A deployment model in which the manufacturer or operator chooses and controls the cellular connectivity used by a device rather than accepting a fixed default. It matters because the connectivity decision becomes part of the device’s governance model, including who can activate, switch, and revoke access over time.
Expanded Definition
Bring Your Own Connectivity is a governance and deployment model for connected devices, especially IoT and machine-to-machine deployments, where the organisation controls which cellular carrier, profile, or network path the device uses. Unlike a fixed default connection that is embedded by a single supplier arrangement, BYOC makes connectivity a managed decision that can be changed, revoked, or reassigned as device risk, geography, or commercial requirements change.
Definitions vary across vendors because some use the phrase to describe eSIM enablement, while others use it more broadly to include carrier independence, roaming control, and lifecycle ownership of connectivity credentials. For NHI Management Group, the security significance is that connectivity itself becomes part of the trust boundary. That means activation rights, profile switching, telemetry access, and decommissioning all need explicit policy, not just procurement approval. This aligns closely with the governance mindset reflected in NIST Cybersecurity Framework 2.0, even though BYOC is not a formal NIST term.
The most common misapplication is treating BYOC as a billing choice only, which occurs when teams ignore who can reassign connectivity or revoke a compromised profile.
Examples and Use Cases
Implementing BYOC rigorously often introduces operational complexity, requiring organisations to weigh flexibility in connectivity control against provisioning overhead, carrier coordination, and stronger lifecycle governance.
- A manufacturer ships medical devices with a carrier-agnostic profile so hospital IT can select the approved national provider after procurement.
- An industrial IoT operator uses regional connectivity profiles to support cross-border fleet deployment without replacing hardware.
- A logistics company rotates device connectivity when a carrier outage or coverage issue affects telemetry from refrigerated assets.
- A smart meter estate uses central policy to deactivate connectivity for retired units and prevent unauthorised reuse of the embedded profile.
- A device platform integrates BYOC with identity and access controls so only authorised administrators can activate or switch network profiles.
In practice, BYOC should be paired with clear ownership for profile issuance, audit logging, and revocation. Where eSIM or remote provisioning is involved, the lifecycle of the connectivity credential matters as much as the radio link itself. For a useful governance lens, NIST CSF emphasises asset visibility, access control, and recovery planning, all of which shape how connectivity changes are authorised and recorded. Industry usage is still evolving, so implementations should be documented carefully rather than assumed to follow one universal pattern.
Why It Matters for Security Teams
BYOC changes the security model because connectivity can no longer be treated as an invisible utility. If a device’s carrier relationship, network profile, or activation authority is not controlled, an attacker or negligent operator may exploit stale provisioning, weak offboarding, or unauthorised profile swaps to sustain access. That risk is especially important in environments that also depend on non-human identities, because device connectivity often underpins certificate delivery, telemetry, and remote command execution. If the connectivity layer is not governed, higher-layer IAM or PAM controls may never fully reach the asset.
Security teams should understand which roles can approve changes, how revocation is enforced, and what evidence shows that a device is connected through an approved profile. The relevant control question is not only “Is the device online?” but “Is the device online through the right identity, with the right authorisation, on the right network path?” For NHI-heavy estates, this becomes part of operational assurance, not just network engineering.
Organisations typically encounter the impact only after a lost, stolen, or reissued device still has usable connectivity, at which point BYOC becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0, NIST SP 800-63 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | GV.OC-01 | Defines organisational context and asset governance relevant to managed device connectivity. |
| NIST SP 800-63 | Digital identity assurance concepts support strong control over non-human device credentials. | |
| OWASP Non-Human Identity Top 10 | NHI-03 | Highlights lifecycle weaknesses in non-human identities that often include device connectivity secrets. |
| NIST Zero Trust (SP 800-207) | Zero trust requires explicit trust evaluation for every connected device path and session. |
Treat connectivity profiles and related secrets as managed NHI assets with rotation and revocation.