IoT data travels through many invisible hands – from devices to SIM cards to APIs – before becoming actionable. Each link in the chain must be reliable and secure. Today, connectivity is not just about speed but about continuous and protected data flow that builds user trust.
Yet, it is easier than ever to lose control of data, given the complex mesh of technologies and protocols. Securing telematics means protecting devices and networks at every step from unauthorized access, breaches, and cyber threats, starting from the very first cellular connection – regardless of where the device operates, even at sea.
When Connectivity Meets the Ocean
IoT is a chain, and its strength depends on every link. When Maersk decided to modernize connectivity across its global fleet, it partnered with Onomondo to build the world’s largest private maritime LTE network, connecting over 450 ships. This upgrade replaced aging 2G systems with a unified, high-speed LTE backbone to ensure real-time visibility and secure, data-driven decisions on every voyage.
Operating out of Copenhagen, the company connects businesses in over 180 countries through a connectivity infrastructure that unites more than 600 operators. Their mission is to simplify and secure how devices connect and data travels across the globe. Platforms like ours then take over once data reaches its destination – decoding, structuring, and preparing it for analytics and decision-making.
But between the SIM and the server, the journey can get risky.
Beyond SIM Management – Security Comes First
You might joke, “Can anything really be broken in an IoT device? It has no moving parts.” The answer is a clear yes. From physical tampering to software vulnerabilities and data breaches, the range of threats is wide and growing. IoT devices are especially vulnerable because they often have limited resources.
For example, power depletion attacks are designed to deliberately trigger excessive energy consumption, quickly draining device batteries and rendering them inoperable. This vulnerability can cause a denial-of-service (DoS) condition, compromising the availability and reliability of critical IoT systems.
When discussing the Connectivity Management Platform (CMP), Onomondo’s capabilities go far beyond basic SIM management. Onomondo developed and operates its own core network, that powers the platform with deep insights down to the radio tower level. Most providers don’t allow for direct access to these insights – users need to go through support to troubleshoot connectivity, a process that usually takes days. When a SIM tries to authenticate with a tower, the provider delivers detailed information to customers, even if the authentication fails. And if a device attempts to send data that the client doesn’t receive at their endpoint, the platform still shows what’s happening on the network side. This network-level visibility is one of their true strengths, alongside its ability to fully manage connectivity both at the network layer and on the radio access technology layer.
Many other platforms exist, but Onomondo stands out with its focus on transparency, speed, and ease of access to diagnostic data. Additional value-added features include real-time data streaming to specific clouds, usage caps on individual SIM cards, live debugging and troubleshooting, and automated notifications. For instance, a micromobility company in Spain receives an automatic alert if one of its devices connects from Morocco – a signal that it’s likely been stolen, triggering an active investigation.
IoT Security in Action
As Jacob Jagger, Head of Information Security at Onomondo, notes, most companies underestimate how fragile this phase really is:
“There are vulnerabilities everywhere – from the SIM to the radio tower. Even if authentication fails, our CMP shows what happens at that level. It’s an eye-opener for customers because they can see how data behaves across the network, even before it reaches their systems.”
This visibility transforms troubleshooting and security monitoring. Jacob highlights three common but underestimated threat categories:
Criminal misuse of legitimate devices, where attackers use legitimate networks and hardware for fraud or botnets.
Device tampering, such as stealing and misusing physical SIMs – a risk mitigated by embedded or software SIMs locked to specific devices.
Man-in-the-middle attacks, where interception happens before data even reaches the tower.
He emphasizes a nuanced approach to encryption. Not all data carries the same risk, and over-encryption can overload devices, draining limited batteries or processing capacity. “Security measures must align with actual risk exposure,” he says.
How Regulations Reshaped Telematics
European regulatory updates are dramatically changing the IoT security landscape. The NIS 2.0 directive – which took full effect in 2024 – ranks alongside GDPR in influence, covering critical infrastructure and digital service providers, including telecom and telematics companies.
While NIS 2.0 strengthens collective cyber defense across EU member states, its nature as a directive leaves room for national differences. Denmark, for example, introduced separate NIS 2.0 laws for telecom, while Germany added explicit encryption requirements.
Meanwhile, the DORA regulation – specific to financial services – is fully harmonized and directly applicable across the EU as of January 2025. Both frameworks demand enhanced transparency, governance, and risk reporting, extending personal liability to executives. The result: IoT providers now see security not merely as a technical measure, but as a boardroom concern. For telematics powering logistics, automotive, and industrial IoT, this means designing data pipelines that are compliant, transparent, and verifiable end-to-end.
The European Union’s commitment to cybersecurity is crystal-clear. Under the NIS 2.0, fines can reach up to €10 million or 2% of global annual revenue, and senior management may face personal liability for compliance failures. Meanwhile, the DORA regulation imposes similarly heavy fines and oversight. Together, these frameworks “dictate” the cybersecurity landscape, reflecting the EU's determination to protect critical infrastructure amid rising threats.
Looking ahead to 2026, enforcement and scrutiny will intensify. These are not mere formalities but essential, life-driven demands for transparency, resilience, and governance. Businesses ignoring these mandates risk steep financial penalties and severe reputational damage. Proactive compliance is now a competitive advantage, shaping how companies embed security deeply within operations and risk management practices.
From SIM to Cloud: A Shared Responsibility
Together with Onomondo, here at flespi, we form a seamless and secure data pathway – each guarding a different segment. Onomondo ensures every data packet travels safely through cellular networks, while flespi efficiently parses, validates, and makes that data useful to stream further. This helps companies adopt the latest regulatory-aligned practices without integration hurdles.
We both share a philosophy of transparency, simplicity, and control over data flow. Developers manage global fleets of IoT devices, SIMs, and data streams via unified APIs – scaling securely without concerns about local roaming contracts or connectivity issues. When security, visibility, and compliance align, innovation accelerates with no risks. And telematics turns out from a technical burden into a foundation of ethical, shared trust – one link at a time.