Industry Insights

Beyond the Agent: How Versa’s Patented SASE-on-SIM Enables Zero Trust for Mobile and IoT Devices

In today’s hyper-connected world, securing devices that can’t run traditional security clients – think IoT sensors, mobile point-of-sale terminals, ruggedized field devices, and even smartphones – is one of the biggest challenges enterprise CISOs face in delivering Zero Trust access uniformly and seamlessly across all endpoints. The explosion of SIM-enabled devices across industries has made this challenge both more urgent and more complex.

That’s why we developed our SASE-on-SIM technology – a breakthrough approach that brings Zero Trust enforcement directly into the mobile network, without requiring any software agent on the device. And it’s not just a first in the market – it’s patented!

The problem with agent-based security

Most Zero Trust solutions rely on a client or agent installed on the device. But what happens when we confront scenarios and practical challenges like:

• A device can’t support an agent, like an IoT sensor or power meter
• A device shouldn’t support an agent, like shared field tablets or BYOD devices
• Low-power IoT sensors consume significant battery power when establishing secure tunnels
• A large number of devices necessitates substantial VPN infrastructure to support the required secure tunnels, leading to increased costs
• Managing agents across multiple operating systems presents a significant challenge, and the agents themselves can introduce security vulnerabilities
• Agent-based secure connections consume considerable radio network bandwidth and maintain prolonged sessions, even when transmitting minimal data

The above is where most legacy architectures break down. If your Zero Trust model assumes the presence of a client, your security perimeter is inherently incomplete. Additionally, keep in mind that for those devices that do support agents, the management overhead of deploying, upgrading, and maintaining the agents is expensive and time-consuming.

Agentless identity, access, and policy – It’s all in the network

Versa’s SASE-on-SIM innovation flips the model by using the mobile network itself as the identity and enforcement layer. By leveraging SIM-based identifiers such as IMSI, MSISDN, and IMEI – combined with IP context – we enable real-time policy enforcement in a fully agentless, Zero Trust manner.

With minimal integration into mobile network infrastructure (e.g., GGSN/PGW/UPF, OAM system), Versa ingests identity attributes during mobile session establishment. From there, our VersaONE Universal SASE Platform can apply:

• Conditional access policies
• Segmentation rules
• Traffic inspection and threat prevention
• Visibility and audit trails

All without ever touching the endpoint!

Patented innovation: Advancing the industry, protecting our partners

Versa’s unique approach is now protected by multiple U.S. patents, including:

• U.S. Patent No. 11,812,520 covers methods for passing SIM/User-ID and IP address data from mobile networks into a SASE domain, including the use of RADIUS accounting messages to tie mobile identity to enterprise policy enforcement.
• U.S. Patent No. 11,622,313 protects mechanisms for dynamically transitioning devices between clientless and client-based modes, thus enabling maximum flexibility for mixed fleets.

While the underlying innovation solves a real problem and advances the industry, these patents also ensure that our customers and service provider partners can build and deploy carrier-integrated, Zero Trust architectures with full confidence and without IP risk from imitators in the market.

These security innovations were spearheaded by a trio of Versa’s most creative technical minds who brought to the table deep domain expertise in mobile network architectures and a history of experience leading mobile core network and IoT product innovation at places like Juniper Networks, Cisco, and Alcatel-Lucent. The team leaders included Apurva Mehta, Versa’s co-founder and CTO; Rahul Vaidya, who leads product management in this area; and Chitresh Yadav, currently head of sales engineering and formerly head of Versa’s R&D lab.

We also have multiple additional filings pending, covering expanded use cases in both mobile and fixed-access scenarios.

Real-world use cases

This innovation isn’t theoretical – it’s already being adopted by forward-looking operators and enterprises for various uses, including:

• Industry & Smart Cities: Securing remote sensors and control systems that sit outside IT’s direct control
• Retail & Payments: Enabling Zero Trust for mobile PoS terminals over 4G/5G, with no local software
• Defense & First Responders: Enforcing identity-based access on ruggedized tablets in field operations
• BYOD & Contractor Management: Applying differentiated access policies based on SIM identity, even without MDM enrollment
• Mobile Network Isolation: A low-cost alternative for a Private APN gateway allowing enterprises to create a secure, isolated mobile data network over the carrier’s infrastructure

What’s next: Expanding the edge of Zero Trust

With the rise of AI, edge workloads, and sovereign cloud deployments, securing unmanaged endpoints is more critical than ever. Versa SASE-on-SIM extends Zero Trust to where it’s never gone before – directly into the SIM and the network itself.

We’re proud to lead this innovation in close collaboration with global operators and remain committed to advancing the IP, standards, and architecture behind this new frontier in secure connectivity.

Learn more about how Versa is redefining the boundaries of Zero Trust with SASE-on-SIM:

Contact us to schedule a technical briefing

Explore the VersaONE Universal SASE Platform

Follow us on LinkedIn for the latest innovation updates