How to secure your IoT cloud services

Device security alone isn’t enough for the IoT. The IoT attack surface stretches from the device, through the network, to the cloud services that host data and processing. Your business faces the constant threat of cyberattack. To protect its reputation, revenues and customers, end-to-end on-SIM security secures the IoT from the SIM to the cloud.  

Top 3 takeaways on securing IoT cloud services 

1. IoT security must extend from the device, through network connections, to cloud services 
2. On-SIM security from SIM to cloud reduces risk and simplifies manufacturing, deployment and management processes  
3. Assess your approach against a security framework that considers people and processes as well as hardware and software. 

The threat to IoT cloud services 

According to a 2025 Cloud Security Study from eSIM solution provider and Wireless Logic partner Thales, four of the top five most targeted assets by cyberattacks are cloud-based.  

This level of threat is not too surprising. The cloud provides easy access and retrieval from anywhere; it offers disaster recovery measures that include backup and controls. Businesses that use the cloud minimise their capital investment and maintenance costs of hardware and infrastructure. They can scale their solutions rapidly to be more agile.  

For these, and many other reasons, companies rely increasingly on the cloud and it has a central role to play in the IoT. Unfortunately, this makes cloud services a target for those out to profit from data, particularly high-value sensitive data. Thales’ study reveals that over half (54%) of data in the cloud is sensitive yet despite this, fewer than one in ten (8%) of the survey’s respondents encrypt 80%+ of their cloud data.  

Encryption is one security measure your business can adopt to help protect your IoT data, but let’s start at the beginning – with the device and the SIM - and assess IoT security from start to finish. 

The role of the SIM in IoT security 

IoT devices are unmanned, the exception being during initial installation and remote access, at other times they generally connect to the network autonomously but must still be authenticated. For the network, that happens at the level of the SIM, through an embedded security key that the mobile network uses to authenticate that SIM for that device. 

IoT SAFE (SIM Applet For Secure End-to-End Communication) is an emerging standard which goes beyond SIM-based authentication (with the network) and enables IoT devices to use certificate-based authentication (with the cloud). This is essentially the same authentication we use to access our cloud-based IT services and in the payment industries. In other words field proven, globally scalable and successful PKI-based methods. 

Security comes down to people and processes, just as much as it does software and devices. Hosting security credentials on the SIM cuts down points of contact with credentials and also makes for simpler manufacturing and maintenance of those credentials (e.g certificate refresh) and therefore cost. Win-win. 

On-SIM security from SIM to cloud 

Storing credentials and authenticating through the SIM is a mature and well-proven approach that leverages decades of telecom security. With IoT SAFE, on-SIM security extends the root of trust beyond the cellular network to cloud-based services. 

By embedding cloud certificates directly in the SIM, organisations gain protection against: 

• Unauthorised access – device identity is verified at both the network and cloud level, preventing rogue devices from connecting.

• Device spoofing – keeping all key materials within the SIM significantly reduces opportunities for attackers to extract or emulate device credentials. 

• Credential misuse – storing identifiers exclusively in the SIM, rather than in device components or software, lowers the risk of compromise and helps prevent attackers from leveraging stolen keys for data exfiltration or extortion.

Removing the need for separate security components streamlines and simplifies manufacturing and maintenance to reduce the IoT device bill of materials and make solution rollout more convenient and scalable, particularly when it involves many thousands of devices.  

Protect every element of the IoT attack surface 

To secure the IoT, take an end-to-end approach. Think about all the links in the IoT chain – device, network, applications and the people and processes involved - and factor in security throughout. Ask yourself:   

• Are security certificates in place to establish identity (however you manage authentication)?  
• Should I use encrypted tunnels from device through to cloud (with secure private breakout to the internet if required)?
• Do I take a multi-layered scalable, resilient and secure private network approach?  
• Has my IoT solution provider got ISO 270001 certification (for reassurance its own operations are secure)?
• Have I assessed our practices against a comprehensive Security Framework model?  

The measures you adopt must work to protect your business and customers by ensuring the devices you deploy are the ones that end up accessing and altering your dataset.  

Take the next step 

IoT security requires effective device identification and authentication to the networks and services that devices access. By securing the IoT from the SIM to the cloud, you help protect your solutions from the cyberthreats they face. End-to-end on-SIM security reduces risk and simplifies manufacturing, deployment and management processes to boost efficiency and help contain costs. 

Conexa, Wireless Logic’s network for things, comes complete with award-winning Cloud Secure which uses on-SIM technology for zero-touch onboarding of devices to cloud services. To find out more, take a look at Conexa or contact us to discuss. 

Frequently Asked Questions 

Why is IoT cloud service security important?  

Companies rely increasingly on the cloud and it has a central role to play in the IoT. This makes cloud services a target for those out to profit from data, particularly high-value sensitive data. According to a Thales study, four of the top five most targeted assets by cyberattacks are cloud-based.  

How can I minimise IoT cybersecurity risks? 

Factor in security end-to-end from device, through network connectivity, to applications. Don’t forget about the people and processes involved – they matter just as much as hardware and software.  

How can I secure the IoT through a device’s lifetime? 

Ensure you have security certificates to establish identity, consider encrypted tunnels from device through to cloud (with secure private breakout to the internet if required) and a multi-layered scalable, resilient and secure private network approach. Check your IoT solutions provider has ISO 270001 certification and assess your practices against a comprehensive Security Framework model.