T-Mobile US expanded the security optionality of its managed secure access service edge (SASE) enterprise product, bringing on Palo Alto Networks in a move to further bolster the carrier’s presence in a rapidly expanding SASE market.

The new offering bridges T-Mobile US’ 5G network and Palo Alto Networks’ Prisma SASE 5G platform. Access to the service will be through T-Mobile US’ T-SIMsecure that uses the International Mobile Subscriber Identity (IMSI) and International Mobile Equipment Identity (IMEI) specifications for clientless authentication. This results in devices connecting to T-Mobile US’ network being automatically authorized through the SIM card, including nontraditional network devices like IoT devices and routers that are often difficult to manage and protect.

The combination is positioned as a network management and zero-trust network access (ZTNA) platform. It’s designed to support enterprise customers in securely connecting employees, systems, and endpoints to remote networks, corporate applications, and company resources.

Mishka Dehghan, SVP of strategy, product and solutions engineering at T-Mobile Business Group, in an email to questions noted that the Palo Alto Networks-backed offering is focused “primarily on enterprises, with plans to extend offerings to government agencies.”

Analyst firms have noted the advantage of using eSIM technology to help bolster a device’s security posture.

IoT Analytics explained that the “technology incorporates embedded secure elements, providing advanced security features compared to traditional SIM cards. The secure element acts as a hardware root of trust for asymmetric encryption, ensuring secure end-to-end communication.”

T-Mobile US has been bolstering its enterprise-focused device push. This includes network routers that support the carrier 5G network and its Connected Workplace service that launched last year.

The carrier has also been ramping network updates to support more advanced 5G services like network slicing. These have been positioned at services like sports broadcasting and its public safety focused T-Priority service.

SASE momentum surging

The Palo Alto Networks architecture is similar to T-Mobile US’ initial SASE work with Versa that launched in late 2023. Dehghan told SDxCentral at that time that the hardware-based approach was key for simplifying security for overworked enterprise IT teams.

“There's nothing new about SASE,” Dehghan said. “This is something that we had been working on, but we wanted to make sure we bring something that's differentiated. … The fact that IT administrators do not have to worry about the authentication and it's happening organically through the SIM, that's a differentiation point, which we know is resonating with customers.”

Dehghan at that time also noted that the carrier was interested in bringing other security partners into the program.

“Our new partnership with Palo Alto Networks enhances our SASE portfolio, complementing our existing Versa-based SASE offering,” Dehghan wrote on the now expanded offering. “This expansion will enable us to empower all segments with greater flexibility and choice.”

This expansion is targeted at a SASE market that Dell’Oro Group recently predicted will surge at a 12-percent compound annual growth rate (CAGR) over the next several years, hitting $17 billion in revenues by 2029.

It also provides a single-vendor SASE platform for T-Mobile US customers. Gartner last year predicted that 65% of new SD-WAN purchases by 2027 will be part of a single-vendor SASE offering, a significant rise from the 20% it expected in 2024. Gartner said the client interest in single-vendor SASE has more than doubled compared to the previous year and it estimates there are more than 10,000 organizations using a vendor’s primary single-vendor SASE offering.

“The market for well-architected single-vendor SASE offerings is dynamic and maturing, and SASE interest among our clients has been growing rapidly,” Gartner noted in its SASE Magic Quadrant report.

Gartner named Palo Alto Networks as one of the “leaders” in that space alongside Cato Networks and Netskope.

The T-Mobile US deal also continues an operator hot streak for Palo Alto Networks.

AT&T earlier this month tapped the vendor to power an add-on to its Dynamic Defense platform, which is the operator’s network-based cybersecurity service targeted at small- and mid-sized enterprises. Customers can select to have their data traffic fed from the AT&T platform via direct connect into Palo Alto Networks’ cloud.