IoT Connectivity and Security

Cellular IoT Programmable Connectivity

Leave your Mobile Core untouched and create stunning cellular IoT connectivity services

Download our white paper – Hyperscale Cellular IoT

Programmable Layer of Policy, Security & Automation

Cellular IoT Connectivity Management Re-invented

The Enea Aptilo IoT Connectivity Control Service™ (IoT CCS) introduces a new solution category that has never been seen before—a hyperscale programmable layer for cellular IoT connectivity control, security, and automation. It is delivered as a unique instance per mobile operator, hosted on Amazon AWS.

With Aptilo IoT CCS, mobile operators can innovate from the cloud and create new IoT connectivity services previously considered unthinkable. They can do so instantaneously and for a fraction of the alternative cost with our pay-as-you-grow service model.

A Disruptor in IoT Connectivity Management

Layers in a hyperscale cellular-IoT connectivity management solution

Most mobile operators (MNOs) and Virtual Mobile Operators (MVNOs) offer basic IoT connectivity management where customers can manage their own SIM cards. The next step up, where MNOs and MVNOs become IoT Connectivity Service Providers (IoT CSP), often requires a completely customized IoT connectivity service. Each customer deployment becomes a costly project with extensive manual configuration efforts. IoT CSPs are missing out on a mass-market with customers prepared to pay for value-added services but not bespoke development.

We suggest that IoT CSPs leave their core networks untouched and use hyperscalers to add a programmable, flexible layer of IoT security and policy control on top of their mobile infrastructure. Here they can automate most of the customization efforts. Through self-management portals, they can allow customers to tailor connectivity policies and manage IoT security settings.

Delivering a private APN with an enterprise VPN is normally a tedious process for both the service provider and their enterprise customers, which can take weeks to complete.
With Enea Aptilo IoT CCS, we can automate the delivery of VPNs for private APNs through a customer self-service portal.

Philipp Rimli, Product Manager Swisscom.

Welcome to Enea Aptilo IoT Connectivity Control Service™ (IoT CCS), an award-winning service in partnership with Fortinet and hosted on Amazon AWS. IoT CSPs can go beyond traditional IoT connectivity services by providing a programmable, automated, secure, flexible, and scalable global IoT connectivity.

With the unique Multitenancy Private APN, described in detail below, operators can allow IoT customers to create as many Enterprise Virtual Private Networks (VPN) they need in a matter of minutes compared to the weeks it can take with manual setup. The FortiGate next-gen firewalls included in IoT CCS protect the IoT traffic. Learn more about how Swisscom is leveraging the Multitenancy Private APN to chase the long-tail of IoT customers.

Continue read below to find out how an average enterprise can save the equivalent of nearly 28 percent of their cost of global IoT connectivity, if they choose an IoT CSP that have taken a hyperscale approach.

The industry has recognized the benefits of IoT CCS, our hyperscale IoT connectivity management solution. So far, we have been finalists for 11 awards and selected winner for 7 of them. Enea Aptilo IoT CCS is genuinely an award-winning IoT connectivity management service.

The key in this category was to bring real innovation in the market, and this is what Enea does. One jury member liked the fact that Aptilo IoT CCS addresses a real problem for mobile operators, enabling them to profitably launch IoT services while meeting the needs of enterprise customers, and another member said it had hyperscale potential.

Matt Hatton – Transforma Insights

Presenting the Jury’s motivation at the 2021 WCA IoT Innovation Award

Enea's IoT connectivity management solution - Aptilo IoT Connectivity Control Service - has won seven industry awards

Hyperscale Cellular IoT Connectivity Management Platform

Enea Aptilo IoT CCS Hyperscale Cellular IoT Connectivity Management Architecture


IoT CCS has the following integration interfaces towards operator core and OSS/BSS:


  • Traffic plane: Operators only have to extend one standard APN via IPsec to Aptilo IoT CCS in the cloud.
  • Control plane: We use a standard 3GPP Gi/SGi/N6 interface for signaling.
  • Integration: IoT CCS integrates through REST API towards the operator’s customer self-service application and other OSS/BSS systems, e.g., to provide analytics data, create secure private connections (Private APN) and assign the device’s IP address.
  • Global Connectivity: Partner MNOs and global connectivity services such as those included in Ericsson IoT Accelerator can be easily connected to IoT CCS.


Add Agility to Your IoT Connectivity Management

Usually, an IoT CSP’s mobile core and OSS/BSS teams prioritize stability before being fast on their feet, implementing every change requested by demanding customers. With IoT CCS, IoT CSPs can free themselves from these limitations. It gives them the freedom to innovate IoT services that were impossible to achieve in a strict 3GPP environment. IoT CSPs can easily tailor IoT connectivity services to the specific needs of different customer types.

IoT CSPs typically offer Private APNs to their IoT enterprise customers, with the traffic terminated in an Enterprise VPN. With IoT CCS, they can take things one step further by providing a Multitenancy Private APN.

