Securing the Internet of Things: Challenges and a Four‑Step Approach

When discussing the Internet of Things (IoT), partners must prioritize security, according to David Carter, Technical Solutions Director at Encore Technology Group, a data‑center, networking, and security services provider based in Greenville, South Carolina.

Carter noted that protecting IoT reveals a “miracle of missing capabilities,” a point he made while speaking at the NexGen 2017 conference in Los Angeles.

His company follows a four‑step approach to IoT security: (1) protect the devices (including sensors) and the data they generate; (2) ensure controlled access to that data; (3) verify that the first two steps have been performed as promised; and (4) provide evidence of compliance.

During assessments, Carter’s team starts with the physical devices, then moves to the data, followed by the underlying infrastructure, and finally conducts verification.

The biggest challenge, he says, is controlling the myriad devices users bring into the office, especially as the number of IoT devices now exceeds the world’s population.

Enterprises often assume they know what data their devices create, but this is frequently incorrect; devices may include hidden RF transmitters or other components unknown to users.

Carter stresses the need for end‑to‑end encryption of data, both in transit and at rest, and for clear policies defining which systems may access which devices and data.

He also points out that many IoT systems operate without human interaction, making it essential to think carefully about data movement and to develop verifiable security controls.

Proving that IoT devices and their data are secure is the hardest part, as many stakeholders focus more on functionality than on security, yet product design and protection must be considered from the outset.

Dave Seibert, CIO of IT Innovators, adds that most managed‑service providers overlook IoT, underestimating the sheer number of connected devices and the limited tools available to maintain uptime and resilience.

He cites examples such as Wi‑Fi‑controlled lighting consuming IP addresses and inexpensive Raspberry Pi boards being placed on the same network as critical firewalls, illustrating how unmanaged IoT can jeopardize network stability.

Overall, Seibert concludes that the industry is not yet prepared for the IoT explosion, but the technology will not wait for enterprises to catch up.