transport of sensitive data, such as analytics, software upgrades, and data for predictive maintenance. The best way to secure this data is to establish connectivity through Enterprise VPN tunnels. The service provider must support a one-to-many VPN connectivity controlled by the car manufacturer so they can include their sub-contractors in their own secure global SD-WAN.

Car manufacturers also have high-security requirements, end-to-end security, DDoS protection, anomaly detection, etc.

Benefits of Hyperscale IoT Connectivity Management

Cellular IoT Connectivity Service Providers (IoT CSPs) and their enterprise customers will hugely benefit from a Hyperscale IoT connectivity management solution such as the Enea Aptilo IoT CCS. As you will find under the Enterprise benefits tab an average enterprise will save the equivalent of 27.8 percent of the cost of their global IoT connectivity.


Let’s start with stating the obvious. Using hyperscalers such as Amazon AWS makes an IoT connectivity management solution inherently scalable and global.

Now we will dig into how Enea IoT CCS helps IoT CSPs scale their value-added IoT services with profit.

IoT CSP Profit versus customer value


The matrix above shows two perspectives IoT CSPs need to consider when creating IoT connectivity management services. On the X-axis, we have the business value the IoT connectivity service brings to the enterprise IoT customer. On the Y-axis, you find the profit the IoT connectivity service brings to the operator.

IoT CSPs will end up in the bottom left corner If they just re-package an existing consumer service for IoT.

Most operators also add SIM-management and offer private connections on top of this. The keyword here is ‘most.’ They will deliver a commodity with little value-add. They will only compete on price, and the lowest bidder will replace them. These mobile operators are in the “churn zone” colored red in the matrix.

In the left half of the matrix, operators will only be able to create a profitable IoT business if they become the price and volume leader in their market.

The further you move towards the right, adding value-added services, the stickier customers become. Higher revenues come with value-added services such as Analytics, Managed Security, Global Connectivity, and Granular policies.

But, for most operators, the profit will not follow. Every new customer that needs value-added services becomes an expensive development project.

There’s only one way to scale value-added IoT services with high profit: to automate the customization as much as possible. Mobile operators should also add a web interface for customer self-management. Automation and self-management serve two purposes. First, they will get a lower cost of operation. Second, customers will be less price-sensitive, as the service feels like their own when integrated with their business processes.

So, the green zone, which we call the high-profit zone, is where you want to be as an IoT CSP. The question is if even a dedicated mobile core for IoT and your current organizational processes will take you there? One of Enea’s mobile operator customers answered no to that question. And so, the award-winning Enea IoT CCS was born.


Automation is Key for a Profitable IoT Service

Basic IoT service or fully cusomized


As discussed initially, most IoT CSPs offer basic IoT connectivity management. The next step up is a customized IoT connectivity service. With each customer deployment carried out as a costly project, operators are missing out on a mass market with customers prepared to pay for value-added services but not for bespoke development.

What’s more, many bespoke deployments are very similar, which shows the potential to deliver those projects more cost-effectively.

Automation is key to scale IoT


This is where Enea IoT CCS comes in.

We believe there is enormous potential in stopping making customizations as soon as a customer wants something beyond a standard service.

With a IoT Connectivity Control Function (ICCF), such as IoT CCS, it is easy to be agile and create new value-added services that fit multiple customers. As a result, it will be possible to move the bulk of customization projects to a scalable IoT service instantly deployed to any customer. This is an auto-customization approach where the customer can make the last few customization steps themselves and maintain the service through self-management.

Just the automation of Enterprise VPNs and only having to handle one APN to serve all customers is reasons enough to go with a IoT connectivity management solution. Such a solution will free up resources to do bespoke developments for the very few who need it. But IoT CCS is also relevant for custom development. The logic and security part of a bespoke project can also benefit from being handled in the cloud. It is faster to deploy new server or firewall nodes, and operations can isolate and tailor specific nodes for the customer if needed.


The Bottom Line

Enterprise IoT customers’ needs are diverse and demanding. It is not just a matter of adding IoT SIM-management capabilities to an existing mobile core.

Mobile operators must deliver a programmable and secure global IoT connectivity management solution that they can deploy instantly. To achieve this, they need to think outside the limitations of their current mobile core and organizational processes.

Mobile operators must add a hyperscale programmable layer for cellular IoT connectivity control. This is what Enea IoT Connectivity Control Service™ (IoT CCS) offers as an OPEX-based pay-as-you-grow service, hosted on AWS.

IoT Insights

We have collected all our insights in one place. Here you will find articles, blog posts, videos, white papers, and more. If you want to explore all Enea-related insights, you can just reset the filter.

IoT Insights