  • Private, because Enea uses one or several Enterprise VPNs between IoT CCS and the enterprise network.
  • Multitenancy, because IoT CSPs only need to extend one APN to IoT CCS to serve all customers with a Private APN.

The operator sends the IoT traffic to IoT CCS through one secure IPsec tunnel, and then IoT CCS route the traffic to multiple customers through individual secure Enterprise VPNs. The IoT CSP must only provide a standard Gi/SGi/N6 signaling interface to enable IoT CCS to act as the “mobile core” for IoT.


Add Automation to Your IoT Connectivity Management

The IoT CSP’s self-management portals, enabled by IoT CCS’s extensive APIs, allow their customers to control IP assignment, authentication, security, policies, and global connectivity from a single user interface.

Through their customer self-management portals, IoT CSPs can automate the setup of VPNs and do not have to deal with the work of creating a unique APN for each customer. The first deployments have shown that IoT CSPs can dramatically reduce their manual Enterprise VPN setup process from many weeks to just a few minutes. Instead of the manual setup working with the IoT CSP’s engineers, customers can easily create as many Enterprise VPNs as they need using the self-management portal.

Access our IoT Resources Library

You will get access to download all our IoT-related collaterals including White Papers and Solution Briefs. You may also want to visit our insights section.

If you have any questions, please do not hesitate to contact us!



2 min overview Enea Aptilo IoT CCS re-inventing Cellular IoT Connectivity Management

Enea Aptilo IoT CCS Introduction

Get an overview of IoT CCS in just 2 minutes.


IoT CCS overview and enterprise use cases

Enea Aptilo IoT CCS – Use Cases

This 28 min video will overview the groundbreaking IoT CCS service and show some example use cases for different market segments, including automotive, utilities, and the vast Small and Medium Enterprise (SME) market.

Automation of Enterprise VPNs for Private APN setup in cellular IoT
Automation of Enterprise VPNs

Get the complete picture of the award-winning Multitenancy Private APN functionality of Enea Aptilo IoT CCS in less than 5 min.

Deliver a Global Secure SD-WAN Rather Than a Private APN

With IoT CCS, the IoT CSP can offer a private, secure global SD-WAN to each enterprise customer rather than a Private APN. Enterprise IoT customers can also include trusted partner companies in this secure SD-WAN. This would be impossible to achieve with the standard 3GPP mobile core.

The bottom line, IoT CSPs can create “sticky” services and differentiate themselves from the competition.

IoT devices that are roaming through partner networks are, of course, also included in this SD-WAN. IoT CSPs can add international MNO partners or the global connectivity hub functionality offered by, e.g., Ericsson IoT Accelerator, to their IoT CCS instance.

Localization of eSIMs is necessary for global IoT connectivity since some countries prohibit permanent roaming, and, in some markets, it is impossible for commercial reasons. IoT CSPs can localize eSIM over the air to provide global connectivity with local subscriptions. But, a localized eSIM may trigger customer churn as the control is moved to the local operator. Here IoT CCS comes to the rescue; since the IoT CSP routes all IoT traffic back to IoT CCS, the IoT CSP stays in control even when an eSIM is localized.

The IoT CSP can provide policy-based local breakout by spinning up an IoT CCS instance wherever AWS is available. Their enterprise customers can maintain settings such as IP addresses, policies, and security over partner networks. IoT CCS enables IoT CSPs to offer a unified IoT service across these global cellular networks.

Enea Aptilo IoT CCS enables a Global secure IoT SD-WAN

Offer Managed Security

With IoT CCS, operators will provide managed IoT security to their business customers. Each enterprise IoT customer will get FortiGate, a next-generation firewall from Fortinet, to protect their devices with the settings and policies they need. It protects the IoT traffic both in the Enterprise VPNs and through the open Internet, which is crucial for the vast SME market that may not be able to configure VPNs. Explore more.

IoT Security

Cater to a Wide Variety of Enterprise IoT Use Cases

The concept of IoT connectivity management has changed. Providing a standard SIM card with roaming capabilities will not cut it anymore. IoT enterprise customers are much more diverse and demanding than you might imagine. Let us examine some example enterprise use cases that are very different in characteristics. These are anonymized cases from enterprise customers and customer discussions that our IoT CSP clients have had.

The use cases show how IoT CSPs can deliver the required functionality with a hyperscale connectivity control solution such as the Enea Aptilo IoT CCS. The granular policy control delivered as a service makes it possible to create more advanced and innovative IoT services. The IoT CSP can also put the enterprise in the driver’s seat by implementing a self-service.


Automotive – Multiple VPN Connections and Advanced Routing

Automotive Multiple Enterprise VPNs is needed

A modern car is a hub of multiple IoT devices. These devices come from subcontractors of suspension, batteries, brakes, security systems, entertainment systems, and more. They need private connectivity for firmware upgrades, sensitive data, and predictive maintenance.

There’s a wide variety of different needs and use cases:

Car-2-car communication requires low latency. Upload of extensive real-time analytics requires high upstream data capacity. The download of software or passenger entertainment needs high downstream data capacity. They may also need geographical routing rules determined by device profile settings. Furthermore, there may be a need to have localized Internet. The service must be able to route the Internet traffic to the home country’s Internet breakout to enable users to, e.g., watch their local streaming content while abroad.

