6 ways of protecting your IoT operations

3. Implement data encryption

Sukamal Banerjee, EVP of engineering and R&D services at HCL Technologies, says that as threats are growing, companies need to implement security solutions as soon as possible. He says they should focus on areas of IoT security such as data encryption and privacy protection.

"Most wireless communications and protocols in IoT are open, and the limited resources for securing sensors and smaller devices with strong algorithms for data encryption and transmission leaves them prone to attack," he observed.

"As such, a carefully considered approach to IoT security will be required. According to a recent report, 70% of internet devices used unencrypted network services. Sensitive data should be encrypted before usage with secure cryptographic keys, rendering it useless to anyone who breaches the network.

"Data privacy is the elephant in the room when it comes to IoT. People are rightly concerned about their privacy being invaded by machines and devices collecting data on their actions and movements. It will be critical to ensure these concerns don't stifle innovation. One of the best approaches would be to de-identify any data that is captured to remove any unnecessary PII (personally identifiable information) linking it to individuals in order to safeguard their privacy."

4. Manage device access

At the same time, companies should also manage who has access to their IoT operations, because data can easily end up in the wrong hands. Banerjee says: "Since IoT devices and sensors are often programmed over the air, they are more susceptible to being remotely hacked. As such, organisations will need to have a robust identification mechanism built-in, using digital signatures to ensure that only authentic commands and code being received by IoT devices and sensors are authorised."

Hire a CIO

5. Hire a CIO

However big your firm is, the threats are going to be widespread, and IoT will always be a relatively complex area. Michael Segal, director of marketing at network performance firm NetScout, says companies should think about hiring a chief information officer (CIO) to manage all IT and data-oriented operations.

"IoT-led enterprises need to be aware that every system upgrade, new connection or new third-party application added to existing IT infrastructure increases service delivery complexity, infrastructure scale, and adds to corporate risk," Segal says.

"Combined, these changes could have serious implications to the successful running of the business. It's down to the CIO, therefore, to manage the transition, maintain a sense of order, and lay the foundations for the future. The CIO will deal with new pressures placed upon them and will find themselves pulled in all sorts of directions."

6. Give equal attention to all security areas

Stuart Reed, senior director at NTT Security, says businesses need to give IoT the same level of security attention as other areas. "From a security perspective, IoT must be managed in line with an organisation's overall security strategy," he says.

"A robust and scalable security architecture is required, combined with the correct processes and user education. Plus, policies around collecting, storing and accessing sensitive data will need to be carefully considered and integrated with an organisation's security processes and compliance standards.

"This will lead to the 'visibility of things' – i.e. the need for organisations to monitor the devices themselves and also the way they are being used, and by whom. While IoT can offer business value, the risks must be balanced against the benefits."

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan!