Watch on YouTube
Watch on Vimeo
The OneLayer presentation at Mobility Field Day 14 focuses on the transition from traditional SIM-based authentication to a comprehensive zero-trust device onboarding and segmentation model for private cellular networks. While standard cellular security only authenticates the subscriber’s SIM card, OneLayer’s “zero-trust onboarding” process ensures that the actual device and its security posture are validated before gaining network access. This is achieved by initially placing new devices onto a staging APN–a restricted VLAN with no external access–where OneLayer can fingerprint the hardware and any equipment connected behind it. After verifying the device’s identity and posture through integrations with enterprise tools like ServiceNow or MDM solutions, the system dynamically assigns a new profile in the cellular core, triggering the device to reattach to the appropriate production APN.
OneLayer significantly reduces the operational burden of managing large-scale deployments by automating what is typically a manual, multi-step process involving various IT teams. In one real-world utility use case, the manual onboarding of a single device took 27 minutes and required coordination across core, DHCP, and firewall administrators; OneLayer reduced this to a one-minute automated workflow triggered by a simple request form. This automation extends to complex security chains, such as in manufacturing, where the platform can validate a specific combination of a SIM card, a cellular router, and the non-cellular equipment (like an autonomous guided vehicle) attached to it. If any part of the chain is mismatched, access is denied, preventing unauthorized devices from exploiting the network even if they possess a valid SIM.
Beyond initial onboarding, OneLayer enables granular, per-device segmentation by dynamically updating firewall policies in real-time. Instead of relying on broad, static subnet rules for entire APNs, the platform identifies devices and groups them into dynamic objects within firewalls like Palo Alto Networks. This allows for precise access control based not only on what a device is but also on how it is behaving. If a device shows anomalous traffic patterns or undergoes an unexpected SIM swap, OneLayer can immediately update its enforcement status to quarantine the device. While the platform currently focuses on machine-level authentication–reflecting the historical design of cellular standards–it provides the framework to integrate higher-level user identity and posture checks into a unified enterprise security strategy.
Personnel: Ryan Matthews, Stephen Banda
Thank you for being part of the Tech Field Day community! Our mailing list is a great way to stay up to date on our events and technical content, and we appreciate your signup.
We promise that we’ll never spam you, send ads, or sell your information. This list will only be used to communicate with our community about our events and content. And we’ll limit it to no more than one message per week.
Although we only need your email address, it would be nice if you provided a little more information to help us get to know you better!
