Welcome to the Hotel California: Is Your IoT Device Locked In?

By Ian Marsden, co-founder and CTO of Eseye

For IoT devices, mobile connectivity can be a lot like the Hotel California. As the famous lyric goes, ‘you can check in any time you like, but you can never leave’. And as the Internet of Things (IoT) matures, that’s becoming true of more and more access points to mobile networks, even some that are considered innovative.

At the heart of this lies the increasing need for IoT devices to roam. While many remain in their region of origin – in which case they might just about get by with a single local mobile network provider – plenty don’t. If an IoT device is sold in London but deployed in Sydney, any tied to a single provider will likely suffer lag due to distance, unless there’s some way of re-routing that data effectively. It may also be affected by outages at either the UK or the Australian telecoms provider, and all manner of other issues that not only compromises the user experience but also could directly impact revenue generation and operational service delivery.

Isn’t eUICC supposed to solve this problem?

The recent introduction of eUICC was a major step forward for consumer mobile device users because it gives them a way to change profiles on their devices without having to change the SIM itself. In theory, the same advantages should extend to IoT manufacturers and operators, but that’s not necessarily the case.

While manufacturers and IoT solution businesses can now build and despatch devices with eUICC functionality embedded in the board (previously referred to as eSIM), eUICC is not a form factor but a feature, which is used to manage the SIM profile(s) of the device. Crucially, it allows a user to change their SIM profile remotely using over the air (OTA) communications. Confusingly, however, the term eSIM is now often used to describe an embedded SIM and an eUICC SIM in the market.

So, for example, if a consumer buys a fitness band they can connect straight out of the box, because the eUICC functionality will allow them to choose their preferred mobile provider. The protocol to do this has been designed by the GSMA. This approach can be useful for consumers but does not meet the needs of large scale IoT deployments.

Whilst it will work well when adding a SIM card into an existing consumer family plan, the risks associated with transferring the service in an IoT device should not be underestimated. For example, if the network is not available there is a risk that a device will not work, which can result in a change to support and billing arrangements and any MNO enforced contract change could pose significant unexpected business risks.

For example, if a manufacturer is installing 10,000 vehicle charging points, it doesn’t know which will be installed in regions where permanent roaming is forbidden, and therefore need to be localised, which are installed at a site where single operator coverage is patchy or absent, or where the local network operator has suffered repeated outages, and so forth.

Thus, for enterprises, both standard embedded SIM technology and eUICC are like the Hotel California because whilst checking in is usually pretty easy, checking out to change providers (for example in response to outages, export or roaming needs) can be virtually impossible.

If not eUICC, then what?

If the standard consumer model, where the device is locked into a single (albeit consciously selected) telecoms provider via a contract won’t scale up for enterprises, then what’s the solution?

For a start, roaming won’t necessarily help. In many regions, regulations from governments and/or MNOs do not allow roaming beyond a certain period of time (usually 3 months).

A local connection, if available, is inherently preferable to a roaming connection, particularly for static devices as a localised connection has improved latency and is reliant on fewer network elements. This becomes increasingly relevant as data consumption and bandwidth increases. It can also ensure compliance with local data sovereignty requirements, while reducing any exposure. So, if an IoT device remains within one of those regions after that point, then the usual response is to select another local provider on a contracted basis. Another Hotel California.

For IoT devices to work properly, they need a mobile network that is managed specifically to prioritise IoT device requirements, which means the network provider is constantly looking for the best connection and remotely pushing it to the device, rather than the device manager or user (who is unlikely to be a telecoms expert) having to find and engage the network.

Of course, the OTA functionality of eUICC can be part of this, but it’s the prompt and proactive profile pushing and switching in response to an outage or anticipated outage, local regulations, signal quality and varying locations that makes the difference.

Switching between individual networks using eUICC profiles is just too slow and cumbersome to be effective for enterprises. Whilst it is important to be eUICC compliant, having the ability to switch between IMSIs (International Mobile Subscriber Identity) centrally over the network is far more effective for enterprise deployments. Some companies are developing their own eUICC SIM cards, which contain multiple Tier 1 MNO bootstraps and profiles (multi-IMSI). By dynamically selecting the right profile and automatically switching between different service providers over the air the highest levels of availability can be achieved. A single global bootstrap would be unable to provide global coverage across all networks, thereby increasing the risk that some devices would be unable to connect on deployment.

This advanced network connectivity management technology also allows the use of just one SKU to deliver embedded, out-of-the-box, universal, secure and constant cellular connectivity – worldwide.

The mobile communications landscape is constantly changing and set for further transformation as the proliferation of IoT continues. In the future, a more business-focused standard for eUICC may emerge. But until then, the substantial variations in connectivity, roaming capability and regulation make it imperative for IoT devices to switch profiles either locally or OTA, in response to dynamic changes and challenges.

In other words, it’s only with a dynamic, optimised and future-proofed managed network connectivity service that IoT devices can realistically both check out of – and leave – the Hotel California any time they like, and find a better place to stay.