There’s a need to secure the transport of sensitive data, such as analytics, software upgrades, and data for predictive maintenance. The best way to secure this data is to establish connectivity through Enterprise VPN tunnels. The service provider must support a one-to-many VPN connectivity controlled by the car manufacturer so they can include their sub-contractors in their own secure SD-WAN.

Car manufacturers also have high-security requirements, end-to-end security, DDoS protection, anomaly detection, etc.

Benefits of Hyperscale IoT Connectivity Management

Cellular IoT Connectivity Service Providers and their enterprise customers will hugely benefit from a Hyperscale IoT connectivity management solution such as the Enea Aptilo IoT CCS. As you will find under the Enterprise benefits tab an average enterprise will save the equivalent of 27.8 percent of the cost of their global IoT connectivity.


Let’s start with stating the obvious. Using hyperscalers such as Amazon AWS makes an IoT connectivity management solution inherently scalable and global.

Now we will dig into how Enea Aptilo IoT CCS helps IoT CSPs scale their value-added IoT services with profit.

IoT CSP Profit versus customer value


The matrix above shows two perspectives IoT CSPs need to consider when creating IoT connectivity management services. On the X-axis, we have the business value the IoT connectivity service brings to the enterprise IoT customer. On the Y-axis, you find the profit the IoT connectivity service brings to the operator.

Mobile operators will end up in the bottom left corner If they just re-package an existing consumer service for IoT.

Most operators also add SIM-management and offer private connections on top of this. The keyword here is ‘most.’ They will deliver a commodity with little value-add. They will only compete on price, and the lowest bidder will replace them. These mobile operators are in the “churn zone” colored red in the matrix.

In the left half of the matrix, operators will only be able to create a profitable IoT business if they become the price and volume leader in their market.

The further you move towards the right, adding value-added services, the stickier customers become. Higher revenues come with value-added services such as Analytics, Managed Security, Global Connectivity, and Granular policies.

But, for most operators, the profit will not follow. Every new customer that needs value-added services becomes an expensive development project.

There’s only one way to scale value-added IoT services with high profit: to automate the customization as much as possible. Mobile operators should also add a web interface for customer self-management. Automation and self-management serve two purposes. First, they will get a lower cost of operation. Second, customers will be less price-sensitive, as the service feels like their own when integrated with their business processes.

So, the green zone, which we call the high-profit zone, is where you want to be as an IoT CSP. The question is if even a dedicated mobile core for IoT and your current organizational processes will take you there? One of Enea’s mobile operator customers answered no to that question. And so, the Enea Aptilo IoT CCS was born.


Automation is Key for a Profitable IoT Service

Basic IoT service or fully cusomized


As discussed initially, most IoT CSPs offer basic IoT connectivity management. The next step up is a customized IoT connectivity service. With each customer deployment carried out as a costly project, operators are missing out on a mass market with customers prepared to pay for value-added services but not for bespoke development.

What’s more, many bespoke deployments are very similar, which shows the potential to deliver those projects more cost-effectively.

Automation is key to scale IoT


This is where Enea Aptilo IoT CCS comes in.

We believe there is enormous potential in stopping making customizations as soon as a customer wants something beyond a standard service.

With a hyperscale IoT connectivity management solution, such as IoT CCS, it is easy to be agile and create new value-added services that fit multiple customers. As a result, it will be possible to move the bulk of customization projects to a scalable IoT service instantly deployed to any customer. This is an auto-customization approach where the customer can make the last few customization steps themselves and maintain the service through self-management.

Just the automation of Enterprise VPNs and only having to handle one APN to serve all customers is reasons enough to go with a hyperscale IoT connectivity management solution.

A hyperscale IoT connectivity management solution with automation features will free up resources to do bespoke developments for the very few who need it. But IoT CCS is also relevant for custom development. The logic and security part of a bespoke project can also benefit from being handled in the cloud. It is faster to deploy new server or firewall nodes, and operations can isolate and tailor specific nodes for the customer if needed.


The Bottom Line

Enterprise IoT customers’ needs are diverse and demanding. It is not just a matter of adding IoT SIM-management capabilities to an existing mobile core.

Mobile operators must deliver a programmable and secure global IoT connectivity management solution that they can deploy instantly. To achieve this, they need to think outside the limitations of their current mobile core and organizational processes.

Mobile operators must add a hyperscale programmable layer for cellular IoT connectivity management. This is what Enea Aptilo IoT Connectivity Control Service™ (IoT CCS) offers as an OPEX-based pay-as-you-grow service, hosted on AWS.

Enea Aptilo IoT CCS - Hyperscale Cellular IoT Connectivity Management
IoT Insights

We have collected all our insights in one place. Here you will find articles, blog posts, videos, white papers, and more. If you want to explore all Enea-related insights, you can just reset the filter.

IoT Insights