Enterprises are at such significant risk from internal and external cyber threats that they can trust no one. This realisation often comes too late, costing enterprises big. With zero trust security practices, you prioritise access and restrictions to assure security by assuming there is no trustworthy user. This is especially important with IoT devices, which are often unprotected because they are more challenging to secure and easier to hack.

Last year, a 21-year-old Swiss hacker successfully seized control of 150,000 smart industrial cameras developed by Verkada in a massive embarrassment for the company. This lays bare the security vulnerabilities of IoT.

Zero trust

Zero trust assumes every person and network connection is a threat, and it is non-discriminatory by nature, protecting devices with authentication. It makes no difference if the device and application are already on the network – zero trust procedures authenticate and verify users to assure security.

This is not about focusing only on securing systems but assuring operational capability and monitoring usage to identify threats.

The danger of IoT adoption

The Internet of Things has exploded in the last decade, but the rapid deployment of IoT devices has many security experts spooked. Many enterprises have not thought about security measures in a rush to adopt IoT. Often, this is because of vendor assurances, but enterprises mustn’t take the word of the vendor or network operator as golden. The scale of IoT – and the ability for interception – presents a considerable threat. Hacking, data leaks, and cyberattacks are real possibilities.

Adopting zero trust

IoT hacks, data leaks, cyberattacks and other threats are primarily based on compromising networks and systems. Zero trust authenticates users, identifies odd behaviour, and shuts down risks early.

The trouble is that enterprises usually adopt off-the-shelf zero-trust technology and expect it to do the job with no underlying strategy. Although IoT presents several security challenges, it is a transformational technology you can benefit from, and you can instil trust with zero-trust.

You can’t solve the problem of IoT security with one solution – you have to incorporate it into your data security policy – and the first order of the day is determining what IoT devices are accessing the network—and why.

Feel free to contact us for advice on IoT security.