Top 5 IoT Security Challenges Enterprises Face Today

steve-hilton-thumb Steve Hilton November 2, 2015

IoT-2(Note: The following has been submitted as a guest post to CommScope Blogs by Steve Hilton, co-founder and president at MachNation. Opinions and comments provided in this guest post, as with all posts to CommScope Blogs, are that of the author and do not necessarily reflect the views of CommScope.)

Security is one of the hottest Internet of Things (IoT) topics discussed today among enterprises, vendors, carriers and system integrators – and for good reason. Vulnerabilities abound including weak passwords, sensitive information being shared over unencrypted networks and exposure to cross-site scripting attacks. MachNation, the only dedicated IoT research and application development firm, outlined the Top 5 enterprise IoT security concerns based on a survey and analysis of leading IoT security providers.

Concern #1. Intricacy of solutions

An enterprise-grade IoT solution typically uses technology from 5-7 different vendors. Getting such a complex solution deployed requires technical sophistication. An even bigger challenge is ensuring that this type of multi-vendor deployment is secure. Each component’s architecture must not only be rock-solid, but enterprises must apply a secure model holistically to the integrated solution.

Concern #2. Complexity of vulnerabilities

Vulnerabilities in an IoT solution include physical hardware attacks, man-in-the-middle attacks, integration weaknesses and cloud application infrastructure attacks. While existing IT security models serve as a good starting point to reduce common vulnerabilities, an enterprise must identify viable IoT-centric attack vectors while weighing the costs and benefits of added security.

Concern #3. Lack of deployment expertise

Most enterprises today – even tech-savvy firms – lack teams to handle complex IoT deployments. IoT security requires new skill sets that empower individuals to understand impacted business processes, operational support and IoT security across the technology stack. To be successful most enterprises need deployment expertise from specialty IoT services organizations or systems integrators.

Concern #4. Insufficiently trained end-users

Proper user training on new IoT systems and procedures brings awareness of an IoT solution’s capabilities and decreases the likelihood that user error will lead to exposure risk. Enterprises must give users only the amount of IoT credentials and training required for effective use of the IoT solution – too much training can be as risky as too little.

Concern #5. New and unknown threats

Today’s known IoT security architectures and threats are complex. However, many of the threats have simply not been identified yet. Keep in mind that enterprises expect IoT devices like smart meters, remote sensors and connected cars to last 5 to 20 years. Keeping a long-lived IoT device secure while detecting the ‘unknown unknowns’ of the future is no easy task indeed.

What are some of your security concerns related to IoT solutions and deployments?

MachNation has been working with its partners, vendors, public and private organizations and system integrators to publish data, opinions and recommendations on the IoT ecosystem. You can find more information on our partner portal.

About the Author


Steve Hilton

Steve Hilton is a co-founder and President at MachNation, the leading insight services and application development firm for the Internet of Things, Internet of Everything, connected things, analytics and M2M. His primary areas of expertise include competitive positioning, marketing media development, cloud services, small and medium businesses and sales channels. Steve serves on Cisco’s IoT World Forum Steering Committee where he is chairperson of the Service Provide working group. Steve has 22 years’ experience in technology and communications marketing. Prior to founding MachNation, he built and ran the IoT/M2M and Enterprise practice areas at Analysys Mason. He has also held senior positions at Yankee Group, Lucent Technologies, TDS (Telephone and Data Systems) and Cambridge Strategic Management Group. Steve is a frequent speaker at industry and client events, and publishes articles and blogs in several respected trade journals. He holds a degree in economics from the University of Chicago and a Master’s degree in marketing from Northwestern University’s Kellogg School of Management.