Product & Engineering

SASE on SIM for Private 5G: Expanding Zero Trust, Clientless Connectivity Over Mobile Networks

Since the beginning of the decade, Versa saw the growing demand for secure, flexible, and always-on connectivity and launched our SASE on SIM solution as a response. Since then, continued need has driven the adoption of 5G networks that deliver high performance, low latency, and scalable coverage across diverse environments. By deploying Versa SASE on SIM for 5G*, organizations can achieve secure, clientless connectivity that extends Zero Trust protection and performance to every user, device, and application from anywhere. Versa supports a variety of Private and Public 5G deployment options designed for enterprises needing modern, policy-driven access without the complexity of traditional network clients and VPN connectivity.

*Note that Versa SASE on SIM is also available for 4G and other mobile networks. This blog focuses on 5G for simplicity.

Top Benefits of SASE on SIM

Previous blogs have detailed the advantages of extending Zero Trust for mobile and IoT devices with SASE on SIM. As a recap, here are the primary benefits of SASE on SIM.

1. Clientless Connectivity
   One of its greatest benefits and use cases, Versa SASE on SIM uses the SIM as an identifier, allows seamless connectivity to corporate resources without requiring additional software like VPN clients. This ensures secure access for devices that cannot support a client, such as most Internet of Things (IoT) and Operational Technology (OT) devices with limited or no resources to run clients. In cases such as BYOD, it offers a seamless, transparent experience without users having to install clients, login or go through portals. SASE on SIM’s clientless support makes deployment across distributed endpoints such as field devices, IoT sensors, and mobile workforces fast, secure, and maintenance-free.
   
   
2. Improved Device Efficiency and Battery Life
   Since SASE on SIM is both clientless and tunnel-less, it reduces maintenance costs stemming from agent-related support like IT personnel for troubleshooting. Devices send less data with SASE on SIM, prolonging battery life and reducing on-site maintenance costs.
   
   
3. Tunnel-less Scalability
   SASE on SIM’s tunnel-less connectivity eliminates the need and associated costs of supporting tunnel establishment at scale, such as VPN concentrators. This simplifies architectures and removes bottlenecks.
    
4. Cost Savings for Mobile Network Operators (MNOs)
   For mobile network operators (MNOs), SASE on SIM introduces several cost efficiencies. Reduced data usage and faster connection time means those data allocations can be used for other services.
   
   
5. Enhanced Zero Trust Security
   SASE on SIM applies consistent Zero Trust Network Access (ZTNA), threat prevention, and policy enforcement using the International Mobile Subscriber Identity (IMSI) of a SIM-based device as the identifier. Every device connecting through the network can be automatically authenticated, secured, and assigned the right access level.

Why Extend SASE on SIM to 5G Networks?

Many SIM-based devices already run off cellular networks, making SASE on SIM for 5G a natural extension. For organizations operating in environments that demand ultra-low latency and high reliability, 5G and private 5G provide clear advantages. Private 5G further empowers organizations with full control and flexibility over their network environments, enabling more secure, reliable, and efficient connectivity.

Advantage of 5G:

• Better Time Sensitivity – 5G’s low-latency architecture ensures near-instant responsiveness, critical for applications such as industrial automation, healthcare monitoring, and real-time analytics.
• Improved Penetration and Coverage – Compared to Wifi, 5G’s ability to penetrate dense materials like concrete and metal enables more consistent connectivity in challenging environments such as factories, warehouses, and campuses.
• Seamless Transitions – Unlike Wifi, transitioning from public and private is seamless.

Advantages of Private 5G:

• Complete security control – Custom security policies enable stronger protection and greater control over data access.
• Network segmentation and data isolation –Granular segmentation capabilities isolate sensitive assets and strengthen overall security posture.
• Faster rollout – Dedicated, self-managed infrastructure allows for accelerated deployment timelines.
• Consistent performance with dedicated resources – Isolation from public networks ensure consistent performance with no risk of congestion or interference.

Whether an enterprise chooses a public 5G service or a dedicated private 5G network, Versa’s platform ensures security posture and policy enforcement, delivering consistent experiences across all connection types.

Deploying SASE on SIM for 5G with Versa

5G deployments are generally categorized into public and private networks, each offering distinct connectivity and control requirements. Versa supports both, offering flexible deployment options that allow enterprises to extend SASE on SIM for 5G to use a carrier’s public network, a private network offered by a carrier, or a completely enterprise-owned network. In each case, SASE on SIM for 5G maintains consistent security, policy enforcement, and performance for devices. Details and diagrams for each deployment option are as follows.

Public 5G
Ideal for distributed users or IoT devices that need secure, nationwide coverage, Versa’s SASE on SIM integrates seamlessly with major carriers to extend Zero Trust protection to public 5G connections.

Figure 1. SASE on SIM over public 5G

A – Mobile/IoT devices connect to the MNO’s public 5G network. The MNO can host devices from multiple organizations
B – The Versa SASE Gateway acts as a multi-tenant gateway; traffic from different organizations are segregated and their respective ZTNA policies applied.
C – A single, flat tunnel carries traffic for all devices going to the organization. In contrast to per-device tunnels, this architecture increases scalability and decreases cost.

Private 5G Offered by Mobile Network Operators (MNOs)
For enterprises that prefer managed private 5G networks, Versa partners with mobile network operators (MNOs) to provide secure connectivity tailored to organizational needs.

Figure 2. SASE on SIM over Private 5G, hosted by the MNO

A – MNO SD-WAN is used for the MNO control and management traffic. Multi-tenancy separates traffic for each enterprise tenant. 
B – MNO’s UPF/SMF functions can be hosted on Versa’s Universal CPE (uCPE) located at the branch site.
C – Enterprise SD-WAN can be managed directly by the enterprise or by a service provider as managed service

Private Enterprise-Owned 5G
Organizations who manage their own 5G infrastructure can deploy Versa SASE on SIM while maintaining full control of data, performance, and security. Versa’s SASE framework overlays Zero Trust and unified policy management across the enterprise-owned 5G network.

Figure 3a. SASE on SIM over Private 5G, hosted by the enterprise

A – Local Versa gateway enforces ZTNA policies at the branch.
B – Enterprise-hosted UPF/SMF functions can be hosted on Versa’s Universal CPE (uCPE) located at the branch site.
C – Enterprise-hosted AMF/PCF functions typically hosted at the enterprise DC.

This deployment can be further broken down into a fully-contained 5G deployment within a branch. Here, the 5G control plane is fully hosted on the enterprise branch instead of at the enterprise datacenter.

Figure 3b. Fully contained version of SASE on SIM over Private 5G, hosted by the enterprise

A – In this variation, all 5G core network functions (UPF, SMF, AMF, and PCF) are hosted locally at the branch. These functions can be hosted on Versa’s Universal CPE (uCPE)

By extending Versa SASE on SIM into 5G environments, enterprises can achieve modern, clientless connectivity across their organization, combining Zero Trust security, simplified management, and seamless mobility in one unified platform. Whether operating on public or private 5G, Versa enables secure, policy-driven access for every user, device, and location without the complexity of traditional network clients or appliances.

To learn how Versa’s SASE on SIM enables secure, clientless connectivity, download our eBook.

Ready to extend Zero Trust to your 5G network? Reach out to a Versa representative.