We talk a lot about zero trust in the cybersecurity world, but most conversations focus on protecting users and workloads. What about the billions of other connected devices surrounding us: the vending machines, EV chargers, mining equipment, traffic lights, and vehicles that quietly broadcast data across cellular networks every single day?

In a recent episode of Security Square, our security-focused series, I sat down with Nathan Howe, Global Vice President of Innovation at Zscaler, to explore the company’s ambitious expansion into what they call “zero trust everywhere.” This isn’t just marketing speak—it’s a fundamental rethinking of how we approach security in an increasingly connected world.

Watch the full interview here:

The Cellular Blind Spot

Here’s a staggering number: there are currently 4 billion IoT devices connected via cellular networks globally. That represents just 10% of the total IoT ecosystem, but it’s a massive attack surface that most enterprises have virtually no visibility into.

During our conversation, Nathan shared a fascinating example of exactly the kind of risk we’re talking about here. Zscaler deployed a vending machine in the company’s executive briefing center, a seemingly innocuous device for dispensing swag and supplies. Rather than connecting it to their Wi-Fi network, the team at Zscaler put it on Zscaler Cellular with a SIM card to see what would happen.

The results were eye-opening. The vending machine immediately began communicating with multiple nations, including some that aren’t exactly friendly to U.S. interests. Was it malicious? Not necessarily. But without visibility, how would anyone know?

This is the reality for most enterprises today. These devices exist on networks, communicating freely, and security teams have no idea what they’re doing or where they’re sending data.

From Private 5G Experiments to Global SIM Solution

Zscaler’s journey into cellular security wasn’t a straight line. Nathan, who describes himself as a security practitioner by trade with roots in the bulletin board days of dial-up hacking, spent years experimenting with different approaches. The team initially explored private 5G networks, drawn to the architectural similarities between 5G’s distributed design and Zscaler’s own cloud infrastructure.

But here’s where customer obsession changed everything. As Nathan put it, quoting Zscaler CEO Jay Chaudhry: “Technology without customers and sales is a waste of time.” The reality was that public 5G deployment was rolling out faster than private networks, and customers needed solutions they could implement immediately.

The answer? Zscaler developed a SIM-based solution that integrates seamlessly into public cellular networks on a global scale. Customers can either use their existing SIMs with intelligent traffic backhauling to Zscaler, or deploy Zscaler SIMs for global connectivity with built-in zero trust protection.

Zscaler as a Global Control Plane

What makes this approach powerful is how it positions Zscaler as a global traffic controller across mobile, fixed, and cloud infrastructure. With over half a trillion connections flowing through their distributed cloud daily, Zscaler sits at an incredibly valuable vantage point.

Every connection is contextualized — not just allowed or blocked, but understood within the broader context of identity, location, device health, application behavior, and more. This creates a continuous feedback loop where the platform learns, optimizes, and improves security posture in real time.

When Nathan connects from London or flies to the Bay Area, his policy follows him globally. If he downloads a malicious file, his context changes and the control plane responds accordingly. This same level of protection and visibility now extends to every cellular-connected device.

The AI Advantage

Here’s where things get really interesting. All of this traffic flowing through Zscaler generates enormous amounts of signal data. The platform can detect network performance issues, identify emerging threats, spot misconfigurations, and optimize routing — all in real time.

With the integration of agentic AI capabilities, this knowledge becomes actionable at scale. Rather than security teams manually clicking through UIs and APIs, they can set business policies and let AI agents execute them. The platform can catch risky policy changes (like overly permissive SSL decryption rules), identify optimization opportunities, and even understand AI prompts and responses flowing through the network.

Advice for Skeptical Leaders

Nathan’s advice for security leaders still on the fence about zero trust or full-spectrum visibility? Get informed but stay skeptical. Don’t adopt technology based on hype or vendor promises alone. Build a strategy based on your specific business needs, drawing insights from multiple sources — vendors, frameworks like NIST, competitors, and industry peers.

What works for a pharmaceutical company will differ from a telecommunications provider or consumer goods manufacturer. The technology building blocks may be similar, but how you assemble them must serve your unique business requirements.

The bottom line? Zero trust everywhere isn’t just about protecting users anymore. It’s about gaining visibility and control over every connected thing in your ecosystem—because in today’s world, everything is connected, everything is code, and everything needs protection.

 

This article was originally published on LinkedIn.

 

Read more of my coverage here:

Zscaler Unveils Cutting-Edge AI Innovations to Securely Enable Business Transformation

Where Design Meets Sustainability: Cisco’s Vision for the Future