Some experts see the Internet of Things (IoT), or the Internet of Everything, as the next industrial revolution, in which a new category of devices will start communicating with each other with little or no human intervention. But how does data protection fit into the picture?

In the IoT, multiple sensors, tiny computer chips and communications devices will be integrated with physical objects such as appliances to enable communication between them and other computing devices such as cloud servers, computers, laptops and smartphones.

The IoT offers enterprises and businesses tangible benefits. For instance, through the IoT, information analysis will be available in real time. People and companies alike will be able to make more accurate decisions, reducing operational costs and increasing efficiency with real-time analysis. The IoT also offers more control and automation. Having sensors and smart devices will allow corporations to program the execution of automated and repetitive tasks by defining multiple scenarios with their corresponding responses.

Data Protection and the IoT

The estimated growth of this new trend in the market is expected to hit between 26 billion and 30 billion devices by 2020, with an estimated market worth of between $6 trillion and $9 trillion.

To put this in context, the following are some interesting implications (including ones concerning data protection) that relate to the explosion of these interconnected devices:

  • These devices will constantly generate huge amounts of data, so we will need faster networks, larger storage capabilities (likely in the cloud) and more bandwidth to support the growth in Internet traffic.
  • There is not yet an open ecosystem to host these devices to make them interoperable like there is on Microsoft Windows, Apple iOS and Google Android ecosystems.
  • Vendors are creating private networks for interoperability among their own products, but these are incompatible with others. This creates a major challenge for integration across multiple solutions.
  • The current Internet protocol (IPv4) cannot handle the growth in the number of interconnected devices on the Internet. This will trigger the need to switch to a more scalable protocol, such as IPv6.

Security and the IoT

With this in mind, you may be concerned about how to deal with security in the IoT. The following are several security challenges that will need to be faced as the IoT gains steam:

  • If we already have trouble today keeping our computers, smartphones and tablets updated with the latest version of code, won’t it be a nightmare trying to keep these millions of devices updated and free of security bugs?
  • With the amount of data these devices will generate, how do we navigate the sea of data to identify suspicious traffic over the network? What if we miss incidents because we are unable to identify them?
  • Proprietary and enclosed implementations such as those that vendors are creating today make it harder to find hidden or unknown zero-day attacks.
  • Even though IPv6 has been present for some time, this protocol has not yet been fully perfected. As with everything that is new, we have to handle new and unknown weaknesses. That being said, the way we apply security controls over IPv4 may not be useful or relevant for protecting IPv6.

Watch the on-demand webinar with Arxan and Forrester to learn more about securing the IoT


There is no simple answer to address these challenges and manage the security of these interconnected devices. However, the following are some actions we must take to overcome these adversities:

  • We must have a truly open ecosystem with standardized application programming interfaces that enables interoperability with a reliable and automatic patching system.
  • Devices must be hardened with the best practices in the market to protect against common security exploits.
  • Devices must be well-protected on the connected networks (intranet and Internet).

This technology is still in its infancy, and we will have to wait a while before it gets to a more mature state that is driven by the whole industry. What can we do in the meantime? Look into existing proprietary ecosystems and analyze which ones have the features that best fit your business needs. These include their scalability and the ability to isolate these small and elusive devices on a separate network (using virtual local area networks) protected by firewalls or at least with screening routers.

More from Intelligence & Analytics

The 13 Costliest Cyberattacks of 2022: Looking Back

2022 has shaped up to be a pricey year for victims of cyberattacks. Cyberattacks continue to target critical infrastructures such as health systems, small government agencies and educational institutions. Ransomware remains a popular attack method for large and small targets alike. While organizations may choose not to disclose the costs associated with a cyberattack, the loss of consumer trust will always be a risk after any significant attack. Let’s look at the 13 costliest cyberattacks of the past year and…

What Can We Learn From Recent Cyber History?

The Center for Strategic and International Studies compiled a list of significant cyber incidents dating back to 2003. Compiling attacks on government agencies, defense and high-tech companies or economic crimes with losses of more than a million dollars, this list reveals broader trends in cybersecurity for the past two decades. And, of course, there are the headline breaches and supply chain attacks to consider. Over recent years, what lessons can we learn from our recent history — and what projections…

When Logs Are Out, Enhanced Analytics Stay In

I was talking to an analyst firm the other day. They told me that a lot of organizations purchase a security information and event management (SIEM) solution and then “place it on the shelf.” “Why would they do that?” I asked. I spent the majority of my career in hardware — enterprise hardware, cloud hardware, and just recently made the jump to security software, hence my question. “Because SIEMs are hard to use. A SIEM purchase is just a checked…

4 Most Common Cyberattack Patterns from 2022

As 2022 comes to an end, cybersecurity teams globally are taking the opportunity to reflect on the past 12 months and draw whatever conclusions and insights they can about the threat landscape. It has been a challenging year for security teams. A major conflict in Europe, a persistently remote workforce and a series of large-scale cyberattacks have all but guaranteed that 2022 was far from uneventful. In this article, we’ll round up some of the most common cyberattack patterns we…