(no title)

There’s two key parts:

1) we can filter and secure traffic _leaving_ the device, whether bound for the Internet or internal apps. This isn’t VPN like: this is part of our software gateway. When you click (tap!) on a phishing link, we can filter it and render it inert.

2) using the eSIM, which is associated with a specific employee, as an identity signal and device posture signal. This fits squarely into the Zero Trust model. ZT is about explicit identity, not the old days of implicit “I’m on the VPN and can move laterally!”.

(I work at CF)