IoT devices are booming across industries. By 2030, there will be 40 billion interconnected devices—from video surveillance cameras in cities, scanners and sorters in shipping and manufacturing, to robotic mowers maintaining solar farms. Increasingly, IoT devices are being connected through cellular networks. These devices are often connected to enterprise networks without fully considering the potential security risk they can pose.
This is why a zero trust network is a crucial foundation for securing IoT assets; equally important is secure zero-trust access to the network. Secure clientless remote access takes it to the next level.
The difficulty of securing IoT devices
Let’s start with some of the challenges of managing and securing IoT devices.
- Don’t support software clients or endpoint protection tools
- Aren’t regularly updated or patched
- Have default passwords that never get changed
- Are installed by OT teams or vendors, with limited cybersecurity expertise
Securing devices directly is challenging, so it’s essential to protect them at the core level: the network itself. That’s where zero trust network principles—“deny by default” and “only allow what’s explicitly approved”—serve as the foundation of security.
Once the IoT devices are on the zero trust network, companies are increasingly turning to third-party contractors to manage their IoT devices because they lack the necessary manpower or specialized technical expertise.
Historically, companies used a legacy VPN client to grant remote access to third-party contractors. VPN clients pose an increased security risk because contractors can move laterally once they are in the network. Additionally, malware that may be present on the contractor’s device can spread to the company network.
The solution to protecting these devices and granting third-party access is to replace legacy VPN clients with zero trust network access (ZTNA). A zero trust network denies by default and only allows what’s explicitly approved. This is the foundation of network security and enables zero trust secure remote access without lateral movement.
ZTNA: Secure, Policy-Based Remote Access
ZTNA represents a distinctly different approach to traditional remote access. Instead of giving broad access and trusting the user to “stay in their lane,” ZTNA enforces least-privilege, policy-defined access:
- Deny by default: No access unless explicitly granted
- Granular permissions: Access only to specific applications or devices
- No lateral movement: Even if compromised, access can’t be exploited
- Device isolation: Prevents malware on unmanaged devices from spreading to the internal network
In practice, this means an outsourced video surveillance contractor—let’s call her Vera—can be granted access to just the cameras and video management app, and nothing else. Vera can’t poke around in your smart parking meters, accounting system, or employee records—because the zero trust network won’t even let her see those resources.
Why remote clientless ZTNA changes the game
Here’s the real innovation: remote clientless ZTNA. It’s a feature of Ericsson Cradlepoint NetCloud ZTNA. Traditional ZTNA usually requires installing a client on the contractor’s or employee’s device. But if you’re outsourcing to a vendor, they may push back: “I don’t want to install your software on my laptop.”
NetCloud ZTNA is completely clientless and requires no software installation. The user accesses authorized resources via a secure, cloud-isolated portal. Behind the scenes, their sessions are isolated in temporary cloud containers, keeping any potential malware on the employee or contractors’ laptops safely away from your internal network.
They see only what they’re authorized to see, interact only with the devices they’re managing, and you keep full control and visibility.
Here’s how real companies are using ZTNA
Robotic Mowers for Solar Farms: A robotic mower company deploys connected mowers to mow grass around solar panel fields. Cellular connectivity is used for the robots and charging stations. The mowers communicate with private applications to get software updates and download mowing coordinates. Thanks to ZTNA, the company can securely access the robot mowers for status updates, maintenance and diagnostics.
Global Consulting Firm with Bring Your Own Device (BYOD) Model: A global consulting firm has over 200,000 employees who use their own laptops to access corporate web applications. Because IT doesn’t manage the employees’ laptops, instead of installing clients, they use clientless ZTNA for secure, role-based access to specific apps via an isolated portal. This also protects the company network from potential malware coming from the BYOD laptops.
Sorting Machine Services: A company that provides sorting services to recycling and agricultural companies has hundreds of global customers. With employees, contractors, and subcontractors working remotely and on-site, there was a need for secure remote access for monitoring and maintenance. With ZTNA, access is restricted by identity and policies, with all access tracked and auditable.
Why it matters
As companies scale up their use of connected IoT devices and look to outsource the management of these devices, secure remote management becomes a must.
Remote clientless ZTNA bridges the gap—making it safe to outsource management while preserving control, visibility, and security.
Read a more technical description of ZTNA