The executive risk view
IoT fleets still traverse public networks, flat VPNs and exposed IPs. That increases lateral-movement risk and leaves third-party access hard to audit. Under NIS2, leaders are expected to adopt zero-trust principles, network segmentation, and strong identity & access management as part of risk-management measures. Translation: move from network trust to per-session, least-privilege access, without exposing devices to the internet.
IXT’s approach: Zero Trust delivered at the SIM + network edge
-
Remove attack surface: Devices and apps are not internet-exposed; no open VPN gateways. Traffic is inspected and enforced before reaching your systems.
-
Least privilege by design: Per-session, per-app access aligned with NIST SP 800-207 zero-trust tenets.
-
Prevent lateral movement: Built-in segmentation and app-specific paths, not broad “inside the tunnel = trusted.”
-
Operational control: Approve only the flows devices need (e.g., MQTT/OCPP to defined FQDNs) and grant time-bound privileged remote access to a single device/session, making it auditable.
SecureNet baseline
(what’s under the hood)
Private APN/DNN with logical isolation and public internet blocked by default; peer-to-peer disabled unless explicitly allowed. Dual IPsec/BGP options and cloud connect to AWS/Azure/GCP. Redundant DNS/NTP provided.
Business outcomes
for CTO/CIO and other decision-makers
-
Lower risk exposure: No inbound exposure; zero-trust enforcement at the edge.
-
NIS2-ready posture: Zero-trust, segmentation, IAM mapped to EU expectations and ENISA technical guidance.
-
Controllable third-party access: Scoped, monitored, and time-boxed. No broad VPN access to your private network.
-
Faster rollouts: SIMs activate into a secure posture; policies managed centrally via the CMP.
