It's easy to feel overwhelmed by the scope and complexity of the fast-materializing IoT era. You can, however, begin to reduce that complexity, first by understanding the security implications that connected devices introduce and then by building a framework for securing your IoT ecosystem.
As your organization inevitably moves into the brave new world of the IoT, we'll leave you with four questions — based on our framework for securing IoT deployments — that every CEO should ask his or her team about securing the IoT.
Identify the types of risks — data and physical/operational — that every IoT deployment introduces. This will help you to apply security controls that are commensurate with each level of risk. Regardless of the device type, every connected device should meet baseline security requirements.
Whenever possible, isolate IoT data and networks from existing IT systems. This will help to reduce an attacker's ability to launch broader cyberattacks on mission-critical systems. And given the massive increase in connected devices and data volumes, consider adding automated processes to monitor data and identify threats.
Communicating often with your board of directors will help ensure that corporate leaders clearly understand the opportunities and risks of IoT deployments. It's also critical that every business unit understands the unique security considerations that IoT devices introduce.
It's important to evaluate the security capabilities and responsibilities of your business partners, customers, and IoT product and service providers. Establishing clear security protocols — and lines of accountability — is critical to minimizing weak-link scenarios.
The IoT era is just beginning, and many aspects of securing it remain a work in progress. Organizations in every industry are already reaping the benefits of IoT implementations. By approaching the IoT strategically, and with security at the core of every connected device, your organization can begin to capture new business value — while keeping potential risks in check.
To gain a better understanding of the current state of the Internet of Things in large businesses and the current thinking behind security issues related to IoT, AT&T commissioned a survey of business and IT decision-makers in October 2015. Respondents to the State of IoT Security survey had to be director-level or above at companies with at least 1,000 employees. The self-administered survey returned more than 500 responses globally, covering a mix of functional areas and roles within the organization.